Total
3924 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-4966 | 1 Puppet | 1 Puppet Enterprise | 2025-04-12 | N/A |
The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the master by spoofing a console. | ||||
CVE-2014-8763 | 2 Dokuwiki, Mageia Project | 2 Dokuwiki, Mageia | 2025-04-12 | N/A |
DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind. | ||||
CVE-2014-3277 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | N/A |
The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive user and group information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum77005. | ||||
CVE-2014-2828 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2025-04-12 | N/A |
The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining." | ||||
CVE-2014-9043 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind. | ||||
CVE-2014-2609 | 1 Hp | 1 Executive Scorecard | 2025-04-12 | N/A |
The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka ZDI-CAN-2116. | ||||
CVE-2014-3053 | 1 Ibm | 5 Security Access Manager For Mobile Appliance, Security Access Manager For Mobile Software, Security Access Manager For Web 8.0 Firmware and 2 more | 2025-04-12 | N/A |
The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials. | ||||
CVE-2013-2193 | 1 Apache | 1 Hbase | 2025-04-12 | N/A |
Apache HBase 0.92.x before 0.92.3 and 0.94.x before 0.94.9, when the Kerberos features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via unspecified vectors. | ||||
CVE-2014-2665 | 1 Mediawiki | 1 Mediawiki | 2025-04-12 | N/A |
includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a "login CSRF" issue. | ||||
CVE-2014-1984 | 1 Cybozu | 1 Remote Service Manager | 2025-04-12 | N/A |
Session fixation vulnerability in the management screen in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to hijack web sessions via unspecified vectors. | ||||
CVE-2014-2075 | 1 Tibco | 2 Enterprise Administrator, Enterprise Administrator Sdk | 2025-04-12 | N/A |
TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary commands via unspecified vectors. | ||||
CVE-2016-5133 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream. | ||||
CVE-2014-8522 | 1 Mcafee | 1 Network Data Loss Prevention | 2025-04-12 | N/A |
The MySQL database in McAfee Network Data Loss Prevention (NDLP) before 9.3 does not require a password, which makes it easier for remote attackers to obtain access. | ||||
CVE-2013-6806 | 1 Opentext | 1 Exceed Ondemand | 2025-04-12 | N/A |
OpenText Exceed OnDemand (EoD) 8 allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via a crafted string in a response, which triggers a downgrade to simple authentication that sends credentials in plaintext. | ||||
CVE-2014-0743 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468. | ||||
CVE-2015-3148 | 8 Apple, Canonical, Debian and 5 more | 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more | 2025-04-12 | N/A |
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. | ||||
CVE-2014-4619 | 1 Emc | 1 Rsa Identity Management And Governance | 2025-04-12 | N/A |
EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P11, 6.5.2 before P02HF01, and 6.8.x before 6.8.1 P07, when Novell Identity Manager (aka NovellIM) is used, allows remote attackers to bypass authentication via an arbitrary valid username. | ||||
CVE-2014-0348 | 1 Ontariosystems | 4 Artiva Architect, Artiva Healthcare, Artiva Rm and 1 more | 2025-04-12 | N/A |
The Artiva Agency Single Sign-On (SSO) implementation in Artiva Workstation 1.3.x before 1.3.9, Artiva Rm 3.1 MR7, Artiva Healthcare 5.2 MR5, and Artiva Architect 3.2 MR5, when the domain-name option is enabled, allows remote attackers to login to arbitrary domain accounts by using the corresponding username on a Windows client machine. | ||||
CVE-2014-9045 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
The FTP backend in user_external in ownCloud Server before 5.0.18 and 6.x before 6.0.6 allows remote attackers to bypass intended authentication requirements via a crafted password. | ||||
CVE-2013-7379 | 1 Ucdok | 1 Tomato | 2025-04-12 | N/A |
The admin API in the tomato module before 0.0.6 for Node.js does not properly check the access key when it is set to a string, which allows remote attackers to bypass authentication via a string in the access-key header that partially matches config.master.api.access_key. |