Export limit exceeded: 363381 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12620 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-9828 1 Imagemagick 1 Imagemagick 2025-04-20 8.8 High
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file.
CVE-2015-7263 1 Proxygen Project 1 Proxygen 2025-04-20 N/A
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value.
CVE-2016-10042 1 Arcadyan 2 Swisscom Internet-box, Swisscom Internet-box Firmware 2025-04-20 N/A
Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (aka Swisscom Internet-Box) devices before R7.7 allows unauthorized reconfiguration of the static routing table via an unauthenticated HTTP request, leading to denial of service and information disclosure.
CVE-2015-3142 1 Redhat 2 Automatic Bug Reporting Tool, Enterprise Linux 2025-04-20 N/A
The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application.
CVE-2017-9939 1 Siemens 1 Sipass Integrated 2025-04-20 N/A
A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with network access to the SiPass integrated server to bypass the authentication mechanism and perform administrative operations.
CVE-2014-9618 1 Netsweeper 1 Netsweeper 2025-04-20 N/A
The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.
CVE-2017-10873 1 Osstech 1 Openam 2025-04-20 8.1 High
OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches authentication methods based on AuthnContext requests sent from the service provider.
CVE-2017-6044 1 Sierra Wireless 4 Airlink Raven Xe, Airlink Raven Xe Firmware, Airlink Raven Xt and 1 more 2025-04-20 N/A
An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a remote attacker to perform sensitive functions including arbitrary file upload, file download, and device reboot.
CVE-2016-6331 1 Mediawiki 1 Mediawiki 2025-04-20 N/A
ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php.
CVE-2017-1000030 1 Oracle 1 Glassfish Server 2025-04-20 N/A
Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface.
CVE-2017-8195 1 Huawei 1 Fusionsphere Openstack 2025-04-20 N/A
The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message.
CVE-2017-13984 1 Hp 1 Bsm Platform Application Performance Management System Health 2025-04-20 N/A
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal.
CVE-2017-3867 1 Cisco 1 Adaptive Security Appliance Software 2025-04-20 N/A
A vulnerability in the Border Gateway Protocol (BGP) Bidirectional Forwarding Detection (BFD) implementation of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to bypass the access control list (ACL) for specific TCP and UDP traffic. More Information: CSCvc68229. Known Affected Releases: 9.6(2). Known Fixed Releases: 99.1(20.1) 99.1(10.2) 98.1(12.7) 98.1(1.49) 97.1(6.58) 97.1(0.134) 96.2(0.109) 9.7(1.1) 9.6(2.99) 9.6(2.8).
CVE-2017-3880 1 Cisco 1 Webex Meetings Server 2025-04-20 N/A
An Authentication Bypass vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access limited meeting information on the Cisco WebEx Meetings Server. More Information: CSCvd50728. Known Affected Releases: 2.6 2.7 2.8 CWMS-2.5MR1 Orion1.1.2.patch T29_orion_merge.
CVE-2016-8032 1 Mcafee 1 Anti-malware Scan Engine 2025-04-20 N/A
Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file.
CVE-2015-8140 1 Ntp 1 Ntp 2025-04-20 N/A
The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.
CVE-2017-8447 1 Elastic 1 X-pack 2025-04-20 N/A
An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either 'delete' or 'index' permissions on an index in a cluster, they may be able to issue both delete and index requests against that index.
CVE-2016-6770 1 Google 1 Android 2025-04-20 N/A
An elevation of privilege vulnerability in the Framework API could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-30202228.
CVE-2016-8023 1 Mcafee 1 Virusscan Enterprise 2025-04-20 N/A
Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie.
CVE-2016-2788 1 Puppet 2 Marionette Collective, Puppet Enterprise 2025-04-20 N/A
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.