Export limit exceeded: 14231 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10818 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10818 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-2048 | 1 Djangoproject | 1 Django | 2025-04-12 | N/A |
| Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission. | ||||
| CVE-2016-1402 | 1 Cisco | 2 Identity Services Engine, Identity Services Engine Software | 2025-04-12 | N/A |
| The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815. | ||||
| CVE-2016-1406 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2025-04-12 | N/A |
| The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409. | ||||
| CVE-2016-1427 | 1 Cisco | 1 Prime Network Registrar | 2025-04-12 | N/A |
| The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694. | ||||
| CVE-2016-1474 | 1 Cisco | 1 Prime Infrastructure | 2025-04-12 | N/A |
| Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuw65846, a different vulnerability than CVE-2015-6434. | ||||
| CVE-2016-1492 | 1 Lenovo | 1 Shareit | 2025-04-12 | N/A |
| The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area. | ||||
| CVE-2016-1543 | 1 Bmc | 1 Bladelogic Server Automation Console | 2025-04-12 | N/A |
| The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after an authorization failure. | ||||
| CVE-2016-4911 | 1 Keystone | 1 Openstack Identity | 2025-04-12 | 4.3 Medium |
| The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token. | ||||
| CVE-2012-5032 | 1 Cisco | 1 Ios | 2025-04-12 | N/A |
| The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN traffic to an attacker-controlled destination, or the discarding of this traffic, by arranging for an arbitrary device to become a cluster member, aka Bug ID CSCub93641. | ||||
| CVE-2012-6452 | 1 Axway | 2 Email Firewall, Secure Messenger | 2025-04-12 | N/A |
| Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote attackers to enumerate users via a series of requests. | ||||
| CVE-2013-2756 | 2 Apache, Citrix | 2 Cloudstack, Cloudplatform | 2025-04-12 | N/A |
| Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code. | ||||
| CVE-2013-4552 | 1 Drupalauth Project | 1 Drupalauth | 2025-04-12 | N/A |
| lib/Auth/Source/External.php in the drupalauth module before 1.2.2 for simpleSAMLphp allows remote attackers to authenticate as an arbitrary user via the user name (uid) in a cookie. | ||||
| CVE-2013-4580 | 1 Gitlab | 1 Gitlab | 2025-04-12 | N/A |
| GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls. | ||||
| CVE-2016-4860 | 1 Yokogawa | 1 Stardom Fcn\/fcj | 2025-04-12 | N/A |
| Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic Designer connections, which allows remote attackers to reconfigure the device or cause a denial of service via a (1) stop application program, (2) change value, or (3) modify application command. | ||||
| CVE-2013-4594 | 1 Payment For Webform Project | 1 Payment For Webform | 2025-04-12 | N/A |
| The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment. | ||||
| CVE-2013-4793 | 1 Umbraco | 1 Umbraco Cms | 2025-04-12 | N/A |
| The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request. | ||||
| CVE-2016-3925 | 1 Google | 1 Android | 2025-04-12 | N/A |
| server/wifi/anqp/ANQPFactory.java in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows attackers to cause a denial of service (blocked Wi-Fi usage) via a crafted application, aka internal bug 30230534. | ||||
| CVE-2016-3923 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The Accessibility services in Android 7.0 before 2016-10-01 mishandle motion events, which allows attackers to conduct touchjacking attacks and consequently gain privileges via a crafted application, aka internal bug 30647115. | ||||
| CVE-2013-6470 | 1 Redhat | 1 Openstack | 2025-04-12 | N/A |
| The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid. | ||||
| CVE-2016-3899 | 1 Google | 1 Android | 2025-04-12 | N/A |
| OMXCodec.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not validate a certain pointer, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29421811. | ||||