Export limit exceeded: 363282 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12615 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5008 | 2 Debian, Redhat | 4 Debian Linux, Enterprise Linux, Libvirt and 1 more | 2025-04-12 | N/A |
| libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server. | ||||
| CVE-2016-1040 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-12 | N/A |
| Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1041, CVE-2016-1042, CVE-2016-1044, CVE-2016-1062, and CVE-2016-1117. | ||||
| CVE-2015-7285 | 1 Csl Dualcom | 2 Gprs, Gprs Cs2300-r Firmware | 2025-04-12 | N/A |
| CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center (ARC) servers, which allows man-in-the-middle attackers to bypass intended access restrictions via a spoofed HSxx response. | ||||
| CVE-2014-5208 | 1 Yokogawa | 3 Centum Cs 3000, Centum Vp, Exaopc | 2025-04-12 | N/A |
| BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784. | ||||
| CVE-2015-4418 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2025-04-12 | N/A |
| Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | ||||
| CVE-2014-4831 | 1 Ibm | 2 Qradar Risk Manager, Qradar Vulnerability Manager | 2025-04-12 | N/A |
| IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessions via unspecified vectors. | ||||
| CVE-2012-5500 | 2 Plone, Redhat | 2 Plone, Rhel Cluster | 2025-04-12 | N/A |
| The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request. | ||||
| CVE-2016-3044 | 2 Ibm, Redhat | 2 Powerkvm, Enterprise Linux | 2025-04-12 | N/A |
| The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 allows guest OS users to cause a denial of service (host OS infinite loop and hang) via unspecified vectors. | ||||
| CVE-2016-3162 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2025-04-12 | N/A |
| The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files. | ||||
| CVE-2016-4422 | 2 Debian, Libpam-sshauth Project | 2 Debian Linux, Libpam-sshauth | 2025-04-12 | 9.8 Critical |
| The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account. | ||||
| CVE-2014-4168 | 1 Kryo | 1 Iodine | 2025-04-12 | N/A |
| (1) iodined.c and (2) user.c in iodine before 0.7.0 allows remote attackers to bypass authentication by continuing execution after an error has been triggering. | ||||
| CVE-2016-5404 | 4 Fedoraproject, Freeipa, Oracle and 1 more | 4 Fedora, Freeipa, Linux and 1 more | 2025-04-12 | N/A |
| The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission. | ||||
| CVE-2015-0670 | 1 Cisco | 15 Spa300 Firmware, Spa500 Firmware, Spa 301 1 Line Ip Phone and 12 more | 2025-04-12 | N/A |
| The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482. | ||||
| CVE-2015-3224 | 1 Rubyonrails | 1 Web Console | 2025-04-12 | N/A |
| request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request. | ||||
| CVE-2015-5746 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling. | ||||
| CVE-2016-1039 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-12 | N/A |
| Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1044, CVE-2016-1062, and CVE-2016-1117. | ||||
| CVE-2016-5173 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack. | ||||
| CVE-2014-3895 | 1 Iodata | 12 Ts-ptcam\/poe Camera, Ts-ptcam\/poe Camera Firmware, Ts-ptcam Camera and 9 more | 2025-04-12 | N/A |
| The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera with firmware 1.02 and earlier allow remote attackers to bypass authentication, and consequently obtain sensitive credential and configuration data, via unspecified vectors. | ||||
| CVE-2014-3623 | 2 Apache, Redhat | 8 Cxf, Wss4j, Jboss Amq and 5 more | 2025-04-12 | N/A |
| Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors. | ||||
| CVE-2016-4591 | 1 Apple | 4 Iphone Os, Safari, Tvos and 1 more | 2025-04-12 | N/A |
| WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors. | ||||