Total
3702 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2067 | 1 Apache | 1 Tomcat | 2025-04-11 | 6.8 MEDIUM | N/A |
| java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack. | |||||
| CVE-2011-4091 | 3 Armin Burgmeier, Opensuse, Oracle | 3 Net6, Opensuse, Solaris | 2025-04-11 | 5.0 MEDIUM | N/A |
| The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3.14 does not perform authentication before checking the user name, which allows remote attackers to obtain sensitive information such as server-usage patterns by a particular user and color preferences. | |||||
| CVE-2012-1602 | 1 Nextbbs | 1 Nextbbs | 2025-04-11 | 7.5 HIGH | N/A |
| user.php in NextBBS 0.6 allows remote attackers to bypass authentication and gain administrator access by setting the userkey cookie to 1. | |||||
| CVE-2012-3137 | 1 Oracle | 2 Database Server, Primavera P6 Enterprise Project Portfolio Management | 2025-04-11 | 6.4 MEDIUM | N/A |
| The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability." | |||||
| CVE-2010-3852 | 1 Redhat | 2 Conga, Luci | 2025-04-11 | 6.4 MEDIUM | N/A |
| The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "[INSERT SECRET HERE]" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie. | |||||
| CVE-2013-2056 | 1 Redhat | 1 Satellite | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call. | |||||
| CVE-2013-0985 | 1 Apple | 1 Mac Os X | 2025-04-11 | 2.1 LOW | N/A |
| Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line. | |||||
| CVE-2013-1241 | 1 Cisco | 27 1921 Integrated Services Router, 1941 Integrated Services Router, 1941w Integrated Services Router and 24 more | 2025-04-11 | 6.3 MEDIUM | N/A |
| The ISM module in Cisco IOS on ISR G2 routers does not properly handle authentication-header packets, which allows remote authenticated users to cause a denial of service (module reload) via a series of malformed packets, aka Bug ID CSCub92025. | |||||
| CVE-2011-5100 | 1 Mcafee | 1 Firewall Reporter | 2025-04-11 | 7.5 HIGH | N/A |
| The web interface in McAfee Firewall Reporter before 5.1.0.13 does not properly implement cookie authentication, which allows remote attackers to obtain access, and disable anti-virus functionality, via an HTTP request. | |||||
| CVE-2011-0383 | 1 Cisco | 4 Telepresence Multipoint Switch, Telepresence Multipoint Switch Software, Telepresence Recording Server and 1 more | 2025-04-11 | 10.0 HIGH | N/A |
| The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008. | |||||
| CVE-2012-1256 | 1 Easyvista | 1 Easyvista | 2025-04-11 | 5.0 MEDIUM | N/A |
| The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter, in conjunction with a valid login name in the SSPI_HEADER parameter, to index.php. | |||||
| CVE-2012-3721 | 1 Apple | 1 Mac Os X | 2025-04-11 | 5.0 MEDIUM | N/A |
| Profile Manager in Apple Mac OS X before 10.7.5 does not properly perform authentication for the Device Management private interface, which allows attackers to enumerate managed devices via unspecified vectors. | |||||
| CVE-2013-1865 | 2 Canonical, Openstack | 2 Ubuntu Linux, Folsom | 2025-04-11 | 6.8 MEDIUM | N/A |
| OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token. | |||||
| CVE-2012-3424 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2025-04-11 | 5.0 MEDIUM | N/A |
| The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a with_http_digest helper method, as demonstrated by the authenticate_or_request_with_http_digest method. | |||||
| CVE-2013-3060 | 1 Apache | 1 Activemq | 2025-04-11 | 6.4 MEDIUM | N/A |
| The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests. | |||||
| CVE-2012-4581 | 1 Mcafee | 2 Email And Web Security, Email Gateway | 2025-04-11 | 6.8 MEDIUM | N/A |
| McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not disable the server-side session token upon the closing of the Management Console/Dashboard, which makes it easier for remote attackers to hijack sessions by capturing a session cookie and then modifying the response to a login attempt, related to a "Logout Failure" issue. | |||||
| CVE-2013-2313 | 1 Lockon | 1 Ec-cube | 2025-04-11 | 4.0 MEDIUM | N/A |
| Session fixation vulnerability in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2010-2944 | 1 Jens Vagelpohl | 1 Zope-ldapuserfolder | 2025-04-11 | 7.5 HIGH | N/A |
| The authenticate function in LDAPUserFolder/LDAPUserFolder.py in zope-ldapuserfolder 2.9-1 does not verify the password for the emergency account, which allows remote attackers to gain privileges. | |||||
| CVE-2012-0874 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Web Platform | 2025-04-11 | 6.8 MEDIUM | N/A |
| The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow remote attackers to invoke MBean methods and execute arbitrary code via unspecified vectors. NOTE: this issue can only be exploited when the interceptor is not properly configured with a "second layer of authentication," or when used in conjunction with other vulnerabilities that bypass this second layer. | |||||
| CVE-2010-2668 | 1 Adaptivedisplays | 2 Alpha Ethernet Adapter Ii, Alpha Ethernet Adapter Ii Web Manager | 2025-04-11 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in Adaptive Micro Systems ALPHA Ethernet Adapter II Web-Manager 3.40.2 allows remote attackers to bypass authentication and read or write configuration files via unknown vectors. | |||||