Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (7835 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5013 | 1 Ibm | 6 Security Access Manager 9.0, Security Access Manager 9.0 Firmware, Security Access Manager For Mobile and 3 more | 2025-04-20 | 5.5 Medium |
| The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access. | ||||
| CVE-2016-1255 | 2 Canonical, Debian | 3 Ubuntu Linux, Debian Linux, Postgresql-common | 2025-04-20 | N/A |
| The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql. | ||||
| CVE-2017-5983 | 1 Atlassian | 1 Jira | 2025-04-20 | N/A |
| The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object. | ||||
| CVE-2017-6139 | 1 F5 | 1 Big-ip Access Policy Manager | 2025-04-20 | N/A |
| In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk. | ||||
| CVE-2015-6941 | 1 Saltstack | 1 Salt 2015 | 2025-04-20 | N/A |
| win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs. | ||||
| CVE-2015-7724 | 1 Amd | 1 Fglrx-driver | 2025-04-20 | N/A |
| AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. NOTE: This vulnerability exists due to an incomplete fix for CVE-2015-7723. | ||||
| CVE-2015-7723 | 1 Amd | 1 Fglrx-driver | 2025-04-20 | N/A |
| AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. | ||||
| CVE-2016-3108 | 2 Pulpproject, Redhat | 3 Pulp, Satellite, Satellite Capsule | 2025-04-20 | N/A |
| The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack. | ||||
| CVE-2016-4679 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libarchive" component, which allows remote attackers to write to arbitrary files via a crafted archive containing a symlink. | ||||
| CVE-2017-1196 | 1 Ibm | 1 Bigfix Security Compliance Analytics | 2025-04-20 | N/A |
| IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123671. | ||||
| CVE-2017-1207 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2025-04-20 | N/A |
| IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777. | ||||
| CVE-2017-12079 | 1 Synology | 1 Photo Station | 2025-04-20 | N/A |
| Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field. | ||||
| CVE-2017-1221 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | N/A |
| IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123861. | ||||
| CVE-2017-12612 | 1 Apache | 1 Spark | 2025-04-20 | N/A |
| In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to arbitrary code execution by an attacker with access to any user account on the local machine. It does not affect apps run by spark-submit or spark-shell. The attacker would be able to execute code as the user that ran the Spark application. Users are encouraged to update to version 2.2.0 or later. | ||||
| CVE-2017-12634 | 2 Apache, Redhat | 3 Camel, Jboss Amq, Jboss Fuse | 2025-04-20 | N/A |
| The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws. | ||||
| CVE-2017-12796 | 1 Openmrs | 1 Openmrs | 2025-04-20 | N/A |
| The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users are able to execute operating system commands by crafting malicious XML payloads, as demonstrated by a single admin/reports/reportSchemaXml.form request. | ||||
| CVE-2017-1308 | 1 Ibm | 1 Daeja Viewone | 2025-04-20 | N/A |
| IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force ID: 125462. | ||||
| CVE-2017-1362 | 1 Ibm | 1 Security Identity Manager | 2025-04-20 | N/A |
| IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801. | ||||
| CVE-2017-13771 | 1 Lexmark | 1 Scan To Network | 2025-04-20 | N/A |
| Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet. | ||||
| CVE-2017-1386 | 1 Ibm | 2 Api Connect, Api Management | 2025-04-20 | N/A |
| IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160. | ||||