Export limit exceeded: 11725 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11725 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-0340 | 1 Ibm | 1 Security Identity Manager Adapter | 2025-04-12 | N/A |
| IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session expiration, which allows remote attackers to hijack sessions by leveraging an unattended workstation. | ||||
| CVE-2016-0349 | 1 Ibm | 1 Business Process Manager | 2025-04-12 | N/A |
| IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call. | ||||
| CVE-2016-0357 | 1 Ibm | 1 Security Identity Manager Adapter | 2025-04-12 | N/A |
| IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows remote attackers to conduct clickjacking attacks via a crafted web site. | ||||
| CVE-2014-2828 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2025-04-12 | N/A |
| The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining." | ||||
| CVE-2016-0391 | 1 Ibm | 2 Bluemix, Watson Developer Cloud | 2025-04-12 | N/A |
| The IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random numbers for service-instance credentials, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | ||||
| CVE-2016-0392 | 1 Ibm | 2 Elastic Storage Server, General Parallel File System Storage Server | 2025-04-12 | N/A |
| IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Storage Server 2.5.x through 2.5.5, 3.x before 3.5.5, and 4.x before 4.0.3, as distributed in Spectrum Scale RAID, allows local users to gain privileges via a crafted parameter to a setuid program. | ||||
| CVE-2016-1000031 | 1 Apache | 1 Commons Fileupload | 2025-04-12 | N/A |
| Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution | ||||
| CVE-2016-5650 | 1 Zmodo | 2 Zp-ibh-13w, Zp-ne-14-s | 2025-04-12 | N/A |
| ZModo ZP-NE14-S and ZP-IBH-13W devices do not enforce a WPA2 configuration setting, which allows remote attackers to trigger association with an arbitrary access point by using a recognized SSID value. | ||||
| CVE-2012-5032 | 1 Cisco | 1 Ios | 2025-04-12 | N/A |
| The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN traffic to an attacker-controlled destination, or the discarding of this traffic, by arranging for an arbitrary device to become a cluster member, aka Bug ID CSCub93641. | ||||
| CVE-2012-6452 | 1 Axway | 2 Email Firewall, Secure Messenger | 2025-04-12 | N/A |
| Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote attackers to enumerate users via a series of requests. | ||||
| CVE-2013-3046 | 1 Ibm | 1 Sametime | 2025-04-12 | N/A |
| The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests. | ||||
| CVE-2013-3092 | 1 Belkin | 2 N300, N300 Firmware | 2025-04-12 | N/A |
| The Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication and gain privileges via vectors related to incorrect validation of the HTTP Authorization header. | ||||
| CVE-2013-4471 | 1 Openstack | 1 Horizon | 2025-04-12 | N/A |
| The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user. | ||||
| CVE-2013-5704 | 5 Apache, Apple, Canonical and 2 more | 17 Http Server, Mac Os X, Mac Os X Server and 14 more | 2025-04-12 | N/A |
| The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such." | ||||
| CVE-2013-7061 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API. | ||||
| CVE-2014-0743 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468. | ||||
| CVE-2014-0973 | 1 Little Kernel Project | 1 Little Kernel Bootloader | 2025-04-12 | N/A |
| The image_verify function in platform/msm_shared/image_verify.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with the RSA_public_decrypt API specification, which makes it easier for attackers to bypass boot-image authentication requirements via trailing data. | ||||
| CVE-2014-1517 | 2 Fedoraproject, Mozilla | 2 Fedora, Bugzilla | 2025-04-12 | N/A |
| The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then submit a vulnerability report, related to a "login CSRF" issue. | ||||
| CVE-2014-1589 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-12 | N/A |
| Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding. | ||||
| CVE-2014-1682 | 2 Fedoraproject, Zabbix | 2 Fedora, Zabbix | 2025-04-12 | N/A |
| The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request. | ||||