Search Results (12651 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-3818 1 Google 1 Android 2025-04-12 N/A
libc in Android 4.x before 4.4.4 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28740702.
CVE-2015-3185 4 Apache, Apple, Canonical and 1 more 8 Http Server, Mac Os X, Mac Os X Server and 5 more 2025-04-12 N/A
The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.
CVE-2016-3838 1 Google 1 Android 2025-04-12 N/A
Android 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of locked-screen 911 functionality) via a crafted application that uses the app-pinning feature, aka internal bug 28761672.
CVE-2016-2929 1 Ibm 1 Bigfix Remote Control 2025-04-12 N/A
IBM BigFix Remote Control before 9.1.3 does not properly restrict password choices, which makes it easier for remote attackers to obtain access via a brute-force approach.
CVE-2015-0667 1 Cisco 2 Content Services Switch 11500, Content Services Switch 11500 Firmware 2025-04-12 N/A
The Management Interface on Cisco Content Services Switch (CSS) 11500 devices 8.20.4.02 and earlier allows remote attackers to bypass intended restrictions on local-network device access via crafted SSH packets, aka Bug ID CSCut14855.
CVE-2016-3863 1 Google 1 Android 2025-04-12 N/A
Multiple stack-based buffer overflows in the AVCC reassembly implementation in Utils.cpp in libstagefright in MediaMuxer in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to execute arbitrary code via a crafted media file, aka internal bug 29161888.
CVE-2015-0675 1 Cisco 1 Adaptive Security Appliance Software 2025-04-12 N/A
The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(6), 9.2 before 9.2(3.3), and 9.3 before 9.3(3) does not properly validate failover communication messages, which allows remote attackers to reconfigure an ASA device, and consequently obtain administrative control, by sending crafted UDP packets over the local network to the failover interface, aka Bug ID CSCur21069.
CVE-2016-3878 1 Google 1 Android 2025-04-12 N/A
decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-09-01 mishandles the case of decoding zero MBs, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29493002.
CVE-2016-1044 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more 2025-04-12 N/A
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1062, and CVE-2016-1117.
CVE-2016-3884 1 Google 1 Android 2025-04-12 N/A
server/notification/NotificationManagerService.java in the Notification Manager Service in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 lacks uid checks, which allows attackers to bypass intended restrictions on method calls via a crafted application, aka internal bug 29421441.
CVE-2016-3925 1 Google 1 Android 2025-04-12 N/A
server/wifi/anqp/ANQPFactory.java in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows attackers to cause a denial of service (blocked Wi-Fi usage) via a crafted application, aka internal bug 30230534.
CVE-2015-1937 1 Ibm 1 Powervc 2025-04-12 N/A
IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017.
CVE-2015-1631 1 Microsoft 1 Exchange Server 2025-04-12 N/A
Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting organizers via unspecified vectors, aka "Exchange Forged Meeting Request Spoofing Vulnerability."
CVE-2016-10082 1 S9y 1 Serendipity 2025-04-12 N/A
include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file.
CVE-2016-10084 1 Piwigo 1 Piwigo 2025-04-12 N/A
admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter).
CVE-2016-10085 1 Piwigo 1 Piwigo 2025-04-12 N/A
admin/languages.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the tab parameter.
CVE-2016-1042 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more 2025-04-12 N/A
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1044, CVE-2016-1062, and CVE-2016-1117.
CVE-2016-7247 1 Microsoft 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more 2025-04-12 N/A
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow physically proximate attackers to bypass the Secure Boot protection mechanism via a crafted boot policy, aka "Secure Boot Component Vulnerability."
CVE-2016-1000214 1 Ruckus 1 Wireless H500 2025-04-12 N/A
Ruckus Wireless H500 web management interface authentication bypass
CVE-2015-2172 1 Dokuwiki 1 Dokuwiki 2025-04-12 N/A
DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API.