VYPR

CVEs

1,630 total · page 25 of 33

  • CVE-2019-7238KEVMar 21, 2019
    risk 0.13cvss epss 0.77

    Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.

  • CVE-2019-1003030KEVMar 8, 2019
    risk 0.21cvss epss 0.76

    A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM.

  • CVE-2019-1003029KEVMar 8, 2019
    risk 0.21cvss epss 0.74

    A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows…

  • CVE-2018-18809KEVMar 7, 2019
    risk 0.20cvss epss 0.80

    The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports…

  • CVE-2019-0676KEVMar 6, 2019
    risk 0.14cvss epss 0.08

    An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka 'Internet Explorer Information Disclosure Vulnerability'.

  • CVE-2019-0604KEVMar 6, 2019
    risk 0.29cvss epss 1.00

    A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.

  • CVE-2019-6223KEVMar 5, 2019
    risk 0.12cvss epss 0.03

    A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. The initiator of a Group FaceTime call may be able to cause the recipient to answer.

  • CVE-2019-9082KEVFeb 24, 2019
    risk 0.23cvss epss 0.97

    ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.

  • CVE-2019-6340KEVFeb 21, 2019
    risk 0.16cvss epss 0.92

    Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has…

  • CVE-2019-8394KEVFeb 17, 2019
    risk 0.22cvss epss 0.64

    Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.

  • CVE-2018-20250KEVFeb 5, 2019
    risk 0.28cvss epss 0.96

    In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating…

  • CVE-2017-18362KEVFeb 5, 2019
    risk 0.24cvss epss 0.87

    ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware…

  • CVE-2018-20753KEVFeb 5, 2019
    risk 0.22cvss epss 0.30

    Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild.

  • CVE-2019-1653KEVJan 24, 2019
    risk 0.23cvss epss 1.00

    A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An…

  • CVE-2019-1652KEVJan 24, 2019
    risk 0.22cvss epss 0.96

    A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due…

  • CVE-2018-13374KEVJan 22, 2019
    risk 0.21cvss epss 0.38

    A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server…

  • CVE-2018-15982KEVJan 18, 2019
    risk 0.28cvss epss 0.82

    Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-0543KEVJan 8, 2019
    risk 0.24cvss epss 0.05

    An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows…

  • CVE-2019-0541KEVJan 8, 2019
    risk 0.22cvss epss 0.53

    A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft…

  • CVE-2018-19320KEVDec 21, 2018
    risk 0.21cvss epss 0.04

    The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected…

  • CVE-2018-19322KEVDec 21, 2018
    risk 0.18cvss epss 0.02

    The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to…

  • CVE-2018-19321KEVDec 21, 2018
    risk 0.21cvss epss 0.04

    The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local…

  • CVE-2018-19323KEVDec 21, 2018
    risk 0.19cvss epss 0.09

    The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).

  • CVE-2018-8653KEVDec 20, 2018
    risk 0.15cvss epss 0.30

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is…

  • CVE-2018-8611KEVDec 12, 2018
    risk 0.13cvss epss 0.04

    An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019,…

  • CVE-2018-8639KEVDec 12, 2018
    risk 0.21cvss epss 0.22

    An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server…

  • CVE-2018-20062KEVDec 11, 2018
    risk 0.23cvss epss 1.00

    An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string.

  • CVE-2018-17480KEVDec 11, 2018
    risk 0.14cvss epss 0.34

    Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2018-1000861KEVDec 10, 2018
    risk 0.16cvss epss 0.98

    A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs…

  • CVE-2018-19410KEVNov 21, 2018
    risk 0.19cvss epss 0.86

    PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm…

  • CVE-2018-6065KEVNov 14, 2018
    risk 0.22cvss epss 0.59

    Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-17463KEVNov 14, 2018
    risk 0.22cvss epss 0.84

    Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2018-8581KEVNov 14, 2018
    risk 0.25cvss epss 0.28

    An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

  • CVE-2018-8589KEVNov 14, 2018
    risk 0.16cvss epss 0.03

    An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.

  • CVE-2018-14667KEVNov 6, 2018
    risk 0.11cvss epss 0.74

    The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via…

  • CVE-2018-14558KEVOct 30, 2018
    risk 0.18cvss epss 0.09

    An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute…

  • CVE-2018-8453HigKEVOct 10, 2018
    risk 0.77cvss 7.8epss 0.70

    An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server…

  • CVE-2018-14634HigKEVSep 25, 2018
    risk 0.67cvss 7.8epss 0.15

    An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are…

  • CVE-2018-15961CriKEVSep 25, 2018
    risk 0.87cvss 9.8epss 1.00

    Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2018-8440HigKEVSep 13, 2018
    risk 0.73cvss 7.8epss 0.18

    An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows…

  • CVE-2018-11776HigKEVAug 22, 2018
    risk 0.16cvss 8.1epss 1.00

    Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no…

  • CVE-2018-8414HigKEVAug 15, 2018
    risk 0.75cvss 8.8epss 0.74

    A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.

  • CVE-2018-8406HigKEVAug 15, 2018
    risk 0.69cvss 7.8epss 0.03

    An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE…

  • CVE-2018-8405HigKEVAug 15, 2018
    risk 0.69cvss 7.8epss 0.03

    An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016,…

  • CVE-2018-8373HigKEVAug 15, 2018
    risk 0.66cvss 7.5epss 0.62

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is…

  • CVE-2018-15133HigKEVAug 9, 2018
    risk 0.14cvss 8.1epss 0.77

    In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in…

  • CVE-2018-14933CriKEVAug 4, 2018
    risk 0.86cvss 9.8epss 0.94

    upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.

  • CVE-2018-14847CriKEVAug 2, 2018
    risk 0.82cvss 9.1epss 0.96

    MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.

  • CVE-2018-7602CriKEVJul 19, 2018
    risk 0.93cvss 9.8epss 0.99

    A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core -…

  • CVE-2018-8298HigKEVJul 11, 2018
    risk 0.14cvss 7.5epss 0.75

    A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287,…