Filtered by CWE-287
Filtered by vendor Subscriptions
Total 3780 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2014-2904 1 Wolfssl 1 Wolfssl 2024-11-21 7.5 High
wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication.
CVE-2014-2828 2 Openstack, Redhat 2 Keystone, Openstack 2024-11-21 N/A
The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining."
CVE-2014-2685 1 Zend 2 Zend Framework, Zendopenid 2024-11-21 N/A
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
CVE-2014-2665 1 Mediawiki 1 Mediawiki 2024-11-21 N/A
includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a "login CSRF" issue.
CVE-2014-2653 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2024-11-21 N/A
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.
CVE-2014-2651 1 Atos 28 Openscape Desk Phone Ip 35g, Openscape Desk Phone Ip 35g Eco, Openscape Desk Phone Ip 35g Eco Firmware and 25 more 2024-11-21 9.8 Critical
Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface
CVE-2014-2614 1 Hp 1 Sitescope 2024-11-21 N/A
Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2x through 11.24 allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-2140.
CVE-2014-2609 1 Hp 1 Executive Scorecard 2024-11-21 N/A
The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka ZDI-CAN-2116.
CVE-2014-2373 1 Accuenergy 2 Acuvim Ii, Axm-net 2024-11-21 N/A
The web server on the AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to bypass authentication and modify settings via a direct request to an unspecified URL.
CVE-2014-2341 1 Cubecart 1 Cubecart 2024-11-21 N/A
Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
CVE-2014-2338 1 Strongswan 1 Strongswan 2024-11-21 N/A
IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established.
CVE-2014-2181 1 Cisco 1 Adaptive Security Appliance Software 2024-11-21 N/A
Cisco Adaptive Security Appliance (ASA) Software allows remote authenticated users to read files by sending a crafted URL to the HTTP server, as demonstrated by reading the running configuration, aka Bug ID CSCun78551.
CVE-2014-2128 1 Cisco 1 Adaptive Security Appliance Software 2024-11-21 N/A
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47, 8.3 before 8.3(2.40), 8.4 before 8.4(7.3), 8.6 before 8.6(1.13), 9.0 before 9.0(3.8), and 9.1 before 9.1(3.2) allows remote attackers to bypass authentication via (1) a crafted cookie value within modified HTTP POST data or (2) a crafted URL, aka Bug ID CSCua85555.
CVE-2014-2075 1 Tibco 2 Enterprise Administrator, Enterprise Administrator Sdk 2024-11-21 N/A
TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2014-2066 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-11-21 N/A
Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies.
CVE-2014-2062 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-11-21 N/A
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.
CVE-2014-2005 1 Sophos 1 Enterprise Console 2024-11-21 6.8 Medium
Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen.
CVE-2014-1984 1 Cybozu 1 Remote Service Manager 2024-11-21 N/A
Session fixation vulnerability in the management screen in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2014-1982 1 Alliedtelesis 8 At-rg634a, At-rg634a Firmware, Img616lh and 5 more 2024-11-21 N/A
The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html.
CVE-2014-1911 1 Foscam 2 Fi8919w, Fi8919w Firmware 2024-11-21 N/A
The Foscam FI8910W camera with firmware before 11.37.2.55 allows remote attackers to obtain sensitive video and image data via a blank username and password.