Export limit exceeded: 354389 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 11915 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11915 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-5081 | 3 Sphider, Sphider-plus, Sphiderpro | 3 Sphider, Sphider-plus, Sphider Pro | 2024-11-21 | 9.8 Critical |
| sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass | ||||
| CVE-2014-4198 | 1 Bssys | 1 Rbs Bs-client. Retail Client | 2024-11-21 | 9.1 Critical |
| A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user access privileged function. | ||||
| CVE-2014-3999 | 1 Horde | 1 Horde Ldap | 2024-11-21 | N/A |
| The Horde_Ldap library before 2.0.6 for Horde allows remote attackers to bypass authentication by leveraging knowledge of the LDAP bind user DN. | ||||
| CVE-2014-3879 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 9.8 Critical |
| OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discarded and allows context-dependent attackers to bypass authentication via a login (1) without a password or (2) with an incorrect password. | ||||
| CVE-2014-3519 | 1 Openvz | 1 Vzkernel | 2024-11-21 | N/A |
| The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAP_DAC_READ_SEARCH capability to bypass an intended container protection mechanism and access arbitrary files on a filesystem via vectors related to use of the file_handle structure. | ||||
| CVE-2014-2904 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 7.5 High |
| wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication. | ||||
| CVE-2014-2884 | 1 Truecrypt Project | 1 Truecrypt | 2024-11-21 | N/A |
| The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OPEN_TEST or (2) TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG IOCTL call. | ||||
| CVE-2014-2651 | 1 Atos | 28 Openscape Desk Phone Ip 35g, Openscape Desk Phone Ip 35g Eco, Openscape Desk Phone Ip 35g Eco Firmware and 25 more | 2024-11-21 | 9.8 Critical |
| Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface | ||||
| CVE-2014-2048 | 1 Owncloud | 1 Owncloud | 2024-11-21 | N/A |
| The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation. | ||||
| CVE-2014-1867 | 1 Suphp | 1 Suphp | 2024-11-21 | 7.8 High |
| suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary code execution | ||||
| CVE-2014-1400 | 2 Entity Api Project, Fedoraproject | 2 Entity Api, Fedora | 2024-11-21 | N/A |
| The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors. | ||||
| CVE-2014-1399 | 2 Entity Api Project, Fedoraproject | 2 Entity Api, Fedora | 2024-11-21 | N/A |
| The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors. | ||||
| CVE-2014-1398 | 2 Entity Api Project, Fedoraproject | 2 Entity Api, Fedora | 2024-11-21 | N/A |
| The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors. | ||||
| CVE-2014-125060 | 1 Collabcal Project | 1 Collabcal | 2024-11-21 | 7.3 High |
| A vulnerability, which was classified as critical, was found in holdennb CollabCal. Affected is the function handleGet of the file calenderServer.cpp. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The patch is identified as b80f6d1893607c99e5113967592417d0fe310ce6. It is recommended to apply a patch to fix this issue. VDB-217614 is the identifier assigned to this vulnerability. | ||||
| CVE-2014-125054 | 1 Reddit-on-rails Project | 1 Reddit-on-rails | 2024-11-21 | 4.3 Medium |
| A vulnerability classified as critical was found in koroket RedditOnRails. This vulnerability affects unknown code of the component Vote Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The patch is identified as 7f3c7407d95d532fcc342b00d68d0ea09ca71030. It is recommended to apply a patch to fix this issue. VDB-217594 is the identifier assigned to this vulnerability. | ||||
| CVE-2014-10389 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2024-11-21 | N/A |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication. | ||||
| CVE-2014-10067 | 1 Paypal-ipn Project | 1 Paypal-ipn | 2024-11-21 | N/A |
| paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would fool any application which does not explicitly check for test_ipn in production. | ||||
| CVE-2014-10059 | 1 Qualcomm | 14 Mdm9615, Mdm9615 Firmware, Mdm9625 and 11 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, SD 210/SD 212/SD 205, SD 400, and SD 800, improper access control on ATCMD service allows third party services to access without user knowledge. | ||||
| CVE-2014-10053 | 1 Qualcomm | 54 Mdm9206, Mdm9206 Firmware, Mdm9650 and 51 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, data access is not properly validated in the Widevine secure application. | ||||
| CVE-2014-10050 | 1 Qualcomm | 12 Msm8917, Msm8917 Firmware, Msm8939 and 9 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MSM8996, MSM8939, MSM8976, MSM8917, SDM845, and SDM660, access control collision vulnerability when accessing the replay protected memory block. | ||||