Export limit exceeded: 10887 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10887 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-8319 | 1 Oracle | 1 Flexcube Investor Servicing | 2025-04-20 | N/A |
| Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Investor Servicing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts). | ||||
| CVE-2016-4800 | 2 Eclipse, Microsoft | 2 Jetty, Windows | 2025-04-20 | N/A |
| The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes. | ||||
| CVE-2016-9815 | 1 Xen | 1 Xen | 2025-04-20 | N/A |
| Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort. | ||||
| CVE-2016-9818 | 1 Xen | 1 Xen | 2025-04-20 | N/A |
| Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP. | ||||
| CVE-2017-1000068 | 1 Betterment | 1 Testtrack | 2025-04-20 | 7.5 High |
| TestTrack Server versions 1.0 and earlier are vulnerable to an authentication flaw in the split disablement feature resulting in the ability to disable arbitrary running splits and cause denial of service to clients in the field. | ||||
| CVE-2017-12154 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2025-04-20 | N/A |
| The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register. | ||||
| CVE-2015-8008 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2025-04-20 | N/A |
| The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token. | ||||
| CVE-2017-12229 | 1 Cisco | 1 Ios Xe | 2025-04-20 | N/A |
| A vulnerability in the REST API of the web-based user interface (web UI) of Cisco IOS XE 3.1 through 16.5 could allow an unauthenticated, remote attacker to bypass authentication to the REST API of the web UI of the affected software. The vulnerability is due to insufficient input validation for the REST API of the affected software. An attacker could exploit this vulnerability by sending a malicious API request to an affected device. A successful exploit could allow the attacker to bypass authentication and gain access to the web UI of the affected software. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the HTTP Server feature is enabled for the device. The newly redesigned, web-based administration UI was introduced in the Denali 16.2 Release of Cisco IOS XE Software. This vulnerability does not affect the web-based administration UI in earlier releases of Cisco IOS XE Software. Cisco Bug IDs: CSCuz46036. | ||||
| CVE-2016-10042 | 1 Arcadyan | 2 Swisscom Internet-box, Swisscom Internet-box Firmware | 2025-04-20 | N/A |
| Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (aka Swisscom Internet-Box) devices before R7.7 allows unauthorized reconfiguration of the static routing table via an unauthenticated HTTP request, leading to denial of service and information disclosure. | ||||
| CVE-2013-4246 | 1 Apache | 1 Subversion | 2025-04-20 | N/A |
| libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties. | ||||
| CVE-2016-10065 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2025-04-20 | N/A |
| The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | ||||
| CVE-2016-6763 | 1 Google | 1 Android | 2025-04-20 | N/A |
| A denial of service vulnerability in Telephony could enable a local malicious application to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of local permanent denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31530456. | ||||
| CVE-2016-10309 | 1 Ceragon | 2 Fibeair Ip-10, Fibeair Ip-10 Firmware | 2025-04-20 | N/A |
| In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser. | ||||
| CVE-2017-1000089 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift | 2025-04-20 | N/A |
| Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins. | ||||
| CVE-2016-0736 | 2 Apache, Redhat | 4 Http Server, Enterprise Linux, Jboss Core Services and 1 more | 2025-04-20 | N/A |
| In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC. | ||||
| CVE-2016-10370 | 1 Oneplus | 2 Oneplus 3t, Oxygenos | 2025-04-20 | N/A |
| An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to the digital signature), it unnecessarily increases the attack surface, and allows for remote exploitation of other vulnerabilities such as CVE-2017-5948, CVE-2017-8850, and CVE-2017-8851. | ||||
| CVE-2016-10148 | 1 Wordpress | 1 Wordpress | 2025-04-20 | N/A |
| The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896. | ||||
| CVE-2017-5254 | 1 Cambiumnetworks | 4 Epmp 1000, Epmp 1000 Firmware, Epmp 2000 and 1 more | 2025-04-20 | N/A |
| In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism. | ||||
| CVE-2014-9945 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist. | ||||
| CVE-2016-8776 | 1 Huawei | 4 P9, P9 Firmware, P9 Lite and 1 more | 2025-04-20 | N/A |
| Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some functional modules without authorization and perform operations to update the Google account. | ||||