Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation.
Max CVSS
6.9
EPSS Score
0.06%
Published
2013-08-20
Updated
2019-07-10
Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client.
Max CVSS
6.4
EPSS Score
0.72%
Published
2013-08-16
Updated
2017-08-29
The NTT DOCOMO overseas usage application 2.0.0 through 2.0.4 for Android does not properly connect to Wi-Fi access points, which allows remote attackers to obtain sensitive information by leveraging presence in an 802.11 network's coverage area.
Max CVSS
3.3
EPSS Score
0.41%
Published
2013-08-09
Updated
2017-08-29
Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie.
Max CVSS
7.6
EPSS Score
0.14%
Published
2013-08-28
Updated
2013-08-29
The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636.
Max CVSS
9.3
EPSS Score
0.50%
Published
2013-08-29
Updated
2016-11-07
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors.
Max CVSS
5.8
EPSS Score
0.32%
Published
2013-08-01
Updated
2017-08-29
HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable.
Max CVSS
5.0
EPSS Score
3.96%
Published
2013-08-19
Updated
2016-12-07
OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.
Max CVSS
4.3
EPSS Score
0.38%
Published
2013-08-20
Updated
2019-08-08
The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034.
Max CVSS
10.0
EPSS Score
0.53%
Published
2013-08-31
Updated
2020-02-17
9 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!