Total
3293 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-6148 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2017-09-08 | 3.5 LOW | N/A |
| IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL. | |||||
| CVE-2014-9278 | 2 Openbsd, Redhat | 3 Openssh, Enterprise Linux, Fedora | 2017-09-08 | 4.0 MEDIUM | N/A |
| The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login. | |||||
| CVE-2014-9217 | 1 Torch Gmbh | 1 Graylog2 | 2017-09-08 | 5.0 MEDIUM | N/A |
| Graylog2 before 0.92 allows remote attackers to bypass LDAP authentication via crafted wildcards. | |||||
| CVE-2014-8033 | 1 Cisco | 1 Webex Meetings Server | 2017-09-08 | 5.0 MEDIUM | N/A |
| The play/modules component in Cisco WebEx Meetings Server allows remote attackers to obtain administrator access via crafted API requests, aka Bug ID CSCuj40421. | |||||
| CVE-2015-7746 | 1 Netapp | 1 Data Ontap | 2017-09-06 | 7.5 HIGH | 9.8 CRITICAL |
| NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language. | |||||
| CVE-2016-8022 | 1 Mcafee | 1 Virusscan Enterprise | 2017-09-03 | 5.1 MEDIUM | 7.5 HIGH |
| Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a denial of service via a crafted authentication cookie. | |||||
| CVE-2016-8023 | 1 Mcafee | 1 Virusscan Enterprise | 2017-09-03 | 6.8 MEDIUM | 8.1 HIGH |
| Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie. | |||||
| CVE-2016-9796 | 1 Alcatel-lucent | 1 Omnivista 8770 Network Management System | 2017-09-03 | 10.0 HIGH | 9.8 CRITICAL |
| Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods (AddJobSet, AddJob, and ExecuteNow) that can be used to run arbitrary commands on the server, with the privilege of NT AUTHORITY\SYSTEM on the server. NOTE: The discoverer states "The vendor position is to refer to the technical guidelines of the product security deployment to mitigate this issue, which means applying proper firewall rules to prevent unauthorised clients to connect to the OmniVista server." | |||||
| CVE-2016-1279 | 1 Juniper | 1 Junos | 2017-09-01 | 10.0 HIGH | 9.8 CRITICAL |
| J-Web in Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X47-D35, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D25, 13.3 before 13.3R10, 13.3R9 before 13.3R9-S1, 14.1 before 14.1R7, 14.1X53 before 14.1X53-D35, 14.2 before 14.2R6, 15.1 before 15.1A2 or 15.1F4, 15.1X49 before 15.1X49-D30, and 15.1R before 15.1R3 might allow remote attackers to obtain sensitive information and consequently gain administrative privileges via unspecified vectors. | |||||
| CVE-2015-8308 | 1 Lxdm Project | 1 Lxdm | 2017-08-30 | 4.6 MEDIUM | 7.8 HIGH |
| LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections. | |||||
| CVE-2016-4460 | 1 Apache | 1 Pony Mail | 2017-08-29 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication. | |||||
| CVE-2016-2102 | 1 Haproxy | 1 Haproxy | 2017-08-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network. | |||||
| CVE-2014-4619 | 1 Emc | 1 Rsa Identity Management And Governance | 2017-08-29 | 9.3 HIGH | N/A |
| EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P11, 6.5.2 before P02HF01, and 6.8.x before 6.8.1 P07, when Novell Identity Manager (aka NovellIM) is used, allows remote attackers to bypass authentication via an arbitrary valid username. | |||||
| CVE-2014-4425 | 1 Apple | 1 Mac Os X | 2017-08-29 | 4.6 MEDIUM | N/A |
| CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation. | |||||
| CVE-2014-4831 | 1 Ibm | 2 Qradar Risk Manager, Qradar Vulnerability Manager | 2017-08-29 | 5.8 MEDIUM | N/A |
| IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessions via unspecified vectors. | |||||
| CVE-2014-4444 | 1 Apple | 1 Mac Os X | 2017-08-29 | 4.4 MEDIUM | N/A |
| SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login. | |||||
| CVE-2014-5175 | 1 Sap | 1 Solution Manager | 2017-08-29 | 7.5 HIGH | N/A |
| The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS. | |||||
| CVE-2014-4435 | 1 Apple | 1 Mac Os X | 2017-08-29 | 4.4 MEDIUM | N/A |
| The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access via a brute-force attack involving a series of reboots. | |||||
| CVE-2014-3053 | 1 Ibm | 5 Security Access Manager For Mobile Appliance, Security Access Manager For Mobile Software, Security Access Manager For Web 8.0 Firmware and 2 more | 2017-08-29 | 8.0 HIGH | N/A |
| The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials. | |||||
| CVE-2014-0674 | 1 Cisco | 1 Video Surveillance Operations Manager | 2017-08-29 | 6.8 MEDIUM | N/A |
| Cisco Video Surveillance Operations Manager (VSOM) does not require authentication for MySQL database connections, which allows remote attackers to obtain sensitive information, modify data, or cause a denial of service by leveraging network connectivity from a client system with a crafted host name, aka Bug ID CSCud10992. | |||||