Total
3419 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-7322 | 1 Nongnu | 1 Oath Toolkit | 2017-08-29 | N/A |
| usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to conduct replay attacks, as demonstrated by a commented out line when using libpam-oath. | ||||
| CVE-2013-6979 | 1 Cisco | 1 Ios Xe | 2017-08-29 | N/A |
| The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source IP address, aka Bug ID CSCuj90227. | ||||
| CVE-2013-5497 | 1 Cisco | 1 Intrusion Prevention System | 2017-08-29 | N/A |
| The authentication manager process in the web framework in Cisco Intrusion Prevention System (IPS) does not properly handle user tokens, which allows remote attackers to cause a denial of service (intermittent MainApp hang) via a crafted management-interface connection request, aka Bug ID CSCuf20148. | ||||
| CVE-2013-5429 | 1 Ibm | 1 Tivoli Federated Identity Manager | 2017-08-29 | N/A |
| The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent reuse of One Time Password (OTP) tokens, which makes it easier for remote authenticated users to complete transactions by leveraging access to an already-used token. | ||||
| CVE-2013-5426 | 1 Ibm | 2 Infosphere Master Data Management Collaboration Server, Infosphere Master Data Management Server For Product Information Management | 2017-08-29 | N/A |
| Session fixation vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 IF5 and 11.0 before IF1 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1 IF11 allows remote authenticated users to hijack web sessions via unspecified vectors. | ||||
| CVE-2013-5413 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2017-08-29 | N/A |
| IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not invalidate a session upon a logout action, which allows remote attackers to bypass authentication by leveraging an unattended workstation. | ||||
| CVE-2013-5009 | 1 Symantec | 1 Endpoint Protection | 2017-08-29 | N/A |
| The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly perform authentication, which allows remote authenticated users to gain privileges by leveraging access to a limited-admin account. | ||||
| CVE-2013-4784 | 1 Hp | 1 Integrated Lights-out Bmc | 2017-08-29 | N/A |
| The HP Integrated Lights-Out (iLO) BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. | ||||
| CVE-2013-4304 | 2 Brion Vibber, Mediawiki | 2 Centralauth Extension, Mediawiki | 2017-08-29 | N/A |
| The CentralAuth extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 caches a valid CentralAuthUser object in the centralauth_User cookie even when a user has not successfully logged in, which allows remote attackers to bypass authentication without a password. | ||||
| CVE-2013-4061 | 1 Ibm | 1 Rational Policy Tester | 2017-08-29 | N/A |
| IBM Rational Policy Tester 8.5 before 8.5.0.5 does not properly check authorization for changes to the set of authentication hosts, which allows remote authenticated users to perform spoofing attacks involving an HTTP redirect via unspecified vectors. | ||||
| CVE-2013-4001 | 1 Ibm | 1 Cognos Command Center | 2017-08-29 | N/A |
| Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie. | ||||
| CVE-2013-3977 | 1 Ibm | 1 Sametime | 2017-08-29 | N/A |
| The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names. | ||||
| CVE-2013-3659 | 1 Nttdocomo | 1 Overseas Usage | 2017-08-29 | N/A |
| The NTT DOCOMO overseas usage application 2.0.0 through 2.0.4 for Android does not properly connect to Wi-Fi access points, which allows remote attackers to obtain sensitive information by leveraging presence in an 802.11 network's coverage area. | ||||
| CVE-2013-3431 | 1 Cisco | 1 Video Surveillance Manager | 2017-08-29 | N/A |
| Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv40169. | ||||
| CVE-2013-3430 | 1 Cisco | 1 Video Surveillance Manager | 2017-08-29 | N/A |
| Cisco Video Surveillance Manager (VSM) before 7.0.0 allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37288. | ||||
| CVE-2013-3268 | 1 Novell | 1 Imanager | 2017-08-29 | N/A |
| Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors. | ||||
| CVE-2013-3046 | 1 Ibm | 1 Sametime | 2017-08-29 | N/A |
| The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests. | ||||
| CVE-2013-3039 | 1 Ibm | 1 Rational Requirements Composer | 2017-08-29 | N/A |
| IBM Rational Requirements Composer before 4.0.4 does not properly perform authentication, which has unspecified impact and remote attack vectors. | ||||
| CVE-2013-2993 | 1 Ibm | 1 Websphere Commerce | 2017-08-29 | N/A |
| IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors. | ||||
| CVE-2013-2954 | 1 Ibm | 1 Infosphere Optim Data Growth For Oracle E-business Suite | 2017-08-29 | N/A |
| The login page in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not limit the number of incorrect authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | ||||