Total
3371 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3885 | 1 Airdroid | 1 Airdroid | 2024-11-21 | 7.5 HIGH | N/A |
| The default configuration of AirDroid 1.0.4 beta uses a four-character alphanumeric password, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2012-3884 | 1 Airdroid | 1 Airdroid | 2024-11-21 | 5.0 MEDIUM | N/A |
| AirDroid 1.0.4 beta implements authentication through direct transmission of a password hash over HTTP, which makes it easier for remote attackers to obtain access by sniffing the local wireless network and then replaying the authentication data. | |||||
| CVE-2012-3824 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication or authorization. | |||||
| CVE-2012-3741 | 1 Apple | 1 Iphone Os | 2024-11-21 | 1.9 LOW | N/A |
| The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step via an app that performs purchase transactions. | |||||
| CVE-2012-3721 | 1 Apple | 1 Mac Os X | 2024-11-21 | 5.0 MEDIUM | N/A |
| Profile Manager in Apple Mac OS X before 10.7.5 does not properly perform authentication for the Device Management private interface, which allows attackers to enumerate managed devices via unspecified vectors. | |||||
| CVE-2012-3520 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 1.9 LOW | N/A |
| The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager. | |||||
| CVE-2012-3492 | 1 Condor Project | 1 Condor | 2024-11-21 | 6.4 MEDIUM | N/A |
| The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 uses authentication directories even when they have weak permissions, which allows remote attackers to impersonate users by renaming a user's authentication directory. | |||||
| CVE-2012-3473 | 1 Ushahidi | 1 Ushahidi Platform | 2024-11-21 | 6.4 MEDIUM | N/A |
| The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions. | |||||
| CVE-2012-3472 | 1 Ushahidi | 1 Ushahidi Platform | 2024-11-21 | 6.4 MEDIUM | N/A |
| The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request. | |||||
| CVE-2012-3467 | 1 Apache | 1 Qpid | 2024-11-21 | 5.0 MEDIUM | N/A |
| Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication. | |||||
| CVE-2012-3462 | 1 Fedoraproject | 1 Sssd | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context. | |||||
| CVE-2012-3424 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2024-11-21 | 5.0 MEDIUM | N/A |
| The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a with_http_digest helper method, as demonstrated by the authenticate_or_request_with_http_digest method. | |||||
| CVE-2012-3416 | 1 Condor Project | 1 Condor | 2024-11-21 | 10.0 HIGH | N/A |
| Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOW_ADMINISTRATOR or ALLOW_WRITE by connecting from a system with a spoofed reverse DNS hostname. | |||||
| CVE-2012-3408 | 2 Puppet, Puppetlabs | 2 Puppet Enterprise, Puppet | 2024-11-21 | 2.6 LOW | N/A |
| lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address. | |||||
| CVE-2012-3356 | 1 Viewvc | 1 Viewvc | 2024-11-21 | 5.0 MEDIUM | N/A |
| The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2012-3315 | 1 Ibm | 2 Tivoli Federated Identity Manager, Tivoli Federated Identity Manager Business Gateway | 2024-11-21 | 5.0 MEDIUM | N/A |
| The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE security constraints, and obtain sensitive information related to (1) federation metadata or (2) a web plugin configuration template, via a crafted request. | |||||
| CVE-2012-3137 | 1 Oracle | 2 Database Server, Primavera P6 Enterprise Project Portfolio Management | 2024-11-21 | 6.4 MEDIUM | N/A |
| The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability." | |||||
| CVE-2012-3024 | 1 Tridium | 1 Niagara Ax | 2024-11-21 | 5.0 MEDIUM | N/A |
| Tridium Niagara AX Framework through 3.6 uses predictable values for (1) session IDs and (2) keys, which might allow remote attackers to bypass authentication via a brute-force attack. | |||||
| CVE-2012-3002 | 2 Foscam, Wansview | 2 H.264 Hi3510\/11\/12 Ip Camera, H.264 Hi3510\/11\/12 Ip Camera | 2024-11-21 | 10.0 HIGH | N/A |
| The web interface on (1) Foscam and (2) Wansview IP cameras allows remote attackers to bypass authentication, and perform administrative functions or read the admin password, via a direct request to an unspecified URL. | |||||
| CVE-2012-2983 | 1 Gentoo | 1 Webmin | 2024-11-21 | 5.0 MEDIUM | N/A |
| file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field. | |||||