Total
2926 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3268 | 1 Novell | 1 Imanager | 2017-08-28 | 10.0 HIGH | N/A |
| Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors. | |||||
| CVE-2013-4304 | 2 Brion Vibber, Mediawiki | 2 Centralauth Extension, Mediawiki | 2017-08-28 | 7.5 HIGH | N/A |
| The CentralAuth extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 caches a valid CentralAuthUser object in the centralauth_User cookie even when a user has not successfully logged in, which allows remote attackers to bypass authentication without a password. | |||||
| CVE-2013-2059 | 1 Openstack | 1 Keystone | 2017-08-28 | 6.0 MEDIUM | N/A |
| OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token. | |||||
| CVE-2013-2756 | 2 Apache, Citrix | 2 Cloudstack, Cloudplatform | 2017-08-28 | 5.0 MEDIUM | N/A |
| Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code. | |||||
| CVE-2013-5497 | 1 Cisco | 1 Intrusion Prevention System | 2017-08-28 | 4.3 MEDIUM | N/A |
| The authentication manager process in the web framework in Cisco Intrusion Prevention System (IPS) does not properly handle user tokens, which allows remote attackers to cause a denial of service (intermittent MainApp hang) via a crafted management-interface connection request, aka Bug ID CSCuf20148. | |||||
| CVE-2013-4061 | 1 Ibm | 1 Rational Policy Tester | 2017-08-28 | 4.0 MEDIUM | N/A |
| IBM Rational Policy Tester 8.5 before 8.5.0.5 does not properly check authorization for changes to the set of authentication hosts, which allows remote authenticated users to perform spoofing attacks involving an HTTP redirect via unspecified vectors. | |||||
| CVE-2013-3046 | 1 Ibm | 1 Sametime | 2017-08-28 | 4.3 MEDIUM | N/A |
| The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests. | |||||
| CVE-2013-4001 | 1 Ibm | 1 Cognos Command Center | 2017-08-28 | 4.3 MEDIUM | N/A |
| Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie. | |||||
| CVE-2013-2954 | 1 Ibm | 1 Infosphere Optim Data Growth For Oracle E-business Suite | 2017-08-28 | 5.0 MEDIUM | N/A |
| The login page in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not limit the number of incorrect authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2013-3430 | 1 Cisco | 1 Video Surveillance Manager | 2017-08-28 | 9.0 HIGH | N/A |
| Cisco Video Surveillance Manager (VSM) before 7.0.0 allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37288. | |||||
| CVE-2013-2993 | 1 Ibm | 1 Websphere Commerce | 2017-08-28 | 5.8 MEDIUM | N/A |
| IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors. | |||||
| CVE-2013-3039 | 1 Ibm | 1 Rational Requirements Composer | 2017-08-28 | 5.4 MEDIUM | N/A |
| IBM Rational Requirements Composer before 4.0.4 does not properly perform authentication, which has unspecified impact and remote attack vectors. | |||||
| CVE-2013-3977 | 1 Ibm | 1 Sametime | 2017-08-28 | 4.3 MEDIUM | N/A |
| The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names. | |||||
| CVE-2013-3659 | 1 Nttdocomo | 1 Overseas Usage | 2017-08-28 | 3.3 LOW | N/A |
| The NTT DOCOMO overseas usage application 2.0.0 through 2.0.4 for Android does not properly connect to Wi-Fi access points, which allows remote attackers to obtain sensitive information by leveraging presence in an 802.11 network's coverage area. | |||||
| CVE-2013-3431 | 1 Cisco | 1 Video Surveillance Manager | 2017-08-28 | 7.8 HIGH | N/A |
| Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv40169. | |||||
| CVE-2013-5426 | 1 Ibm | 2 Infosphere Master Data Management Collaboration Server, Infosphere Master Data Management Server For Product Information Management | 2017-08-28 | 4.9 MEDIUM | N/A |
| Session fixation vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 IF5 and 11.0 before IF1 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1 IF11 allows remote authenticated users to hijack web sessions via unspecified vectors. | |||||
| CVE-2013-5429 | 1 Ibm | 1 Tivoli Federated Identity Manager | 2017-08-28 | 2.1 LOW | N/A |
| The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent reuse of One Time Password (OTP) tokens, which makes it easier for remote authenticated users to complete transactions by leveraging access to an already-used token. | |||||
| CVE-2012-5952 | 1 Ibm | 1 Websphere Message Broker | 2017-08-28 | 5.0 MEDIUM | N/A |
| IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2 does not validate Basic Authentication credentials before proceeding to WS-Addressing and WS-Security operations, which allows remote attackers to trigger transmission of unauthenticated messages via unspecified vectors. | |||||
| CVE-2012-4595 | 1 Mcafee | 2 Email And Web Security, Email Gateway | 2017-08-28 | 7.5 HIGH | N/A |
| McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to bypass authentication and obtain an admin session ID via unspecified vectors. | |||||
| CVE-2012-4545 | 1 Elinks | 1 Elinks | 2017-08-28 | 5.1 MEDIUM | N/A |
| The http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials. | |||||