Export limit exceeded: 363437 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (2330 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-3734 1 Redhat 1 Jboss Application Server 2025-04-20 N/A
The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive information by leveraging failure to use SSL or (2) attackers to obtain sensitive information by reading the HTML source code. NOTE: the vendor says that this does not cross a trust boundary and that it is recommended best-practice that SSL is configured for the administrative console
CVE-2015-7331 1 Puppetlabs 1 Mcollective-puppet-agent 2025-04-20 N/A
The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument.
CVE-2015-6473 1 Wago 4 750-849, 750-849 Firmware, 758-870 and 1 more 2025-04-20 N/A
WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation.
CVE-2017-0774 1 Google 1 Android 2025-04-20 N/A
A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62673844.
CVE-2016-7541 1 Fortinet 1 Fortios 2025-04-20 N/A
Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected.
CVE-2015-6498 1 Alcatel-lucent 1 Home Device Manager 2025-04-20 N/A
Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 allows remote attackers to spoof and make calls as target devices.
CVE-2016-10321 1 Web2py 1 Web2py 2025-04-20 N/A
web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks.
CVE-2016-10185 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2025-04-20 7.5 High
An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnpd.conf.
CVE-2016-3704 3 Fedoraproject, Pulpproject, Redhat 4 Fedora, Pulp, Satellite and 1 more 2025-04-20 N/A
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.
CVE-2015-3170 1 Selinux Project 1 Selinux 2025-04-20 N/A
selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial of service (SSH login prevention) by creating a hardlink to /etc/passwd from a directory named .config, and updating selinux-policy.
CVE-2017-6039 1 Phoenixbroadband 2 Poweragent Sc3 Bms, Poweragent Sc3 Bms Firmware 2025-04-20 N/A
A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. Use of a hard-coded password may allow unauthorized access to the device.
CVE-2015-8556 1 Qemu 1 Qemu 2025-04-20 N/A
Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.
CVE-2016-10336 1 Google 1 Android 2025-04-20 N/A
In all Android releases from CAF using the Linux kernel, some regions of memory were not protected during boot.
CVE-2014-9907 1 Imagemagick 1 Imagemagick 2025-04-20 6.5 Medium
coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file.
CVE-2016-5070 1 Sierrawireless 2 Aleos Firmware, Gx 440 2025-04-20 N/A
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.
CVE-2016-5066 1 Sierrawireless 2 Aleos Firmware, Gx 440 2025-04-20 N/A
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.
CVE-2016-5898 1 Ibm 1 Jazz Reporting Service 2025-04-20 N/A
IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. By sending a direct request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2015-6472 1 Wago 6 750-849, 750-849 Firmware, 750-881 and 3 more 2025-04-20 N/A
WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management.
CVE-2016-10401 1 Zyxel 2 Pk5001z, Pk5001z Firmware 2025-04-20 N/A
ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices).
CVE-2016-4689 1 Apple 1 Iphone Os 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Mail" component, which does not alert the user to an S/MIME email signature that used a revoked certificate.