Export limit exceeded: 12585 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12585 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-4501 1 Envirosys 1 Esc 8832 Data Controller 2025-04-12 N/A
Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors.
CVE-2015-4034 1 Samsung 1 Galaxy S5 2025-04-12 N/A
The createFromParcel method in the com.absolute.android.persistence.MethodSpec class in Samsung Galaxy S5s allows remote attackers to execute arbitrary files via a crafted Parcelable object in a serialized MethodSpec object.
CVE-2016-4495 1 Kmc Controls 2 Bac-5051e, Bac-5051e Firmware 2025-04-12 N/A
KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow remote attackers to bypass intended access restrictions and read a configuration file via unspecified vectors.
CVE-2015-3971 1 Janitza 5 Umg 508, Umg 509, Umg 511 and 2 more 2025-04-12 N/A
The debug interface on Janitza UMG 508, 509, 511, 604, and 605 devices does not require authentication, which allows remote attackers to read or write to files, or execute arbitrary JASIC code, via a session on TCP port 1239.
CVE-2015-3806 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 N/A
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file.
CVE-2016-4373 1 Hp 1 Operations Manager 2025-04-12 N/A
The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
CVE-2016-9157 1 Siemens 1 Sicam Pas\/pqs 2025-04-12 9.8 Critical
A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by sending specially crafted packets to port 19234/TCP.
CVE-2016-3882 1 Google 1 Android 2025-04-12 N/A
Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-Fi in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (reboot) via an access point that provides a crafted (1) Venue Group or (2) Venue Type value, aka internal bug 29464811.
CVE-2016-9156 1 Siemens 1 Sicam Pas\/pqs 2025-04-12 7.3 High
A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted packets to port 19235/TCP.
CVE-2016-7165 1 Siemens 18 Primary Setup Tool, Security Configuration Tool, Simatic It Production Suite and 15 more 2025-04-12 N/A
A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 V5.X (All versions < V5.5 SP4 HF11), SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced (All versions < V14), SIMATIC WinCC (TIA Portal) Professional V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) Professional V14 (All versions < V14 SP1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1), SIMATIC WinCC V7.0 SP2 and earlier versions (All versions < V7.0 SP2 Upd 12), SIMATIC WinCC V7.0 SP3 (All versions < V7.0 SP3 Upd 8), SIMATIC WinCC V7.2 (All versions < V7.2 Upd 14), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 11), SIMATIC WinCC V7.4 (All versions < V7.4 SP1), SIMIT V9.0 (All versions < V9.0 SP1), SINEMA Remote Connect Client (All versions < V1.0 SP3), SINEMA Server (All versions < V13 SP2), SOFTNET Security Client V5.0 (All versions), Security Configuration Tool (SCT) (All versions < V4.3 HF1), TeleControl Server Basic (All versions < V3.0 SP2), WinAC RTX 2010 SP2 (All versions), WinAC RTX F 2010 SP2 (All versions). Unquoted service paths could allow local Microsoft Windows operating system users to escalate their privileges if the affected products are not installed under their default path ("C:\Program Files\*" or the localized equivalent).
CVE-2015-3775 1 Apple 1 Mac Os X 2025-04-12 N/A
Apple OS X before 10.10.5 does not properly implement authentication, which allows local users to obtain admin privileges via unspecified vectors.
CVE-2016-1200 1 Lockon 1 Ec-cube 2025-04-12 N/A
The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199.
CVE-2015-2978 1 Webservice-dic 1 Yoyaku 2025-04-12 N/A
Webservice-DIC yoyaku_v41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an "unintentional reservation."
CVE-2016-3923 1 Google 1 Android 2025-04-12 N/A
The Accessibility services in Android 7.0 before 2016-10-01 mishandle motion events, which allows attackers to conduct touchjacking attacks and consequently gain privileges via a crafted application, aka internal bug 30647115.
CVE-2016-4322 1 Bmc 1 Bladelogic Server Automation Console 2025-04-12 N/A
BMC BladeLogic Server Automation (BSA) before 8.7 Patch 3 allows remote attackers to bypass authentication and consequently read arbitrary files or possibly have unspecified other impact by leveraging a "logic flaw" in the authentication process.
CVE-2013-6117 1 Dahuasecurity 1 Dvr Firmware 2025-04-12 N/A
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.
CVE-2016-9938 1 Digium 2 Asterisk, Certified Asterisk 2025-04-12 N/A
An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as Contact\x01: will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication. If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you.
CVE-2015-2959 1 Zohocorp 1 Manageengine Netflow Analyzer 2025-04-12 N/A
Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role.
CVE-2016-4451 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Foreman 2025-04-12 N/A
The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organization by leveraging knowledge of the id of that organization.
CVE-2015-2952 1 Igreks 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem 2025-04-12 N/A
The user-information management functionality in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote authenticated users to bypass intended access restrictions and modify administrative credentials via unspecified vectors, a different vulnerability than CVE-2015-2953 and CVE-2015-2958.