Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-284
Total 1059 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-2847 1 Honeywell 1 Tuxedo Touch 2015-07-27 5.0 MEDIUM N/A
Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream.
CVE-2015-3007 1 Juniper 1 Junos 2015-07-15 7.2 HIGH N/A
The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the "set system ports console insecure" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port.
CVE-2015-0180 1 Ibm 1 Infosphere Information Server 2015-05-26 5.5 MEDIUM N/A
The Connector Migration Tool in IBM InfoSphere Information Server 8.1 through 11.3 allows remote authenticated users to bypass intended restrictions on job creation and modification via unspecified vectors.
CVE-2014-2174 1 Cisco 2 Telepresence Tc Software, Telepresence Te Software 2015-05-26 8.3 HIGH N/A
Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 do not properly implement access control, which allows remote attackers to obtain root privileges by sending packets on the local network and allows physically proximate attackers to obtain root privileges via unspecified vectors, aka Bug ID CSCub67651.
CVE-2015-3911 1 Huawei 2 E587 Mobile Wifi, E587 Mobile Wifi Firmware 2015-05-22 9.0 HIGH N/A
Huawei E587 Mobile WiFi with firmware before 11.203.30.00.00 allows remote attackers to bypass authentication, change configurations, send messages, and cause a denial of service (device restart) via unspecified vectors.
CVE-2015-0914 1 Kozos 1 Easyctf 2015-05-01 5.0 MEDIUM N/A
EasyCTF before 1.4 does not validate the session ID, which allows remote attackers to obtain access via a crafted HTTP request.
CVE-2015-0119 1 Ibm 1 Tivoli Storage Manager Fastback 2015-04-06 7.5 HIGH N/A
FastBack Mount in IBM Tivoli Storage Manager FastBack 6.1.x before 6.1.11.1 allows remote attackers to execute arbitrary code by connecting to the Mount port.
CVE-2015-2792 1 Wpml 1 Wpml 2015-03-31 7.5 HIGH N/A
The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request containing an action POST parameter, an action GET parameter, and a valid nonce for the action GET parameter.
CVE-2014-9648 1 Google 1 Chrome 2015-02-20 4.3 MEDIUM N/A
components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote attackers to cause a denial of service (loss of browser access to that site) via crafted JavaScript code, as demonstrated by pandora.com and the Pandora application, a different vulnerability than CVE-2015-1205.
CVE-2015-0929 1 Servision 2 Hvg400, Hvg Video Gateway Firmware 2015-02-04 10.0 HIGH N/A
time.htm in the web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a78 allows remote attackers to bypass authentication and obtain administrative access by leveraging a cookie received in an HTTP response.
CVE-2015-0926 1 Labtech Software 1 Labtech 2015-02-03 6.8 MEDIUM N/A
Labtech before 100.237 on Linux uses world-writable permissions for root-executed scripts, which allows local users to gain privileges by modifying a script file.
CVE-2014-9197 1 Schneider-electric 5 Etg3000 Factorycast Hmi Gateway Firmware, Tsxetg3000, Tsxetg3010 and 2 more 2015-01-28 7.8 HIGH N/A
The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.
CVE-2015-1307 1 Kde 1 Plasma-workspace 2015-01-26 4.3 MEDIUM N/A
plasma-workspace before 5.1.95 allows remote attackers to obtain passwords via a Trojan horse Look and Feel package.
CVE-2014-1449 1 Maxthon 1 Maxthon Cloud Browser 2014-12-29 5.0 MEDIUM N/A
The Maxthon Cloud Browser application before 4.1.6.2000 for Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses the history API.
CVE-2014-5208 1 Yokogawa 3 Centum Cs 3000, Centum Vp, Exaopc 2014-12-22 7.5 HIGH N/A
BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784.
CVE-2014-9151 1 Services Project 1 Services 2014-12-01 7.5 HIGH N/A
The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password.
CVE-2014-6625 1 Arubanetworks 1 Clearpass 2014-11-19 9.0 HIGH N/A
The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privileges via unspecified vectors.
CVE-2014-6627 1 Arubanetworks 1 Clearpass 2014-11-19 9.0 HIGH N/A
Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-5342.
CVE-2014-6626 1 Arubanetworks 1 Clearpass 2014-11-19 10.0 HIGH N/A
Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions, which allows remote attackers to bypass authentication and execute administrative actions via unknown vectors.