Export limit exceeded: 12841 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12841 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-3880 1 Cisco 1 Webex Meetings Server 2025-04-20 N/A
An Authentication Bypass vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access limited meeting information on the Cisco WebEx Meetings Server. More Information: CSCvd50728. Known Affected Releases: 2.6 2.7 2.8 CWMS-2.5MR1 Orion1.1.2.patch T29_orion_merge.
CVE-2015-3295 1 Markdown-it Project 1 Markdown-it 2025-04-20 N/A
markdown-it before 4.1.0 does not block data: URLs.
CVE-2015-3442 1 Soreco 1 Xpert.line 2025-04-20 N/A
Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call.
CVE-2017-7450 1 Airtame 2 Hdmi Dongle, Hdmi Dongle Firmware 2025-04-20 N/A
AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated access to a big part of the management interface. It is possible to extract all information including the Wi-Fi password, reboot, or force a software update at an arbitrary time.
CVE-2015-4624 1 Hak5 2 Wi-fi Pineapple, Wi-fi Pineapple Firmware 2025-04-20 N/A
Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.
CVE-2017-14602 1 Citrix 2 Application Delivery Controller Firmware, Netscaler Gateway Firmware 2025-04-20 N/A
A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance.
CVE-2017-14623 1 Go-ldap Project 1 Ldap 2025-04-20 8.1 High
In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go, an attacker may be able to login with an empty password. This issue affects an application using this package if these conditions are met: (1) it relies only on the return error of the Bind function call to determine whether a user is authorized (i.e., a nil return value is interpreted as successful authorization) and (2) it is used with an LDAP server allowing unauthenticated bind.
CVE-2017-14766 1 Saadamin 1 Simple Student Result 2025-04-20 N/A
The Simple Student Result plugin before 1.6.4 for WordPress has an Authentication Bypass vulnerability because the fn_ssr_add_st_submit() function and fn_ssr_del_st_submit() function in functions.php only require knowing the student id number.
CVE-2017-5619 1 Zammad 1 Zammad 2025-04-20 N/A
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attackers can login with the hashed password itself (e.g., from the DB) instead of the valid password string.
CVE-2017-5640 1 Apache 1 Impala 2025-04-20 N/A
It was noticed that a malicious process impersonating an Impala daemon in Apache Impala (incubating) 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled (but TLS is not). If the malicious server responds with 'COMPLETE' before the SASL handshake has completed, the client will consider the handshake as completed even though no exchange of credentials has happened.
CVE-2014-9945 1 Google 1 Android 2025-04-20 N/A
In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.
CVE-2014-9961 1 Google 1 Android 2025-04-20 N/A
In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection.
CVE-2014-9950 1 Google 1 Android 2025-04-20 N/A
In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.
CVE-2015-7315 1 Plone 1 Plone 2025-04-20 N/A
Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.
CVE-2015-7317 2 Kupu Project, Plone 2 Kupu, Plone 2025-04-20 N/A
Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings.
CVE-2015-0110 1 Ibm 2 Business Process Manager, Websphere Application Server 2025-04-20 N/A
IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL.
CVE-2015-8139 1 Ntp 1 Ntp 2025-04-20 N/A
ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.
CVE-2015-8140 1 Ntp 1 Ntp 2025-04-20 N/A
The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.
CVE-2015-8275 1 Eparaksts 2 Edoc-libraries, Eparakstitajs 3 2025-04-20 N/A
LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to write to arbitrary files via crafted EDOC files.
CVE-2015-8284 1 Seawell Networks 1 Spectrum Sdc 2025-04-20 N/A
SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions.