Total
2926 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4435 | 1 Apple | 1 Mac Os X | 2017-08-28 | 4.4 MEDIUM | N/A |
| The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access via a brute-force attack involving a series of reboots. | |||||
| CVE-2014-4619 | 1 Emc | 1 Rsa Identity Management And Governance | 2017-08-28 | 9.3 HIGH | N/A |
| EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P11, 6.5.2 before P02HF01, and 6.8.x before 6.8.1 P07, when Novell Identity Manager (aka NovellIM) is used, allows remote attackers to bypass authentication via an arbitrary valid username. | |||||
| CVE-2014-4444 | 1 Apple | 1 Mac Os X | 2017-08-28 | 4.4 MEDIUM | N/A |
| SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login. | |||||
| CVE-2014-4425 | 1 Apple | 1 Mac Os X | 2017-08-28 | 4.6 MEDIUM | N/A |
| CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation. | |||||
| CVE-2014-4831 | 1 Ibm | 2 Qradar Risk Manager, Qradar Vulnerability Manager | 2017-08-28 | 5.8 MEDIUM | N/A |
| IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessions via unspecified vectors. | |||||
| CVE-2014-5175 | 1 Sap | 1 Solution Manager | 2017-08-28 | 7.5 HIGH | N/A |
| The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS. | |||||
| CVE-2014-0674 | 1 Cisco | 1 Video Surveillance Operations Manager | 2017-08-28 | 6.8 MEDIUM | N/A |
| Cisco Video Surveillance Operations Manager (VSOM) does not require authentication for MySQL database connections, which allows remote attackers to obtain sensitive information, modify data, or cause a denial of service by leveraging network connectivity from a client system with a crafted host name, aka Bug ID CSCud10992. | |||||
| CVE-2013-7322 | 1 Nongnu | 1 Oath Toolkit | 2017-08-28 | 4.9 MEDIUM | N/A |
| usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to conduct replay attacks, as demonstrated by a commented out line when using libpam-oath. | |||||
| CVE-2014-3106 | 1 Ibm | 1 Rational Clearcase | 2017-08-28 | 5.0 MEDIUM | N/A |
| IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature. | |||||
| CVE-2014-3101 | 1 Ibm | 1 Rational Clearcase | 2017-08-28 | 5.0 MEDIUM | N/A |
| The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2014-3312 | 1 Cisco | 16 Spa901 1-line Ip Phone, Spa922 1-line Ip Phone With 1-port Ethernet, Spa941 4-line Ip Phone With 1-port Ethernet and 13 more | 2017-08-28 | 6.9 MEDIUM | N/A |
| The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435. | |||||
| CVE-2013-6979 | 1 Cisco | 1 Ios Xe | 2017-08-28 | 5.4 MEDIUM | N/A |
| The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source IP address, aka Bug ID CSCuj90227. | |||||
| CVE-2014-2341 | 1 Cubecart | 1 Cubecart | 2017-08-28 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter. | |||||
| CVE-2014-3053 | 1 Ibm | 5 Security Access Manager For Mobile Appliance, Security Access Manager For Mobile Software, Security Access Manager For Web 8.0 Firmware and 2 more | 2017-08-28 | 8.0 HIGH | N/A |
| The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials. | |||||
| CVE-2013-5413 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2017-08-28 | 4.3 MEDIUM | N/A |
| IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not invalidate a session upon a logout action, which allows remote attackers to bypass authentication by leveraging an unattended workstation. | |||||
| CVE-2013-5009 | 1 Symantec | 1 Endpoint Protection | 2017-08-28 | 7.4 HIGH | N/A |
| The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly perform authentication, which allows remote authenticated users to gain privileges by leveraging access to a limited-admin account. | |||||
| CVE-2013-0487 | 1 Ibm | 1 Lotus Domino | 2017-08-28 | 8.5 HIGH | N/A |
| The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN. | |||||
| CVE-2013-4784 | 1 Hp | 1 Integrated Lights-out Bmc | 2017-08-28 | 10.0 HIGH | N/A |
| The HP Integrated Lights-Out (iLO) BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. | |||||
| CVE-2013-0540 | 1 Ibm | 1 Websphere Application Server | 2017-08-28 | 3.5 LOW | N/A |
| IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session. | |||||
| CVE-2013-0578 | 1 Ibm | 2 Sterling Multi-channel Fulfillment Solution, Sterling Selling And Fulfillment Foundation | 2017-08-28 | 3.5 LOW | N/A |
| The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfillment Solution 8.0 before HF128 and IBM Sterling Selling and Fulfillment Foundation 8.5 before HF93, 9.0 before HF73, 9.1.0 before FP45, and 9.2.0 before FP17, when the API tester is enabled, do not require administrative credentials, which allows remote authenticated users to obtain sensitive database information via a request to the API tester URI. | |||||