Total
5468 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-5174 | 1 Sap | 1 Netweaver Business Warehouse | 2025-04-12 | N/A |
| The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2016-3218 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-12 | N/A |
| The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3221. | ||||
| CVE-2014-5246 | 1 Tenda | 2 A5s, A5s Firmware | 2025-04-12 | N/A |
| The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn. | ||||
| CVE-2016-3725 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
| Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption). | ||||
| CVE-2016-0917 | 1 Emc | 13 Vnx1 Oe Firmware, Vnx2 Oe Firmware, Vnx5200 and 10 more | 2025-04-12 | N/A |
| The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE before 8.1.9.155, and Celerra (all supported versions) does not prevent duplicate NTLM challenge-response nonces, which makes it easier for remote attackers to execute arbitrary code, or read or write to files, via a series of authentication requests, a related issue to CVE-2010-0231. | ||||
| CVE-2014-5032 | 1 Glpi-project | 1 Glpi | 2025-04-12 | N/A |
| GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar. | ||||
| CVE-2014-5284 | 1 Ossec | 1 Ossec | 2025-04-12 | N/A |
| host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before automatic IP blocking is performed. | ||||
| CVE-2014-6181 | 1 Ibm | 1 Websphere Service Registry And Repository | 2025-04-12 | N/A |
| IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 does not perform access-control checks for contained objects, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2014-6288 | 1 Alex Kellner | 1 Powermail | 2025-04-12 | N/A |
| The powermail extension 2.x before 2.0.11 for TYPO3 allows remote attackers to bypass the CAPTCHA protection mechanism via unspecified vectors. | ||||
| CVE-2014-8558 | 1 Jexperts | 1 Channel Platform | 2025-04-12 | N/A |
| JExperts Channel Platform 5.0.33_CCB allows remote authenticated users to bypass access restrictions via crafted action and key parameters. | ||||
| CVE-2014-4749 | 1 Ibm | 1 Powervc | 2025-04-12 | N/A |
| IBM PowerVC 1.2.0 before FixPack3 does not properly use the known_hosts file, which allows man-in-the-middle attackers to spoof SSH servers via an arbitrary server key. | ||||
| CVE-2015-5051 | 1 Ibm | 9 Maximo Asset Management, Maximo Asset Management Essentials, Maximo For Government and 6 more | 2025-04-12 | N/A |
| IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors. | ||||
| CVE-2014-4757 | 1 Ibm | 1 Content Collector | 2025-04-12 | N/A |
| The Outlook Extension in IBM Content Collector 4.0.0.x before 4.0.0.0-ICC-OE-IF004 allows local users to bypass the intended Reviewer privilege requirement and read e-mail messages from an arbitrary mailbox by invoking the Search function. | ||||
| CVE-2014-8000 | 1 Cisco | 1 Unified Communications Manager Im And Presence Service | 2025-04-12 | N/A |
| Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497. | ||||
| CVE-2015-5043 | 1 Ibm | 1 Security Guardium | 2025-04-12 | N/A |
| diag in IBM Security Guardium 8.2 before p6015, 9.0 before p6015, 9.1, 9.5, and 10.0 before p6015 allows local users to obtain root access via unspecified key sequences. | ||||
| CVE-2014-4700 | 1 Citrix | 1 Xendesktop | 2025-04-12 | N/A |
| Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors. | ||||
| CVE-2014-4759 | 1 Ibm | 1 Business Process Manager | 2025-04-12 | N/A |
| An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) 8.5.x through 8.5.5 allows remote authenticated users to obtain sensitive information by performing a document-attachment search and then reading document properties in the search results. | ||||
| CVE-2014-7999 | 1 Cisco | 6 Meraki Mr, Meraki Mr Firmware, Meraki Ms and 3 more | 2025-04-12 | N/A |
| Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565. | ||||
| CVE-2016-1712 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-12 | N/A |
| Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users to gain privileges by leveraging improper sanitization of the root_reboot local invocation. | ||||
| CVE-2014-4683 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2025-04-12 | N/A |
| The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request. | ||||