Export limit exceeded: 10834 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10834 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4246 | 1 Apache | 1 Subversion | 2025-04-20 | N/A |
| libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties. | ||||
| CVE-2014-4707 | 1 Huawei | 6 Campus S7700, Campus S7700 Firmware, Campus S9300 and 3 more | 2025-04-20 | N/A |
| Huawei Campus S7700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9300 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300 allow unauthorized users to upgrade the bootrom or bootload software, bypass a Menu protection mechanism, conduct a Menu compromise attack, or bypass a Menu/upgrade protection mechanism. | ||||
| CVE-2016-5551 | 1 Oracle | 1 Solaris Cluster | 2025-04-20 | N/A |
| Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). The supported version that is affected is 4.3. Easily "exploitable" vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris Cluster executes to compromise Solaris Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Solaris Cluster accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N). | ||||
| CVE-2016-6255 | 2 Debian, Libupnp Project | 2 Debian Linux, Libupnp | 2025-04-20 | N/A |
| Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler. | ||||
| CVE-2016-6143 | 1 Sap | 1 Hana | 2025-04-20 | N/A |
| SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806. | ||||
| CVE-2016-5750 | 1 Netiq | 1 Access Manager | 2025-04-20 | N/A |
| The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users. | ||||
| CVE-2016-5747 | 1 Novell | 1 Edirectory | 2025-04-20 | N/A |
| A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies. | ||||
| CVE-2016-9460 | 2 Nextcloud, Owncloud | 2 Nextcloud, Owncloud | 2025-04-20 | N/A |
| Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user. | ||||
| CVE-2016-9461 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2025-04-20 | N/A |
| Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files. | ||||
| CVE-2016-9462 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2025-04-20 | N/A |
| Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to restore old versions. | ||||
| CVE-2016-9124 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-20 | N/A |
| Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users during such attacks. A random delay has instead been introduced as a countermeasure in case of password failures, along with a system to discourage parallel brute forcing. These systems will effectively allow the valid users to log in to the adserver, even while an attack is in progress. | ||||
| CVE-2015-6023 | 1 Netcommwireless | 2 Hspa 3g10wve, Hspa 3g10wve Firmware | 2025-04-20 | N/A |
| ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request. NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands. | ||||
| CVE-2016-1502 | 1 Netapp | 1 Snapcenter Server | 2025-04-20 | N/A |
| NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors. | ||||
| CVE-2015-7887 | 1 Netapp | 1 Snapcenter Server | 2025-04-20 | N/A |
| NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups. | ||||
| CVE-2016-1908 | 4 Debian, Openbsd, Oracle and 1 more | 10 Debian Linux, Openssh, Linux and 7 more | 2025-04-20 | 9.8 Critical |
| The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server. | ||||
| CVE-2016-9467 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2025-04-20 | N/A |
| Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user. | ||||
| CVE-2015-7898 | 1 Samsung | 2 Galaxy S6, Samsung Mobile | 2025-04-20 | N/A |
| Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). | ||||
| CVE-2015-7501 | 1 Redhat | 22 Data Grid, Enterprise Linux, Jboss A-mq and 19 more | 2025-04-20 | N/A |
| Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | ||||
| CVE-2016-5714 | 1 Puppet | 2 Puppet Agent, Puppet Enterprise | 2025-04-20 | 7.2 High |
| Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability." | ||||
| CVE-2017-7486 | 2 Postgresql, Redhat | 5 Postgresql, Enterprise Linux, Network Satellite and 2 more | 2025-04-20 | N/A |
| PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server. | ||||