CWE-254
414 CVEs classified under CWE-254. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-5788 | Critical | 10.0 | 2016-11-25 | General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote a… |
CVE-2019-15149 | Critical | 9.8 | 2019-08-18 | core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child… |
CVE-2017-8227 | Critical | 9.8 | 2019-07-03 | Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in case 30 incorrect password attempts are detected using the We… |
CVE-2016-9568 | Critical | 9.8 | 2018-02-19 | A security design issue can allow an unprivileged user to interact with the Carbon Black Sensor and perform unauthorized actions. |
CVE-2011-4889 | Critical | 9.8 | 2018-02-08 | The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 befor… |
CVE-2016-0332 | Critical | 9.8 | 2018-01-12 | IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 do not properly restrict failed login attempts, whic… |
CVE-2014-5334 | Critical | 9.8 | 2018-01-08 | FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login. |
CVE-2015-6473 | Critical | 9.8 | 2017-08-22 | WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation. |
CVE-2015-9065 | Critical | 9.8 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a UE can respond to a UEInformationRequest before Access Stratum security is es… |
CVE-2016-8964 | Critical | 9.8 | 2017-07-13 | IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 1… |
CVE-2016-10321 | Critical | 9.8 | 2017-04-10 | web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks. |
CVE-2016-7630 | Critical | 9.8 | 2017-02-20 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebSheet" component, which allows attackers to bypass a… |
CVE-2016-10178 | Critical | 9.8 | 2017-01-30 | An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command. |
CVE-2015-8857 | Critical | 9.8 | 2017-01-23 | The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attacker… |
CVE-2016-8398 | Critical | 9.8 | 2017-01-12 | Unauthenticated messages processed by the UE. Certain NAS messages are processed when no EPS security context exists in the UE. Product: Android. Versions: Ker… |
CVE-2016-9885 | Critical | 9.8 | 2017-01-06 | An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by op… |
CVE-2016-9865 | Critical | 9.8 | 2016-12-11 | An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() fun… |
CVE-2016-6629 | Critical | 9.8 | 2016-12-11 | An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a w… |
CVE-2016-6957 | Critical | 9.8 | 2016-10-13 | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020… |
CVE-2016-6493 | Critical | 9.8 | 2016-08-19 | Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via v… |