Total
2926 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6452 | 1 Axway | 2 Email Firewall, Secure Messenger | 2017-08-28 | 5.0 MEDIUM | N/A |
| Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote attackers to enumerate users via a series of requests. | |||||
| CVE-2012-4078 | 1 Cisco | 1 Unified Computing System | 2017-08-28 | 8.5 HIGH | N/A |
| The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly handle SSH escape sequences, which allows remote authenticated users to bypass an unspecified authentication step via SSH port forwarding, aka Bug ID CSCtg17656. | |||||
| CVE-2013-0191 | 1 Lucas Clemente Vella | 1 Libpam-pgsql | 2017-08-28 | 5.0 MEDIUM | N/A |
| libpam-pgsql (aka pam_pgsql) 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password. | |||||
| CVE-2012-3741 | 1 Apple | 1 Iphone Os | 2017-08-28 | 1.9 LOW | N/A |
| The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step via an app that performs purchase transactions. | |||||
| CVE-2012-3721 | 1 Apple | 1 Mac Os X | 2017-08-28 | 5.0 MEDIUM | N/A |
| Profile Manager in Apple Mac OS X before 10.7.5 does not properly perform authentication for the Device Management private interface, which allows attackers to enumerate managed devices via unspecified vectors. | |||||
| CVE-2012-5352 | 1 Josso | 1 Java Open Single Sign-on Project Home | 2017-08-28 | 5.8 MEDIUM | N/A |
| Java Open Single Sign-On Project Home (JOSSO) allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack." | |||||
| CVE-2012-5003 | 1 Nomachine | 1 Nx Web Companion | 2017-08-28 | 6.8 MEDIUM | N/A |
| nxapplet.jar in No Machine NX Web Companion 3.x and earlier does not properly verify the authenticity of updates, which allows user-assisted remote attackers to execute arbitrary code via a crafted (1) SiteUrl or (2) RedirectUrl parameter that points to a Trojan Horse client.zip update file. | |||||
| CVE-2012-5758 | 1 Ibm | 1 Websphere Datapower Xc10 Appliance | 2017-08-28 | 7.8 HIGH | N/A |
| The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 does not require authentication for an unspecified interface, which allows remote attackers to cause a denial of service (process exit) via unknown vectors. | |||||
| CVE-2012-4741 | 1 Packetfence | 1 Packetfence | 2017-08-28 | 5.0 MEDIUM | N/A |
| The RADIUS extension in PacketFence before 3.3.0 uses a different user name than is used for authentication for users with custom VLAN assignment extensions, which allows remote attackers to spoof user identities via the User-Name RADIUS attribute. | |||||
| CVE-2012-5858 | 1 Samsung | 1 Kies Air | 2017-08-28 | 4.3 MEDIUM | N/A |
| Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address for authentication, which allows remote man-in-the-middle attackers to read arbitrary phone contents by spoofing or controlling the IP address. | |||||
| CVE-2012-5886 | 1 Apache | 1 Tomcat | 2017-08-28 | 5.0 MEDIUM | N/A |
| The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID. | |||||
| CVE-2012-5887 | 1 Apache | 1 Tomcat | 2017-08-28 | 5.0 MEDIUM | N/A |
| The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests. | |||||
| CVE-2012-5940 | 1 Ibm | 1 Netezza | 2017-08-28 | 4.3 MEDIUM | N/A |
| The WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza, when SSL is not enabled, allows remote attackers to discover credentials by sniffing the network during the authentication process. | |||||
| CVE-2012-0702 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server Information Services Framework | 2017-08-28 | 4.0 MEDIUM | N/A |
| Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly determine authorization, which allows remote authenticated users to gain privileges via unspecified vectors. | |||||
| CVE-2012-3315 | 1 Ibm | 2 Tivoli Federated Identity Manager, Tivoli Federated Identity Manager Business Gateway | 2017-08-28 | 5.0 MEDIUM | N/A |
| The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE security constraints, and obtain sensitive information related to (1) federation metadata or (2) a web plugin configuration template, via a crafted request. | |||||
| CVE-2012-3467 | 1 Apache | 1 Qpid | 2017-08-28 | 5.0 MEDIUM | N/A |
| Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication. | |||||
| CVE-2012-2562 | 2 Google, Xelex | 2 Android, Mobiletrack | 2017-08-28 | 7.6 HIGH | N/A |
| The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a (1) LOCATE, (2) TRACK, (3) UPDATECFG, (4) UPDATEACCT, (5) STAT, (6) TERM, or (7) WIPE command via an SMS message. | |||||
| CVE-2012-2437 | 1 Awcm-cms | 1 Ar Web Content Manager | 2017-08-28 | 5.0 MEDIUM | N/A |
| cookie_gen.php in ar web content manager (AWCM) 2.2 does not require authentication, which allows remote attackers to generate arbitrary cookies via the name parameter in conjunction with the content parameter. | |||||
| CVE-2012-0944 | 2 Canonical, Sebastian Heinlein | 2 Ubuntu Linux, Aptdaemon | 2017-08-28 | 4.3 MEDIUM | N/A |
| Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via a man-in-the-middle attack. | |||||
| CVE-2012-2132 | 1 Gnome | 1 Libsoup | 2017-08-28 | 5.0 MEDIUM | N/A |
| libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection. | |||||