Total
3419 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-9796 | 1 Alcatel-lucent | 1 Omnivista 8770 Network Management System | 2017-09-03 | N/A |
| Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods (AddJobSet, AddJob, and ExecuteNow) that can be used to run arbitrary commands on the server, with the privilege of NT AUTHORITY\SYSTEM on the server. NOTE: The discoverer states "The vendor position is to refer to the technical guidelines of the product security deployment to mitigate this issue, which means applying proper firewall rules to prevent unauthorised clients to connect to the OmniVista server." | ||||
| CVE-2016-8023 | 1 Mcafee | 1 Virusscan Enterprise | 2017-09-03 | N/A |
| Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie. | ||||
| CVE-2016-8022 | 1 Mcafee | 1 Virusscan Enterprise | 2017-09-03 | N/A |
| Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a denial of service via a crafted authentication cookie. | ||||
| CVE-2016-6434 | 1 Cisco | 1 Firepower Management Center | 2017-09-03 | N/A |
| Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370. | ||||
| CVE-2016-1279 | 1 Juniper | 1 Junos | 2017-09-01 | N/A |
| J-Web in Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X47-D35, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D25, 13.3 before 13.3R10, 13.3R9 before 13.3R9-S1, 14.1 before 14.1R7, 14.1X53 before 14.1X53-D35, 14.2 before 14.2R6, 15.1 before 15.1A2 or 15.1F4, 15.1X49 before 15.1X49-D30, and 15.1R before 15.1R3 might allow remote attackers to obtain sensitive information and consequently gain administrative privileges via unspecified vectors. | ||||
| CVE-2015-8308 | 1 Lxdm Project | 1 Lxdm | 2017-08-30 | N/A |
| LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections. | ||||
| CVE-2016-4460 | 1 Apache | 1 Pony Mail | 2017-08-29 | N/A |
| Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication. | ||||
| CVE-2016-2102 | 1 Haproxy | 1 Haproxy | 2017-08-29 | N/A |
| HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network. | ||||
| CVE-2014-5175 | 1 Sap | 1 Solution Manager | 2017-08-29 | N/A |
| The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS. | ||||
| CVE-2014-4831 | 1 Ibm | 2 Qradar Risk Manager, Qradar Vulnerability Manager | 2017-08-29 | N/A |
| IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessions via unspecified vectors. | ||||
| CVE-2014-4619 | 1 Emc | 1 Rsa Identity Management And Governance | 2017-08-29 | N/A |
| EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P11, 6.5.2 before P02HF01, and 6.8.x before 6.8.1 P07, when Novell Identity Manager (aka NovellIM) is used, allows remote attackers to bypass authentication via an arbitrary valid username. | ||||
| CVE-2014-4444 | 1 Apple | 1 Mac Os X | 2017-08-29 | N/A |
| SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login. | ||||
| CVE-2014-4435 | 1 Apple | 1 Mac Os X | 2017-08-29 | N/A |
| The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access via a brute-force attack involving a series of reboots. | ||||
| CVE-2014-4425 | 1 Apple | 1 Mac Os X | 2017-08-29 | N/A |
| CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation. | ||||
| CVE-2014-3312 | 1 Cisco | 16 Spa901 1-line Ip Phone, Spa922 1-line Ip Phone With 1-port Ethernet, Spa941 4-line Ip Phone With 1-port Ethernet and 13 more | 2017-08-29 | N/A |
| The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435. | ||||
| CVE-2014-3106 | 1 Ibm | 1 Rational Clearcase | 2017-08-29 | N/A |
| IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature. | ||||
| CVE-2014-3101 | 1 Ibm | 1 Rational Clearcase | 2017-08-29 | N/A |
| The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack. | ||||
| CVE-2014-3053 | 1 Ibm | 5 Security Access Manager For Mobile Appliance, Security Access Manager For Mobile Software, Security Access Manager For Web 8.0 Firmware and 2 more | 2017-08-29 | N/A |
| The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials. | ||||
| CVE-2014-2341 | 1 Cubecart | 1 Cubecart | 2017-08-29 | N/A |
| Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter. | ||||
| CVE-2014-0674 | 1 Cisco | 1 Video Surveillance Operations Manager | 2017-08-29 | N/A |
| Cisco Video Surveillance Operations Manager (VSOM) does not require authentication for MySQL database connections, which allows remote attackers to obtain sensitive information, modify data, or cause a denial of service by leveraging network connectivity from a client system with a crafted host name, aka Bug ID CSCud10992. | ||||