CWE-254

414 CVEs classified under CWE-254. Browse by severity and year.

Top CVEs for CWE-254
CVESeverityScorePublishedSummary
CVE-2016-5788Critical10.02016-11-25General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote a…
CVE-2019-15149Critical9.82019-08-18core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child…
CVE-2017-8227Critical9.82019-07-03Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in case 30 incorrect password attempts are detected using the We…
CVE-2016-9568Critical9.82018-02-19A security design issue can allow an unprivileged user to interact with the Carbon Black Sensor and perform unauthorized actions.
CVE-2011-4889Critical9.82018-02-08The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 befor…
CVE-2016-0332Critical9.82018-01-12IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 do not properly restrict failed login attempts, whic…
CVE-2014-5334Critical9.82018-01-08FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login.
CVE-2015-6473Critical9.82017-08-22WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation.
CVE-2015-9065Critical9.82017-08-18In all Qualcomm products with Android releases from CAF using the Linux kernel, a UE can respond to a UEInformationRequest before Access Stratum security is es…
CVE-2016-8964Critical9.82017-07-13IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 1…
CVE-2016-10321Critical9.82017-04-10web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks.
CVE-2016-7630Critical9.82017-02-20An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebSheet" component, which allows attackers to bypass a…
CVE-2016-10178Critical9.82017-01-30An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command.
CVE-2015-8857Critical9.82017-01-23The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attacker…
CVE-2016-8398Critical9.82017-01-12Unauthenticated messages processed by the UE. Certain NAS messages are processed when no EPS security context exists in the UE. Product: Android. Versions: Ker…
CVE-2016-9885Critical9.82017-01-06An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by op…
CVE-2016-9865Critical9.82016-12-11An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() fun…
CVE-2016-6629Critical9.82016-12-11An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a w…
CVE-2016-6957Critical9.82016-10-13Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020…
CVE-2016-6493Critical9.82016-08-19Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via v…