Total
3617 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0482 | 2 Djangoproject, Opensuse | 2 Django, Opensuse | 2025-04-12 | 6.0 MEDIUM | N/A |
| The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header. | |||||
| CVE-2014-4725 | 1 Mailpoet | 1 Mailpoet Newsletters | 2025-04-12 | 7.5 HIGH | N/A |
| The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/. | |||||
| CVE-2014-2665 | 1 Mediawiki | 1 Mediawiki | 2025-04-12 | 4.0 MEDIUM | N/A |
| includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a "login CSRF" issue. | |||||
| CVE-2014-3895 | 1 Iodata | 12 Ts-ptcam\/poe Camera, Ts-ptcam\/poe Camera Firmware, Ts-ptcam Camera and 9 more | 2025-04-12 | 6.4 MEDIUM | N/A |
| The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera with firmware 1.02 and earlier allow remote attackers to bypass authentication, and consequently obtain sensitive credential and configuration data, via unspecified vectors. | |||||
| CVE-2016-3094 | 1 Apache | 1 Qpid Broker-j | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service (broker termination) via a crafted authentication attempt, which triggers an uncaught exception. | |||||
| CVE-2015-1486 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | 7.5 HIGH | N/A |
| The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session. | |||||
| CVE-2016-6434 | 1 Cisco | 1 Secure Firewall Management Center | 2025-04-12 | 4.6 MEDIUM | 7.8 HIGH |
| Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370. | |||||
| CVE-2014-6318 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| The audit logon feature in Remote Desktop Protocol (RDP) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly log unauthorized login attempts supplying valid credentials, which makes it easier for remote attackers to bypass intended access restrictions via a series of attempts, aka "Remote Desktop Protocol (RDP) Failure to Audit Vulnerability." | |||||
| CVE-2016-4432 | 1 Apache | 1 Qpid Broker-j | 2025-04-12 | 5.0 MEDIUM | 9.1 CRITICAL |
| The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging. | |||||
| CVE-2014-3106 | 1 Ibm | 1 Rational Clearcase | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature. | |||||
| CVE-2014-6379 | 1 Juniper | 1 Junos | 2025-04-12 | 7.5 HIGH | N/A |
| Juniper Junos 11.4 before R12, 12.1 before R10, 12.1X44 before D35, 12.1X45 before D25, 12.1X46 before D20, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S3, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D26 and D30, 13.2X52 before D15, 13.3 before R2, and 14.1 before R1, when a RADIUS accounting server is configured as [system accounting destination radius], creates an entry in /var/etc/pam_radius.conf, which might allow remote attackers to bypass authentication via unspecified vectors. | |||||
| CVE-2013-7302 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2025-04-12 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID. | |||||
| CVE-2014-3295 | 1 Cisco | 1 Nx-os | 2025-04-12 | 4.8 MEDIUM | N/A |
| The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remote attackers to bypass authentication and cause a denial of service (group-member state modification and traffic blackholing) via malformed HSRP packets, aka Bug ID CSCup11309. | |||||
| CVE-2014-5385 | 1 Shopizer | 1 Shopizer | 2025-04-12 | 5.0 MEDIUM | N/A |
| com/salesmanager/central/profile/ProfileAction.java in Shopizer 1.1.5 and earlier does not restrict the number of authentication attempts, which makes it easier for remote attackers to guess passwords via a brute force attack. | |||||
| CVE-2014-0643 | 1 Emc | 2 Rsa Netwitness, Rsa Security Analytics | 2025-04-12 | 7.6 HIGH | N/A |
| EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name. | |||||
| CVE-2014-3430 | 1 Dovecot | 1 Dovecot | 2025-04-12 | 5.0 MEDIUM | N/A |
| Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection. | |||||
| CVE-2014-4668 | 3 Cherokee-project, Fedoraproject, Mageia Project | 3 Cherokee, Fedora, Mageia | 2025-04-12 | 6.8 MEDIUM | N/A |
| The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password. | |||||
| CVE-2014-1982 | 1 Alliedtelesis | 8 At-rg634a, At-rg634a Firmware, Img616lh and 5 more | 2025-04-12 | 10.0 HIGH | N/A |
| The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html. | |||||
| CVE-2013-7366 | 1 Sap | 1 Software Deployment Manager | 2025-04-12 | 5.0 MEDIUM | N/A |
| The SAP Software Deployment Manager (SDM), in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications. | |||||
| CVE-2016-4503 | 1 Moxa | 2 Device Server Web Console 5232-n, Device Server Web Console 5232-n Firmware | 2025-04-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserId value. | |||||