Filtered by vendor
Subscriptions
Total
3780 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-2904 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 7.5 High |
wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication. | ||||
CVE-2014-2828 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2024-11-21 | N/A |
The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining." | ||||
CVE-2014-2685 | 1 Zend | 2 Zend Framework, Zendopenid | 2024-11-21 | N/A |
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | ||||
CVE-2014-2665 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A |
includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a "login CSRF" issue. | ||||
CVE-2014-2653 | 2 Openbsd, Redhat | 2 Openssh, Enterprise Linux | 2024-11-21 | N/A |
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. | ||||
CVE-2014-2651 | 1 Atos | 28 Openscape Desk Phone Ip 35g, Openscape Desk Phone Ip 35g Eco, Openscape Desk Phone Ip 35g Eco Firmware and 25 more | 2024-11-21 | 9.8 Critical |
Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface | ||||
CVE-2014-2614 | 1 Hp | 1 Sitescope | 2024-11-21 | N/A |
Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2x through 11.24 allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-2140. | ||||
CVE-2014-2609 | 1 Hp | 1 Executive Scorecard | 2024-11-21 | N/A |
The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka ZDI-CAN-2116. | ||||
CVE-2014-2373 | 1 Accuenergy | 2 Acuvim Ii, Axm-net | 2024-11-21 | N/A |
The web server on the AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to bypass authentication and modify settings via a direct request to an unspecified URL. | ||||
CVE-2014-2341 | 1 Cubecart | 1 Cubecart | 2024-11-21 | N/A |
Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter. | ||||
CVE-2014-2338 | 1 Strongswan | 1 Strongswan | 2024-11-21 | N/A |
IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established. | ||||
CVE-2014-2181 | 1 Cisco | 1 Adaptive Security Appliance Software | 2024-11-21 | N/A |
Cisco Adaptive Security Appliance (ASA) Software allows remote authenticated users to read files by sending a crafted URL to the HTTP server, as demonstrated by reading the running configuration, aka Bug ID CSCun78551. | ||||
CVE-2014-2128 | 1 Cisco | 1 Adaptive Security Appliance Software | 2024-11-21 | N/A |
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47, 8.3 before 8.3(2.40), 8.4 before 8.4(7.3), 8.6 before 8.6(1.13), 9.0 before 9.0(3.8), and 9.1 before 9.1(3.2) allows remote attackers to bypass authentication via (1) a crafted cookie value within modified HTTP POST data or (2) a crafted URL, aka Bug ID CSCua85555. | ||||
CVE-2014-2075 | 1 Tibco | 2 Enterprise Administrator, Enterprise Administrator Sdk | 2024-11-21 | N/A |
TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary commands via unspecified vectors. | ||||
CVE-2014-2066 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | N/A |
Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies. | ||||
CVE-2014-2062 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | N/A |
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token. | ||||
CVE-2014-2005 | 1 Sophos | 1 Enterprise Console | 2024-11-21 | 6.8 Medium |
Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen. | ||||
CVE-2014-1984 | 1 Cybozu | 1 Remote Service Manager | 2024-11-21 | N/A |
Session fixation vulnerability in the management screen in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to hijack web sessions via unspecified vectors. | ||||
CVE-2014-1982 | 1 Alliedtelesis | 8 At-rg634a, At-rg634a Firmware, Img616lh and 5 more | 2024-11-21 | N/A |
The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html. | ||||
CVE-2014-1911 | 1 Foscam | 2 Fi8919w, Fi8919w Firmware | 2024-11-21 | N/A |
The Foscam FI8910W camera with firmware before 11.37.2.55 allows remote attackers to obtain sensitive video and image data via a blank username and password. |