Total
3923 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-0015 | 2 Haxx, Redhat | 3 Curl, Libcurl, Enterprise Linux | 2025-04-11 | N/A |
cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request. | ||||
CVE-2013-7292 | 1 Vasco | 1 Identikey Authentication Server | 2025-04-11 | N/A |
VASCO IDENTIKEY Authentication Server (IAS) 3.4.x allows remote authenticated users to bypass Active Directory (AD) authentication by entering only a DIGIPASS one-time password, instead of the intended combination of this one-time password and a multiple-time AD password. | ||||
CVE-2013-7282 | 1 Nisuta | 4 Ns-wir150ne, Ns-wir150ne Firmware, Ns-wir300n and 1 more | 2025-04-11 | N/A |
The management web interface on the Nisuta NS-WIR150NE router with firmware 5.07.41 and Nisuta NS-WIR300N router with firmware 5.07.36_NIS01 allows remote attackers to bypass authentication via a "Cookie: :language=en" HTTP header. | ||||
CVE-2013-7239 | 1 Memcached | 1 Memcached | 2025-04-11 | N/A |
memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials. | ||||
CVE-2013-7183 | 1 Seowonintech | 1 Swc-9100 | 2025-04-11 | N/A |
cgi-bin/reboot.cgi on Seowon Intech SWC-9100 routers allows remote attackers to (1) cause a denial of service (reboot) via a default_reboot action or (2) reset all configuration values via a factory_default action. | ||||
CVE-2013-7137 | 1 Burden Project | 1 Burden | 2025-04-11 | 9.8 Critical |
The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the burden_user_rememberme cookie to 1. | ||||
CVE-2013-7093 | 1 Sap | 1 Network Interface Router | 2025-04-11 | N/A |
SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors. | ||||
CVE-2013-6979 | 1 Cisco | 1 Ios Xe | 2025-04-11 | N/A |
The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source IP address, aka Bug ID CSCuj90227. | ||||
CVE-2013-6920 | 1 Siemens | 14 Sinamics G110, Sinamics G110d, Sinamics G120 and 11 more | 2025-04-11 | N/A |
Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23. | ||||
CVE-2013-6890 | 3 Debian, Fedoraproject, Phil Schwartz | 3 Debian Linux, Fedora, Denyhosts | 2025-04-11 | N/A |
denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names. | ||||
CVE-2013-6859 | 1 Sybase | 1 Adaptive Server Enterprise | 2025-04-11 | N/A |
SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3. 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 does not properly perform authorization, which allows remote authenticated users to gain privileges via unspecified vectors. | ||||
CVE-2013-6828 | 1 Pineapp | 1 Mail-secure | 2025-04-11 | N/A |
admin/management.html in PineApp Mail-SeCure allows remote attackers to bypass authentication and perform a sys_usermng operation via the it parameter. | ||||
CVE-2009-2936 | 1 Varnish.projects.linpro | 1 Varnish | 2025-04-11 | N/A |
The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is "fundamentally misguided and pointless. | ||||
CVE-2013-6643 | 6 Apple, Debian, Google and 3 more | 6 Mac Os X, Debian Linux, Chrome and 3 more | 2025-04-11 | N/A |
The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog. | ||||
CVE-2013-6634 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code. | ||||
CVE-2013-6439 | 2 Redhat, Rhel Sam | 2 Subscription Asset Manager, 1.3 | 2025-04-11 | N/A |
Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors. | ||||
CVE-2013-6347 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-11 | N/A |
Session fixation vulnerability in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack web sessions via unspecified vectors. | ||||
CVE-2013-6171 | 1 Dovecot | 1 Dovecot | 2025-04-11 | N/A |
checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server. | ||||
CVE-2013-6035 | 6 Gatehouse, Harris, Hughes Network Systems and 3 more | 9 Gatehouse, Bgan, 9201 and 6 more | 2025-04-11 | N/A |
The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite terminals does not require authentication for sessions on TCP port 1827, which allows remote attackers to execute arbitrary code via unspecified protocol operations. | ||||
CVE-2013-6012 | 1 Juniper | 1 Junos | 2025-04-11 | N/A |
Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote attackers to bypass authentication via unspecified vectors. |