Total
3455 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1238 | 1 Mozilla | 2 Firefox, Seamonkey | 2023-02-13 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms. | |||||
| CVE-2009-3623 | 1 Linux | 1 Linux Kernel | 2023-02-13 | 7.8 HIGH | N/A |
| The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 subsystem in the Linux kernel before 2.6.31.2 attempts to access a credentials cache even when a client specifies the AUTH_NULL authentication flavor, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an NFSv4 mount request. | |||||
| CVE-2014-3612 | 1 Apache | 1 Activemq | 2023-02-13 | 7.5 HIGH | N/A |
| The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6524 for the use of wildcard operators in usernames. | |||||
| CVE-2014-0188 | 1 Redhat | 1 Openshift | 2023-02-13 | 7.5 HIGH | N/A |
| The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger. | |||||
| CVE-2014-0132 | 1 Fedoraproject | 1 389 Directory Server | 2023-02-13 | 6.5 MEDIUM | N/A |
| The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind. | |||||
| CVE-2014-0090 | 1 Theforeman | 1 Foreman | 2023-02-13 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie. | |||||
| CVE-2014-0056 | 2 Canonical, Openstack | 2 Ubuntu Linux, Neutron | 2023-02-13 | 2.1 LOW | N/A |
| The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command. | |||||
| CVE-2013-1865 | 2 Canonical, Openstack | 2 Ubuntu Linux, Folsom | 2023-02-13 | 6.8 MEDIUM | N/A |
| OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token. | |||||
| CVE-2012-5633 | 1 Apache | 1 Cxf | 2023-02-13 | 5.8 MEDIUM | N/A |
| The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request. | |||||
| CVE-2012-0803 | 1 Apache | 1 Cxf | 2023-02-13 | 7.5 HIGH | 9.8 CRITICAL |
| The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request. | |||||
| CVE-2020-14380 | 1 Redhat | 1 Satellite | 2023-02-12 | 6.0 MEDIUM | 7.5 HIGH |
| An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim the privileges of already existing local users of Satellite. | |||||
| CVE-2019-10150 | 1 Redhat | 1 Openshift Container Platform | 2023-02-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output. | |||||
| CVE-2018-14643 | 1 Theforeman | 1 Foreman | 2023-02-12 | 10.0 HIGH | 9.8 CRITICAL |
| An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context. | |||||
| CVE-2017-7562 | 2 Mit, Redhat | 5 Kerberos 5, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2023-02-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances. | |||||
| CVE-2017-2628 | 2 Haxx, Redhat | 4 Curl, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2023-02-12 | 7.5 HIGH | 9.8 CRITICAL |
| curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanwhile substituted by USE_HTTP_NEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl only. | |||||
| CVE-2017-15135 | 1 Fedoraproject | 1 389 Directory Server | 2023-02-12 | 4.3 MEDIUM | 8.1 HIGH |
| It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances. | |||||
| CVE-2017-12195 | 1 Redhat | 1 Openshift Container Platform | 2023-02-12 | 5.8 MEDIUM | 4.8 MEDIUM |
| A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication. This attack also requires that the Elasticsearch be configured with an external route, and the data accessed is limited to the indices. | |||||
| CVE-2022-0730 | 3 Cacti, Debian, Fedoraproject | 3 Cacti, Debian Linux, Fedora | 2023-02-12 | 6.8 MEDIUM | 9.8 CRITICAL |
| Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. | |||||
| CVE-2002-2438 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| TCP firewalls could be circumvented by sending a SYN Packets with other flags (like e.g. RST flag) set, which was not correctly discarded by the Linux TCP stack after firewalling. | |||||
| CVE-2020-20402 | 1 Portfoliocms Project | 1 Portfoliocms | 2023-02-08 | N/A | 7.5 HIGH |
| Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation. | |||||