VYPR

CVEs

1,630 total · page 24 of 33

  • CVE-2019-13272KEVJul 17, 2019
    risk 0.19cvss epss 0.52

    In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process…

  • CVE-2019-12989KEVJul 16, 2019
    risk 0.22cvss epss 0.94

    Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.

  • CVE-2019-12991KEVJul 16, 2019
    risk 0.21cvss epss 0.74

    Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).

  • CVE-2019-0880KEVJul 15, 2019
    risk 0.12cvss epss 0.02

    A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'.

  • CVE-2018-18325KEVJul 3, 2019
    risk 0.22cvss epss 0.74

    DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.

  • CVE-2018-15811KEVJul 3, 2019
    risk 0.22cvss epss 0.74

    DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.

  • CVE-2019-7256KEVJul 2, 2019
    risk 0.23cvss epss 0.97

    Linear eMerge E3-Series devices allow Command Injections.

  • CVE-2019-5786KEVJun 27, 2019
    risk 0.22cvss epss 0.62

    Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

  • CVE-2019-1069KEVJun 12, 2019
    risk 0.21cvss epss 0.06

    An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would…

  • CVE-2019-1064KEVJun 12, 2019
    risk 0.19cvss epss 0.07

    An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view,…

  • CVE-2010-5330KEVJun 11, 2019
    risk 0.15cvss epss 0.34

    On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products,…

  • CVE-2019-10149KEVJun 5, 2019
    risk 0.23cvss epss 1.00

    A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

  • CVE-2018-13382KEVJun 4, 2019
    risk 0.28cvss epss 0.82

    An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN…

  • CVE-2018-13379KEVJun 4, 2019
    risk 0.29cvss epss 1.00

    An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated…

  • CVE-2019-11580KEVJun 3, 2019
    risk 0.29cvss epss 0.95

    Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary…

  • CVE-2019-9875KEVMay 31, 2019
    risk 0.17cvss epss 0.14

    Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter.

  • CVE-2019-9874KEVMay 31, 2019
    risk 0.19cvss epss 0.84

    Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter…

  • CVE-2019-9670KEVMay 29, 2019
    risk 0.23cvss epss 1.00

    mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.

  • CVE-2018-13383KEVMay 29, 2019
    risk 0.18cvss epss 0.34

    A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to…

  • CVE-2018-7841KEVMay 22, 2019
    risk 0.19cvss epss 0.72

    A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.

  • CVE-2019-11634KEVMay 22, 2019
    risk 0.22cvss epss 0.08

    Citrix Workspace App before 1904 for Windows has Incorrect Access Control.

  • CVE-2019-0903KEVMay 16, 2019
    risk 0.15cvss epss 0.22

    A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.

  • CVE-2019-0863KEVMay 16, 2019
    risk 0.15cvss epss 0.05

    An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.

  • CVE-2019-0708KEVMay 16, 2019
    risk 0.29cvss epss 1.00

    A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution…

  • CVE-2018-14839KEVMay 14, 2019
    risk 0.19cvss epss 0.89

    LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters.

  • CVE-2019-3568KEVMay 14, 2019
    risk 0.16cvss epss 0.39

    A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp…

  • CVE-2019-11510KEVMay 8, 2019
    risk 0.29cvss epss 1.00

    In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .

  • CVE-2018-4063KEVMay 6, 2019
    risk 0.12cvss epss 0.28

    An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can…

  • CVE-2017-18368KEVMay 2, 2019
    risk 0.22cvss epss 0.95

    The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page…

  • CVE-2019-3929KEVApr 30, 2019
    risk 0.23cvss epss 0.99

    The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware…

  • CVE-2019-9621KEVApr 30, 2019
    risk 0.23cvss epss 0.81

    Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.

  • CVE-2019-2725KEVApr 26, 2019
    risk 0.29cvss epss 1.00

    Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to…

  • CVE-2019-11539KEVApr 26, 2019
    risk 0.29cvss epss 0.99

    In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before…

  • CVE-2019-2616KEVApr 23, 2019
    risk 0.23cvss epss 0.92

    Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated…

  • CVE-2019-3398KEVApr 18, 2019
    risk 0.23cvss epss 0.97

    Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space…

  • CVE-2019-0859KEVApr 9, 2019
    risk 0.13cvss epss 0.04

    An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803.

  • CVE-2019-0841KEVApr 9, 2019
    risk 0.28cvss epss 0.42

    An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.

  • CVE-2019-0803KEVApr 9, 2019
    risk 0.22cvss epss 0.45

    An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0859.

  • CVE-2019-0752KEVApr 9, 2019
    risk 0.28cvss epss 0.82

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862.

  • CVE-2019-0797KEVApr 9, 2019
    risk 0.12cvss epss 0.02

    An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0808.

  • CVE-2019-0808KEVApr 9, 2019
    risk 0.21cvss epss 0.53

    An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0797.

  • CVE-2019-0703KEVApr 8, 2019
    risk 0.14cvss epss 0.10

    An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0704, CVE-2019-0821.

  • CVE-2019-0211KEVApr 8, 2019
    risk 0.22cvss epss 0.65

    In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent…

  • CVE-2019-11001KEVApr 8, 2019
    risk 0.14cvss epss 0.38

    On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field.

  • CVE-2018-4344KEVApr 3, 2019
    risk 0.12cvss epss 0.03

    A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

  • CVE-2019-5418KEVMar 27, 2019
    risk 0.23cvss epss 0.99

    There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.

  • CVE-2019-10068KEVMar 26, 2019
    risk 0.23cvss epss 0.96

    An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication…

  • CVE-2019-3396KEVMar 25, 2019
    risk 0.29cvss epss 1.00

    The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2…

  • CVE-2019-7609KEVMar 25, 2019
    risk 0.16cvss epss 0.95

    Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing…

  • CVE-2019-9978KEVMar 24, 2019
    risk 0.22cvss epss 0.74

    The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.