Filtered by vendor
Subscriptions
Total
3784 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-3053 | 1 Ibm | 5 Security Access Manager For Mobile Appliance, Security Access Manager For Mobile Software, Security Access Manager For Web 8.0 Firmware and 2 more | 2024-11-21 | N/A |
The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials. | ||||
CVE-2014-2955 | 1 Raritan | 2 Dpxr20a-16, Px | 2024-11-21 | N/A |
Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. | ||||
CVE-2014-2938 | 1 Hanon | 5 Faceid, Faceid F710 Firmware, Faceid F810 Firmware and 2 more | 2024-11-21 | N/A |
Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands. | ||||
CVE-2014-2927 | 1 F5 | 19 Arx, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 16 more | 2024-11-21 | N/A |
The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote attackers to read or write to arbitrary files via a cmi request to the ConfigSync IP address. | ||||
CVE-2014-2904 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 7.5 High |
wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication. | ||||
CVE-2014-2828 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2024-11-21 | N/A |
The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining." | ||||
CVE-2014-2685 | 1 Zend | 2 Zend Framework, Zendopenid | 2024-11-21 | N/A |
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | ||||
CVE-2014-2665 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A |
includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a "login CSRF" issue. | ||||
CVE-2014-2653 | 2 Openbsd, Redhat | 2 Openssh, Enterprise Linux | 2024-11-21 | N/A |
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. | ||||
CVE-2014-2651 | 1 Atos | 28 Openscape Desk Phone Ip 35g, Openscape Desk Phone Ip 35g Eco, Openscape Desk Phone Ip 35g Eco Firmware and 25 more | 2024-11-21 | 9.8 Critical |
Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface | ||||
CVE-2014-2614 | 1 Hp | 1 Sitescope | 2024-11-21 | N/A |
Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2x through 11.24 allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-2140. | ||||
CVE-2014-2609 | 1 Hp | 1 Executive Scorecard | 2024-11-21 | N/A |
The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka ZDI-CAN-2116. | ||||
CVE-2014-2373 | 1 Accuenergy | 2 Acuvim Ii, Axm-net | 2024-11-21 | N/A |
The web server on the AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to bypass authentication and modify settings via a direct request to an unspecified URL. | ||||
CVE-2014-2341 | 1 Cubecart | 1 Cubecart | 2024-11-21 | N/A |
Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter. | ||||
CVE-2014-2338 | 1 Strongswan | 1 Strongswan | 2024-11-21 | N/A |
IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established. | ||||
CVE-2014-2181 | 1 Cisco | 1 Adaptive Security Appliance Software | 2024-11-21 | N/A |
Cisco Adaptive Security Appliance (ASA) Software allows remote authenticated users to read files by sending a crafted URL to the HTTP server, as demonstrated by reading the running configuration, aka Bug ID CSCun78551. | ||||
CVE-2014-2128 | 1 Cisco | 1 Adaptive Security Appliance Software | 2024-11-21 | N/A |
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47, 8.3 before 8.3(2.40), 8.4 before 8.4(7.3), 8.6 before 8.6(1.13), 9.0 before 9.0(3.8), and 9.1 before 9.1(3.2) allows remote attackers to bypass authentication via (1) a crafted cookie value within modified HTTP POST data or (2) a crafted URL, aka Bug ID CSCua85555. | ||||
CVE-2014-2075 | 1 Tibco | 2 Enterprise Administrator, Enterprise Administrator Sdk | 2024-11-21 | N/A |
TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary commands via unspecified vectors. | ||||
CVE-2014-2066 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | N/A |
Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies. | ||||
CVE-2014-2062 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | N/A |
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token. |