Export limit exceeded: 12629 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12629 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1000020 | 3 Ecos, Greatek, Totolink | 3 Embedded Web Servers, Soho, Soho | 2025-04-20 | N/A |
| SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. "eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over the device remotely or locally. The bug has been successfully tested and reproduced in some versions of SOHO Routers manufactured by TOTOLINK, GREATEK and others." | ||||
| CVE-2017-1000089 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift | 2025-04-20 | N/A |
| Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins. | ||||
| CVE-2017-1000108 | 1 Jenkins | 1 Pipeline-input-step | 2025-04-20 | N/A |
| The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead. | ||||
| CVE-2017-1258 | 1 Ibm | 1 Security Guardium | 2025-04-20 | N/A |
| IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 124685 | ||||
| CVE-2016-8282 | 1 Oracle | 1 Flexcube Private Banking | 2025-04-20 | N/A |
| Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Private Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts). | ||||
| CVE-2017-1002151 | 1 Redhat | 1 Pagure | 2025-04-20 | 7.5 High |
| Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization | ||||
| CVE-2017-11645 | 1 Netcomm | 2 4gt101w Bootloader, 4gt101w Software | 2025-04-20 | N/A |
| NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 do not require authentication for logfile.html, status.html, or system_config.html. | ||||
| CVE-2016-8032 | 1 Mcafee | 1 Anti-malware Scan Engine | 2025-04-20 | N/A |
| Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file. | ||||
| CVE-2016-8023 | 1 Mcafee | 1 Virusscan Enterprise | 2025-04-20 | N/A |
| Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie. | ||||
| CVE-2016-6605 | 1 Cloudera | 1 Cdh | 2025-04-20 | N/A |
| Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization. | ||||
| CVE-2017-17560 | 1 Westerndigital | 2 My Cloud Pr4100, My Cloud Pr4100 Firmware | 2025-04-20 | N/A |
| An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root. | ||||
| CVE-2016-6758 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148882. References: QC-CR#1071731. | ||||
| CVE-2016-6770 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in the Framework API could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-30202228. | ||||
| CVE-2016-4484 | 1 Cryptsetup Project | 1 Cryptsetup | 2025-04-20 | N/A |
| The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password. | ||||
| CVE-2017-9542 | 2 D-link, Dlink | 2 Dir-615 Firmware, Dir-615 | 2025-04-20 | N/A |
| D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device. | ||||
| CVE-2017-5033 | 6 Apple, Debian, Google and 3 more | 10 Macos, Debian Linux, Android and 7 more | 2025-04-20 | 4.3 Medium |
| Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword. | ||||
| CVE-2016-2942 | 1 Ibm | 1 Urbancode Deploy | 2025-04-20 | N/A |
| IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine. | ||||
| CVE-2016-2930 | 1 Ibm | 1 Bigfix Remote Control | 2025-04-20 | N/A |
| IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. IBM X-Force ID: 5512. | ||||
| CVE-2015-8140 | 1 Ntp | 1 Ntp | 2025-04-20 | N/A |
| The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network. | ||||
| CVE-2017-8195 | 1 Huawei | 1 Fusionsphere Openstack | 2025-04-20 | N/A |
| The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message. | ||||