Export limit exceeded: 12804 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12804 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-1000156 1 Mailcwp Project 1 Mailcwp 2025-04-12 N/A
Mailcwp remote file upload vulnerability incomplete fix v1.100
CVE-2016-0922 1 Emc 1 Vipr Srm 2025-04-12 N/A
EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack.
CVE-2013-3977 1 Ibm 1 Sametime 2025-04-12 N/A
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names.
CVE-2016-0323 1 Ibm 1 Bluemix 2025-04-12 N/A
The Auto-Scaling agent in Liberty for Java in IBM Bluemix before 2.7-20160321-1358 allows remote authenticated users to disable X.509 certificate validation, and consequently bypass an intended HTTPS trust-management feature, via unspecified vectors.
CVE-2016-0319 1 Ibm 1 Jazz Reporting Service 2025-04-12 N/A
The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2016-0315 1 Ibm 1 Jazz Reporting Service 2025-04-12 N/A
The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 maintain session ID validity after a logout action, which allows remote authenticated users to hijack sessions by leveraging an unattended workstation.
CVE-2016-0760 1 Apache 1 Sentry 2025-04-12 N/A
Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions.
CVE-2015-5861 1 Apple 1 Iphone Os 2025-04-12 N/A
SpringBoard in Apple iOS before 9 allows physically proximate attackers to bypass a lock-screen preview-disabled setting, and reply to an audio message, via unspecified vectors.
CVE-2016-0731 1 Apache 1 Ambari 2025-04-12 N/A
The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration.
CVE-2015-4526 1 Emc 1 Recoverpoint For Virtual Machines 2025-04-12 N/A
EMC RecoverPoint for Virtual Machines (VMs) 4.2 allows local users to obtain root-shell access by bypassing the Installation Manager Boxmgmt CLI interface.
CVE-2016-0391 1 Ibm 2 Bluemix, Watson Developer Cloud 2025-04-12 N/A
The IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random numbers for service-instance credentials, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
CVE-2015-1464 2 Bestpractical, Fedoraproject 2 Request Tracker, Fedora 2025-04-12 N/A
RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL.
CVE-2016-0318 1 Ibm 1 Jazz Reporting Service 2025-04-12 N/A
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation.
CVE-2015-1376 1 Pixabay Images Project 1 Pixabay Images 2025-04-12 N/A
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.
CVE-2016-6958 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more 2025-04-12 N/A
Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to bypass intended access restrictions via unspecified vectors.
CVE-2016-2014 1 Hp 1 Network Node Manager I 2025-04-12 N/A
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.
CVE-2016-4911 1 Keystone 1 Openstack Identity 2025-04-12 4.3 Medium
The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.
CVE-2016-0317 1 Ibm 1 Jazz Reporting Service 2025-04-12 N/A
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
CVE-2016-0289 1 Ibm 1 Maximo Asset Management 2025-04-12 N/A
shiprec.xml in the SHIPREC application in IBM Maximo Asset Management 7.1 and 7.5 before 7.5.0.10 and 7.6 before 7.6.0.4 allows remote authenticated users to bypass intended item-selection restrictions via unspecified vectors.
CVE-2016-0277 1 Ibm 1 Domino 2025-04-12 N/A
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0278, CVE-2016-0279, and CVE-2016-0301.