Export limit exceeded: 12607 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12607 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-7366 | 1 Sap | 1 Software Deployment Manager | 2025-04-12 | N/A |
| The SAP Software Deployment Manager (SDM), in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications. | ||||
| CVE-2013-7379 | 1 Ucdok | 1 Tomato | 2025-04-12 | N/A |
| The admin API in the tomato module before 0.0.6 for Node.js does not properly check the access key when it is set to a string, which allows remote attackers to bypass authentication via a string in the access-key header that partially matches config.master.api.access_key. | ||||
| CVE-2014-0635 | 1 Emc | 1 Vplex Geosynchrony | 2025-04-12 | N/A |
| Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors. | ||||
| CVE-2014-1589 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-12 | N/A |
| Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding. | ||||
| CVE-2014-2181 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | N/A |
| Cisco Adaptive Security Appliance (ASA) Software allows remote authenticated users to read files by sending a crafted URL to the HTTP server, as demonstrated by reading the running configuration, aka Bug ID CSCun78551. | ||||
| CVE-2014-2685 | 1 Zend | 2 Zend Framework, Zendopenid | 2025-04-12 | N/A |
| The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | ||||
| CVE-2014-4425 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation. | ||||
| CVE-2014-6626 | 1 Arubanetworks | 1 Clearpass | 2025-04-12 | N/A |
| Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions, which allows remote attackers to bypass authentication and execute administrative actions via unknown vectors. | ||||
| CVE-2014-7193 | 1 Sideway | 1 Hapi Crumb | 2025-04-12 | N/A |
| The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web site that is visited by an application consumer. | ||||
| CVE-2014-8827 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen. | ||||
| CVE-2014-9901 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android internal bug 28670333 and Qualcomm internal bug CR548711. | ||||
| CVE-2015-0531 | 1 Emc | 1 Sourceone Email Management | 2025-04-12 | N/A |
| EMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | ||||
| CVE-2015-0926 | 1 Labtech Software | 1 Labtech | 2025-04-12 | N/A |
| Labtech before 100.237 on Linux uses world-writable permissions for root-executed scripts, which allows local users to gain privileges by modifying a script file. | ||||
| CVE-2015-1115 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app. | ||||
| CVE-2015-1000010 | 1 Simple-image-manipulator Project | 1 Simple-image-manipulator | 2025-04-12 | N/A |
| Remote file download in simple-image-manipulator v1.0 wordpress plugin | ||||
| CVE-2015-1486 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | N/A |
| The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session. | ||||
| CVE-2015-1631 | 1 Microsoft | 1 Exchange Server | 2025-04-12 | N/A |
| Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting organizers via unspecified vectors, aka "Exchange Forged Meeting Request Spoofing Vulnerability." | ||||
| CVE-2015-1959 | 1 Ibm | 1 Tivoli Directory Server | 2025-04-12 | N/A |
| IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not properly restrict encrypted files, which allows local users to obtain sensitive information or possibly have unspecified other impact via a (1) download or (2) upload action. | ||||
| CVE-2015-2008 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | N/A |
| IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.6 includes SSH private keys during backup operations, which allows remote authenticated administrators to obtain sensitive information by reading a backup archive. | ||||
| CVE-2015-2033 | 1 Infoblox | 1 Netmri | 2025-04-12 | N/A |
| Anyterm Daemon in Infoblox Network Automation NetMRI before NETMRI-23483 allows remote attackers to execute arbitrary commands with root privileges via a crafted terminal/anyterm-module request. | ||||