Export limit exceeded: 12804 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12804 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-9877 2 Broadcom, Pivotal Software 2 Rabbitmq Server, Rabbitmq 2025-04-12 N/A
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.
CVE-2014-7905 1 Google 1 Chrome 2025-04-12 N/A
Google Chrome before 39.0.2171.65 on Android does not prevent navigation to a URL in cases where an intent for the URL lacks CATEGORY_BROWSABLE, which allows remote attackers to bypass intended access restrictions via a crafted web site.
CVE-2014-2955 1 Raritan 2 Dpxr20a-16, Px 2025-04-12 N/A
Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
CVE-2014-9045 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
The FTP backend in user_external in ownCloud Server before 5.0.18 and 6.x before 6.0.6 allows remote attackers to bypass intended authentication requirements via a crafted password.
CVE-2015-6480 1 Moxa 1 Oncell Central Manager 2025-04-12 N/A
The MessageBrokerServlet servlet in Moxa OnCell Central Manager before 2.2 does not require authentication, which allows remote attackers to obtain administrative access via a command, as demonstrated by the addUserAndGroup action.
CVE-2015-1541 1 Google 1 Android 2025-04-12 N/A
The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a (1) FLAG_GRANT_READ_URI_PERMISSION or (2) FLAG_GRANT_WRITE_URI_PERMISSION flag, as demonstrated by bypassing intended restrictions on reading contacts, aka internal bug 19618745.
CVE-2016-8288 2 Oracle, Redhat 2 Mysql, Rhel Software Collections 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.
CVE-2016-3738 1 Redhat 1 Openshift 2025-04-12 N/A
Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod.
CVE-2016-1842 1 Apple 3 Iphone Os, Mac Os X, Watchos 2025-04-12 N/A
MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.
CVE-2016-3366 1 Microsoft 1 Outlook 2025-04-12 N/A
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, Outlook 2016, and Outlook 2016 for Mac do not properly implement RFC 2046, which allows remote attackers to bypass virus or spam detection via crafted MIME data in an e-mail attachment, aka "Microsoft Office Spoofing Vulnerability."
CVE-2015-0141 1 Ibm 1 Openpages Grc Platform 2025-04-12 N/A
IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to modify arbitrary user filters via a JSON request.
CVE-2015-1814 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 N/A
The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users.
CVE-2014-8912 1 Ibm 1 Websphere Portal 2025-04-12 N/A
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by configuration information.
CVE-2016-1040 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more 2025-04-12 N/A
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1041, CVE-2016-1042, CVE-2016-1044, CVE-2016-1062, and CVE-2016-1117.
CVE-2014-6387 1 Mantisbt 1 Mantisbt 2025-04-12 N/A
gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind.
CVE-2015-0297 1 Redhat 1 Jboss Operations Network 2025-04-12 N/A
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.
CVE-2015-6933 1 Vmware 4 Esxi, Fusion, Player and 1 more 2025-04-12 N/A
The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 allows Windows guest OS users to gain guest OS privileges or cause a denial of service (guest OS kernel memory corruption) via unspecified vectors.
CVE-2016-9951 1 Apport Project 1 Apport 2025-04-12 N/A
An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK.
CVE-2015-7369 1 Revive-adserver 1 Revive Adserver 2025-04-12 N/A
The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via unspecified vectors.
CVE-2015-7545 4 Canonical, Git Project, Opensuse and 1 more 6 Ubuntu Linux, Git, Opensuse and 3 more 2025-04-12 N/A
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.