Search Results (12622 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-1520 3 Ibm, Linux, Microsoft 4 Db2, Db2 Connect, Linux Kernel and 1 more 2025-04-20 N/A
IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830.
CVE-2017-6062 1 Openidc 1 Mod Auth Openidc 2025-04-20 N/A
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.
CVE-2017-8438 1 Elastic 1 X-pack 2025-04-20 N/A
Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. This bug prevents transitioning into the specified user specified in a run_as request. If a role has been created using a template that contains the _user properties, the behavior of run_as will be incorrect. Additionally if the run_as user specified does not exist, the transition will not happen.
CVE-2017-13984 1 Hp 1 Bsm Platform Application Performance Management System Health 2025-04-20 N/A
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal.
CVE-2010-2232 1 Apache 1 Derby 2025-04-20 N/A
In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file.
CVE-2016-8587 1 Trendmicro 1 Threat Discovery Appliance 2025-04-20 N/A
dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/.
CVE-2016-5791 1 Jantek 2 Jtc-200, Jtc-200 Firmware 2025-04-20 N/A
An Improper Authentication issue was discovered in JanTek JTC-200, all versions. The improper authentication could provide an undocumented BusyBox Linux shell accessible over the TELNET service without any authentication.
CVE-2017-1002024 1 Kindsoft 2 Kind Editor, Kindeditor 2025-04-20 N/A
Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.
CVE-2017-15272 1 Psftp 1 Psftpd 2025-04-20 N/A
The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "ITsILLEGAL"; however, this password is not required to extract the data. Cleartext is used for a user password.
CVE-2017-8468 1 Microsoft 4 Windows 10, Windows 8.1, Windows Server 2012 and 1 more 2025-04-20 N/A
Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Windows kernel improperly handles objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-8465.
CVE-2017-10817 1 Intercom 1 Malion 2025-04-20 9.8 Critical
MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to bypass authentication to alter settings in Relay Service Server.
CVE-2016-5410 2 Firewalld, Redhat 6 Firewalld, Enterprise Linux, Enterprise Linux Desktop and 3 more 2025-04-20 N/A
firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method.
CVE-2016-5801 1 Omnimetrix 1 Omniview 2025-04-20 N/A
An issue was discovered in OmniMetrix OmniView, Version 1.2. Insufficient password requirements for the OmniView web application may allow an attacker to gain access by brute forcing account passwords.
CVE-2017-8467 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2025-04-20 N/A
Graphics in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Win32k Elevation of Privilege Vulnerability".
CVE-2017-8465 1 Microsoft 4 Windows 10, Windows 8.1, Windows Server 2012 and 1 more 2025-04-20 N/A
Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Windows kernel improperly handles objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-8468.
CVE-2016-1000219 2 Elastic, Redhat 2 Kibana, Openshift 2025-04-20 N/A
Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.
CVE-2016-10514 1 Piwigo 1 Piwigo 2025-04-20 N/A
url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring.
CVE-2017-17777 1 Paid To Read Script Project 1 Paid To Read Script 2025-04-20 N/A
Paid To Read Script 2.0.5 has authentication bypass in the admin panel via a direct request, as demonstrated by the admin/viewvisitcamp.php fn parameter and the admin/userview.php uid parameter.
CVE-2016-10026 1 Ikiwiki 1 Ikiwiki 2025-04-20 N/A
ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made.
CVE-2016-6759 1 Linux 1 Linux Kernel 2025-04-20 N/A
An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29982686. References: QC-CR#1055766.