Search Results (12803 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-2149 1 Redhat 1 Openshift 2025-04-12 N/A
Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace.
CVE-2013-5704 5 Apache, Apple, Canonical and 2 more 17 Http Server, Mac Os X, Mac Os X Server and 14 more 2025-04-12 N/A
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."
CVE-2015-0653 1 Cisco 3 Expressway Software, Telepresence Conductor, Telepresence Video Communication Server Software 2025-04-12 N/A
The management interface in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X7.2.4, X8 before X8.1.2, and X8.2 before X8.2.2 and Cisco TelePresence Conductor before X2.3.1 and XC2.4 before XC2.4.1 allows remote attackers to bypass authentication via crafted login parameters, aka Bug IDs CSCur02680 and CSCur05556.
CVE-2016-6826 1 Huawei 1 Anyoffice Secureapp 2025-04-12 N/A
Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a denial of service (application crash) via a crafted compressed email attachment.
CVE-2016-6724 1 Google 1 Android 2025-04-12 N/A
A denial of service vulnerability in the Input Manager Service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to cause the device to continually reboot. This issue is rated as Moderate because it is a temporary denial of service that requires a factory reset to fix. Android ID: A-30568284.
CVE-2014-3053 1 Ibm 5 Security Access Manager For Mobile Appliance, Security Access Manager For Mobile Software, Security Access Manager For Web 8.0 Firmware and 2 more 2025-04-12 N/A
The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials.
CVE-2014-3552 1 Moodle 1 Moodle 2025-04-12 N/A
The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction.
CVE-2016-4963 1 Xen 1 Xen 2025-04-12 N/A
The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore.
CVE-2014-3895 1 Iodata 12 Ts-ptcam\/poe Camera, Ts-ptcam\/poe Camera Firmware, Ts-ptcam Camera and 9 more 2025-04-12 N/A
The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera with firmware 1.02 and earlier allow remote attackers to bypass authentication, and consequently obtain sensitive credential and configuration data, via unspecified vectors.
CVE-2015-8001 1 Mediawiki 1 Mediawiki 2025-04-12 N/A
The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not restrict the uploaded data to the claimed file size, which allows remote authenticated users to cause a denial of service via a chunk that exceeds the file size.
CVE-2016-5130 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site.
CVE-2014-0743 1 Cisco 1 Unified Communications Manager 2025-04-12 N/A
The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468.
CVE-2016-1770 1 Apple 1 Mac Os X 2025-04-12 N/A
The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL.
CVE-2014-8033 1 Cisco 1 Webex Meetings Server 2025-04-12 N/A
The play/modules component in Cisco WebEx Meetings Server allows remote attackers to obtain administrator access via crafted API requests, aka Bug ID CSCuj40421.
CVE-2016-4860 1 Yokogawa 1 Stardom Fcn\/fcj 2025-04-12 N/A
Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic Designer connections, which allows remote attackers to reconfigure the device or cause a denial of service via a (1) stop application program, (2) change value, or (3) modify application command.
CVE-2014-1449 1 Maxthon 1 Maxthon Cloud Browser 2025-04-12 N/A
The Maxthon Cloud Browser application before 4.1.6.2000 for Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses the history API.
CVE-2016-6714 1 Google 1 Android 2025-04-12 N/A
A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-31092462.
CVE-2016-6898 1 Huawei 1 E9000 Chassis 2025-04-12 N/A
XML external entity (XXE) vulnerability in the Hyper Management Module (HMM) in Huawei E9000 rack servers with software before V100R001C00SPC296 allows remote authenticated users to read arbitrary files or cause a denial of service (web service outage) via a crafted XML document.
CVE-2016-5534 1 Oracle 1 Siebel User Interface Framework 2025-04-12 N/A
Unspecified vulnerability in the Siebel Apps - Customer Order Management component in Oracle Siebel CRM 16.1 allows remote authenticated users to affect confidentiality via unknown vectors.
CVE-2014-8472 1 Ca 1 Cloud Service Management 2025-04-12 N/A
CA Cloud Service Management (CSM) before Summer 2014 does not properly verify authentication tokens from an Identity Provider, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors.