Export limit exceeded: 10887 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10887 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-12281 | 1 Cisco | 12 Aironet 1800 Firmware, Aironet 1830e, Aironet 1830i and 9 more | 2025-04-20 | N/A |
| A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected device. The vulnerability exists because the affected device uses an incorrect default configuration setting of fail open when running in standalone mode. An attacker could exploit this vulnerability by attempting to connect to an affected device. A successful exploit could allow the attacker to bypass authentication and connect to the affected device. This vulnerability affects Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running a vulnerable software release and use WLAN configuration settings that include FlexConnect local switching and central authentication with MAC filtering. Cisco Bug IDs: CSCvd46314. | ||||
| CVE-2017-12698 | 1 Advantech | 1 Webaccess | 2025-04-20 | N/A |
| An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests allow a possible authentication bypass that could allow remote code execution. | ||||
| CVE-2017-1000110 | 1 Jenkins | 1 Blue Ocean | 2025-04-20 | N/A |
| Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. It did not properly check the current user's authentication and authorization when configuring existing GitHub organization folders. This allowed users with read access to the GitHub organization folder to reconfigure it, including changing the GitHub API endpoint for the organization folder to an attacker-controlled server to obtain the GitHub access token, if the organization folder was initially created using Blue Ocean. | ||||
| CVE-2016-4304 | 1 Kaspersky | 1 Internet Security | 2025-04-20 | N/A |
| A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to trigger this vulnerability. | ||||
| CVE-2016-4383 | 1 Hp | 1 Helion Openstack Glance | 2025-04-20 | N/A |
| The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change. | ||||
| CVE-2016-4460 | 1 Apache | 1 Pony Mail | 2025-04-20 | N/A |
| Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication. | ||||
| CVE-2016-5054 | 1 Osram | 1 Lightify Home | 2025-04-20 | N/A |
| OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay. | ||||
| CVE-2016-5058 | 1 Osram | 1 Lightify Pro | 2025-04-20 | N/A |
| OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay. | ||||
| CVE-2016-5063 | 1 Bmc | 1 Server Automation | 2025-04-20 | N/A |
| The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors. | ||||
| CVE-2016-7032 | 2 Redhat, Todd Miller | 2 Enterprise Linux, Sudo | 2025-04-20 | N/A |
| sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function. | ||||
| CVE-2017-11151 | 1 Synology | 1 Photo Station | 2025-04-20 | N/A |
| A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action. | ||||
| CVE-2016-5414 | 1 Freeipa | 1 Freeipa | 2025-04-20 | N/A |
| FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services. | ||||
| CVE-2016-5801 | 1 Omnimetrix | 1 Omniview | 2025-04-20 | N/A |
| An issue was discovered in OmniMetrix OmniView, Version 1.2. Insufficient password requirements for the OmniView web application may allow an attacker to gain access by brute forcing account passwords. | ||||
| CVE-2016-5815 | 1 Schneider-electric | 6 Ion5000, Ion7300, Ion7500 and 3 more | 2025-04-20 | N/A |
| An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes. | ||||
| CVE-2016-5964 | 1 Ibm | 1 Security Privileged Identity Manager | 2025-04-20 | N/A |
| IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | ||||
| CVE-2017-10709 | 2 Elephone, Google | 2 P9000, Android | 2025-04-20 | N/A |
| The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess. | ||||
| CVE-2016-6336 | 1 Mediawiki | 1 Mediawiki | 2025-04-20 | N/A |
| MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete. | ||||
| CVE-2016-6342 | 2 Elog Project, Fedoraproject | 2 Elog, Fedora | 2025-04-20 | 7.5 High |
| elog 3.1.1 allows remote attackers to post data as any username in the logbook. | ||||
| CVE-2017-10622 | 1 Juniper | 1 Junos Space | 2025-04-20 | N/A |
| An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to login as any privileged user. This issue only affects Junos Space Network Management Platform 17.1R1 without Patch v1 and 16.1 releases prior to 16.1R3. This issue was found by an external security researcher. | ||||
| CVE-2016-6807 | 1 Apache | 1 Ambari | 2025-04-20 | N/A |
| Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user executing the Ambari Agent process. | ||||