Search Results (11736 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-7898 1 Samsung 2 Galaxy S6, Samsung Mobile 2025-04-20 N/A
Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
CVE-2014-3624 1 Apache 1 Traffic Server 2025-04-20 N/A
Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT.
CVE-2015-8832 1 Dotclear 1 Dotclear 2025-04-20 N/A
Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with "manage their own media items" and "manage their own entries and comments" permissions to execute arbitrary PHP code by uploading a file with a (1) .pht, (2) .phps, or (3) .phtml extension.
CVE-2016-9468 2 Nextcloud, Owncloud 2 Nextcloud Server, Owncloud 2025-04-20 N/A
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information.
CVE-2016-10382 1 Google 1 Android 2025-04-20 N/A
In all Qualcomm products with Android releases from CAF using the Linux kernel, access control to the I2C bus is not sufficient.
CVE-2016-10369 1 Lxterminal Project 1 Lxterminal 2025-04-20 N/A
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
CVE-2016-0768 1 Postgresql 1 Postgresql 2025-04-20 N/A
PostgreSQL PL/Java after 9.0 does not honor access controls on large objects.
CVE-2016-10309 1 Ceragon 2 Fibeair Ip-10, Fibeair Ip-10 Firmware 2025-04-20 N/A
In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser.
CVE-2016-10334 1 Google 1 Android 2025-04-20 N/A
In all Android releases from CAF using the Linux kernel, a dynamically-protected DDR region could potentially get overwritten.
CVE-2014-9830 1 Imagemagick 1 Imagemagick 2025-04-20 8.8 High
coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file.
CVE-2017-10796 1 Tp-link 2 Nc250, Nc250 Firmware 2025-04-20 6.5 Medium
On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL.
CVE-2017-14243 1 Utstar 2 Wa3002g4, Wa3002g4 Firmware 2025-04-20 N/A
An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows attackers to directly access administrative settings and obtain cleartext credentials from HTML source, as demonstrated by info.cgi, upload.cgi, backupsettings.cgi, pppoe.cgi, resetrouter.cgi, and password.cgi.
CVE-2016-7144 1 Unrealircd 1 Unrealircd 2025-04-20 N/A
The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
CVE-2015-2800 1 Huawei 14 Campus S5300, Campus S5700, Campus S6300 and 11 more 2025-04-20 N/A
The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restart) via vectors involving authentication, which trigger an array access violation.
CVE-2016-7145 1 Nefarious2 Project 1 Nefarious2 2025-04-20 N/A
The m_authenticate function in ircd/m_authenticate.c in nefarious2 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
CVE-2017-6016 1 Leao Consultoria E Desenvolvimento De Sistemas 1 Ltda Me Laquis Scada 2025-04-20 N/A
An Improper Access Control issue was discovered in LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA. The following versions are affected: Versions 4.1 and prior versions released before January 20, 2017. An Improper Access Control vulnerability has been identified, which may allow an authenticated user to modify application files to escalate privileges.
CVE-2017-10622 1 Juniper 1 Junos Space 2025-04-20 N/A
An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to login as any privileged user. This issue only affects Junos Space Network Management Platform 17.1R1 without Patch v1 and 16.1 releases prior to 16.1R3. This issue was found by an external security researcher.
CVE-2017-10807 1 Jabberd2 1 Jabberd2 2025-04-20 N/A
JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.
CVE-2016-8032 1 Mcafee 1 Anti-malware Scan Engine 2025-04-20 N/A
Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file.
CVE-2016-5239 2 Imagemagick, Redhat 2 Imagemagick, Enterprise Linux 2025-04-20 N/A
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.