Total
2926 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3417 | 1 Cisco | 1 Video Surveillance Operations Manager | 2013-10-10 | 5.0 MEDIUM | N/A |
| The administrative web interface in Cisco Video Surveillance Operations Manager does not properly perform authentication, which allows remote attackers to watch video feeds via a crafted URL, aka Bug ID CSCtg72262. | |||||
| CVE-2013-3610 | 1 Asus | 2 Rt-n10e, Rt-n10e Firmware | 2013-10-07 | 6.1 MEDIUM | N/A |
| qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before 2.0.0.25 does not require authentication, which allows remote attackers to discover the administrator password via a direct request. | |||||
| CVE-2013-5163 | 1 Apple | 1 Mac Os X | 2013-10-07 | 6.6 MEDIUM | N/A |
| Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors. | |||||
| CVE-2013-4783 | 1 Dell | 1 Idrac6 Bmc | 2013-09-26 | 10.0 HIGH | N/A |
| The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before 3.42, and iDRAC7 with firmware before 1.23.23, allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. NOTE: the vendor disputes the significance of this issue, stating "DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet." | |||||
| CVE-2013-3473 | 1 Cisco | 1 Prime Central For Hosted Collaboration Solution Assurance | 2013-09-23 | 7.8 HIGH | N/A |
| The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance before 9.1.1 does not properly determine the existence of an authenticated session, which allows remote attackers to discover usernames and passwords via an HTTP request, aka Bug ID CSCud32600. | |||||
| CVE-2013-3613 | 1 Dahuasecurity | 65 Dvr0404hd-a, Dvr0404hd-l, Dvr0404hd-s and 62 more | 2013-09-17 | 7.8 HIGH | N/A |
| Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port. | |||||
| CVE-2013-3586 | 1 Samsung | 2 Dvr, Smart Viewer | 2013-08-29 | 7.6 HIGH | N/A |
| Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie. | |||||
| CVE-2013-4875 | 1 Verizon | 1 Wireless Network Extender | 2013-08-21 | 6.2 MEDIUM | N/A |
| The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 allows physically proximate attackers to bypass the intended boot process and obtain a login prompt by connecting a crafted HDMI cable and sending a SysReq interrupt. | |||||
| CVE-2013-4874 | 1 Verizon | 1 Wireless Network Extender | 2013-08-21 | 6.2 MEDIUM | N/A |
| The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable. | |||||
| CVE-2013-4877 | 1 Verizon | 1 Wireless Network Extender | 2013-08-21 | 2.6 LOW | N/A |
| The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets. | |||||
| CVE-2012-4614 | 1 Emc | 1 It Operations Intelligence | 2013-08-16 | 9.3 HIGH | N/A |
| The default configuration of EMC Smarts Network Configuration Manager (NCM) before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact via a network session. | |||||
| CVE-2009-4584 | 1 Dbmasters | 1 Db Masters Multimedia Links Directory | 2013-08-08 | 7.5 HIGH | N/A |
| admin.php in dB Masters Multimedia Links Directory 3.1.3 allows remote attackers to bypass authentication and gain administrative access via a certain value of the admin_log cookie. | |||||
| CVE-2013-4731 | 1 Choice-wireless | 1 Wixfmr-111 | 2013-07-16 | 9.3 HIGH | N/A |
| ajax.cgi in the web interface on the Choice Wireless Green Packet WIXFMR-111 4G WiMax modem allows remote attackers to execute arbitrary commands via shell metacharacters in the pip parameter in an Ajax tag_ipPing request, a different vulnerability than CVE-2013-3581. | |||||
| CVE-2013-2310 | 2 Softbank, Willcom-inc | 13 Android Smartphone, Disney Mobile Android Smartphone, Mobile Wi-fi Router and 10 more | 2013-06-16 | 3.3 LOW | N/A |
| SoftBank Wi-Fi Spot Configuration Software, as used on SoftBank SHARP 3G handsets, SoftBank Panasonic 3G handsets, SoftBank NEC 3G handsets, SoftBank Samsung 3G handsets, SoftBank mobile Wi-Fi routers, SoftBank Android smartphones with the Wi-Fi application before 1.7.1, SoftBank Windows Mobile smartphones with the WISPrClient application before 1.3.1, SoftBank Disney Mobile Android smartphones with the Wi-Fi application before 1.7.1, and WILLCOM Android smartphones with the Wi-Fi application before 1.7.1, does not properly connect to access points, which allows remote attackers to obtain sensitive information by leveraging access to an 802.11 network. | |||||
| CVE-2013-1205 | 1 Cisco | 1 Webex Meetings Server | 2013-06-06 | 4.3 MEDIUM | N/A |
| The Event Center module in Cisco WebEx Meetings Server does not perform request authentication in all intended circumstances, which allows remote attackers to discover host keys and event passwords via crafted URLs, aka Bug ID CSCue62485. | |||||
| CVE-2013-0985 | 1 Apple | 1 Mac Os X | 2013-06-05 | 2.1 LOW | N/A |
| Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line. | |||||
| CVE-2013-2313 | 1 Lockon | 1 Ec-cube | 2013-06-03 | 4.0 MEDIUM | N/A |
| Session fixation vulnerability in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2013-1211 | 1 Cisco | 2 Nexus 1000v, Nx-os | 2013-05-30 | 5.0 MEDIUM | N/A |
| Cisco NX-OS on the Nexus 1000V does not properly handle authentication for Virtual Ethernet Module (VEM) to Virtual Supervisor Module (VSM) communication, which allows remote attackers to obtain VEM access via (1) spoofed STUN packets or (2) a crafted VMware ESXi instance, aka Bug ID CSCud14832. | |||||
| CVE-2013-1209 | 1 Cisco | 2 Nexus 1000v, Nx-os | 2013-05-30 | 5.0 MEDIUM | N/A |
| The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable packet-level encryption and integrity protection via crafted packets, aka Bug ID CSCud14710. | |||||
| CVE-2012-2983 | 1 Gentoo | 1 Webmin | 2013-05-29 | 5.0 MEDIUM | N/A |
| file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field. | |||||