Total
4108 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-4725 | 1 Mailpoet | 1 Mailpoet Newsletters | 2025-04-12 | N/A |
| The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/. | ||||
| CVE-2014-4631 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2025-04-12 | N/A |
| RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication. | ||||
| CVE-2014-4444 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login. | ||||
| CVE-2014-4435 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access via a brute-force attack involving a series of reboots. | ||||
| CVE-2014-4668 | 3 Cherokee-project, Fedoraproject, Mageia Project | 3 Cherokee, Fedora, Mageia | 2025-04-12 | N/A |
| The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password. | ||||
| CVE-2014-4425 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation. | ||||
| CVE-2014-4325 | 1 Little Kernel Project | 1 Little Kernel Bootloader | 2025-04-12 | N/A |
| The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to bypass intended device-lock and kernel-signature restrictions by using fastboot mode in a boot command for an arbitrary kernel image. | ||||
| CVE-2014-4168 | 1 Kryo | 1 Iodine | 2025-04-12 | N/A |
| (1) iodined.c and (2) user.c in iodine before 0.7.0 allows remote attackers to bypass authentication by continuing execution after an error has been triggering. | ||||
| CVE-2014-3944 | 1 Typo3 | 1 Typo3 | 2025-04-12 | N/A |
| The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors. | ||||
| CVE-2016-2076 | 1 Vmware | 3 Vcenter Server, Vcloud Automation Identity Appliance, Vcloud Director | 2025-04-12 | N/A |
| Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site. | ||||
| CVE-2014-3781 | 1 Dotclear | 1 Dotclear | 2025-04-12 | N/A |
| The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request. | ||||
| CVE-2014-3780 | 1 Citrix | 1 Vdi-in-a-box | 2025-04-12 | N/A |
| Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet. | ||||
| CVE-2014-3552 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction. | ||||
| CVE-2013-2193 | 1 Apache | 1 Hbase | 2025-04-12 | N/A |
| Apache HBase 0.92.x before 0.92.3 and 0.94.x before 0.94.9, when the Kerberos features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via unspecified vectors. | ||||
| CVE-2014-3393 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | N/A |
| The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), and 9.2 before 9.2(2.4) does not properly implement authentication, which allows remote attackers to modify RAMFS customization objects via unspecified vectors, as demonstrated by inserting XSS sequences or capturing credentials, aka Bug ID CSCup36829. | ||||
| CVE-2014-3295 | 1 Cisco | 1 Nx-os | 2025-04-12 | N/A |
| The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remote attackers to bypass authentication and cause a denial of service (group-member state modification and traffic blackholing) via malformed HSRP packets, aka Bug ID CSCup11309. | ||||
| CVE-2014-3139 | 1 Unitrends | 1 Enterprise Backup | 2025-04-12 | N/A |
| recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string. | ||||
| CVE-2014-3106 | 1 Ibm | 1 Rational Clearcase | 2025-04-12 | N/A |
| IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature. | ||||
| CVE-2014-2066 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
| Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies. | ||||
| CVE-2014-3101 | 1 Ibm | 1 Rational Clearcase | 2025-04-12 | N/A |
| The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack. | ||||