VYPR

CVEs

1,630 total · page 26 of 33

  • CVE-2018-5002HigKEVJul 9, 2018
    risk 0.65cvss 7.8epss 0.25

    Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • CVE-2018-4990HigKEVJul 9, 2018
    risk 0.72cvss 8.8epss 0.41

    Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • CVE-2018-9276HigKEVJul 2, 2018
    risk 0.69cvss 7.2epss 0.87

    An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed…

  • CVE-2018-6961HigKEVJun 11, 2018
    risk 0.75cvss 8.1epss 0.86

    VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the…

  • CVE-2016-9079HigKEVJun 11, 2018
    risk 0.71cvss 7.5epss 0.88

    A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird <…

  • CVE-2018-0296HigKEVJun 7, 2018
    risk 0.72cvss 7.5epss 1.00

    A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software…

  • CVE-2018-11138CriKEVMay 31, 2018
    risk 0.92cvss 9.8epss 0.92

    The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.

  • CVE-2018-4939CriKEVMay 19, 2018
    risk 0.81cvss 9.8epss 0.63

    Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2018-8174HigKEVMay 9, 2018
    risk 0.77cvss 7.5epss 0.88

    A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server…

  • CVE-2018-8120HigKEVMay 9, 2018
    risk 0.72cvss 7.0epss 0.74

    An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from…

  • CVE-2018-0824HigKEVMay 9, 2018
    risk 0.78cvss 8.8epss 0.73

    A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server…

  • CVE-2018-10562CriKEVMay 4, 2018
    risk 0.93cvss 9.8epss 1.00

    An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html,…

  • CVE-2018-10561CriKEVMay 4, 2018
    risk 0.86cvss 9.8epss 0.93

    An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the…

  • CVE-2018-2628CriKEVApr 19, 2018
    risk 0.87cvss 9.8epss 0.99

    Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with…

  • CVE-2018-5430HigKEVApr 17, 2018
    risk 0.76cvss 8.8epss 0.49

    The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a…

  • CVE-2018-1273CriKEVApr 11, 2018
    risk 0.82cvss 9.8epss 0.96

    Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially…

  • CVE-2018-7600CriKEVMar 29, 2018
    risk 0.93cvss 9.8epss 1.00

    Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

  • CVE-2018-0180MedKEVMar 28, 2018
    risk 0.51cvss 5.9epss 0.05

    Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices…

  • CVE-2018-0179MedKEVMar 28, 2018
    risk 0.51cvss 5.9epss 0.05

    Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices…

  • CVE-2018-0175HigKEVMar 28, 2018
    risk 0.64cvss 8.0epss 0.04

    Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with…

  • CVE-2018-0174HigKEVMar 28, 2018
    risk 0.69cvss 8.6epss 0.08

    A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists…

  • CVE-2018-0173HigKEVMar 28, 2018
    risk 0.69cvss 8.6epss 0.08

    A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a Relay Reply…

  • CVE-2018-0172HigKEVMar 28, 2018
    risk 0.69cvss 8.6epss 0.08

    A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists…

  • CVE-2018-0171CriKEVMar 28, 2018
    risk 0.87cvss 9.8epss 1.00

    A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected…

  • CVE-2018-0167HigKEVMar 28, 2018
    risk 0.69cvss 8.8epss 0.03

    Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute…

  • CVE-2018-0161MedKEVMar 28, 2018
    risk 0.53cvss 6.3epss 0.05

    A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition, aka a GET MIB Object ID Denial of…

  • CVE-2018-0159HigKEVMar 28, 2018
    risk 0.61cvss 7.5epss 0.07

    A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.…

  • CVE-2018-0158HigKEVMar 28, 2018
    risk 0.68cvss 8.6epss 0.07

    A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The…

  • CVE-2018-0156HigKEVMar 28, 2018
    risk 0.61cvss 7.5epss 0.08

    A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper…

  • CVE-2018-0155HigKEVMar 28, 2018
    risk 0.69cvss 8.6epss 0.08

    A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of…

  • CVE-2018-0154HigKEVMar 28, 2018
    risk 0.61cvss 7.5epss 0.07

    A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient…

  • CVE-2018-0151CriKEVMar 28, 2018
    risk 0.77cvss 9.8epss 0.14

    A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges. The vulnerability is due to…

  • CVE-2018-6882MedKEVMar 27, 2018
    risk 0.60cvss 6.1epss 0.24

    Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an…

  • CVE-2017-12319MedKEVMar 27, 2018
    risk 0.51cvss 5.9epss 0.05

    A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt…

  • CVE-2018-7445CriKEVMar 19, 2018
    risk 0.84cvss 9.8epss 0.61

    A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes…

  • CVE-2018-0147CriKEVMar 8, 2018
    risk 0.77cvss 9.8epss 0.19

    A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of…

  • CVE-2018-6530CriKEVMar 6, 2018
    risk 0.89cvss 9.8epss 0.97

    OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and…

  • CVE-2018-2380MedKEVMar 1, 2018
    risk 0.66cvss 6.6epss 0.29

    SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.

  • CVE-2018-6789CriKEVFeb 8, 2018
    risk 0.84cvss 9.8epss 0.82

    An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.

  • CVE-2018-0125CriKEVFeb 8, 2018
    risk 0.80cvss 9.8epss 0.55

    A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root…

  • CVE-2018-4878HigKEVFeb 6, 2018
    risk 0.79cvss 7.8epss 0.90

    A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This…

  • CVE-2017-1000353CriKEVJan 29, 2018
    risk 0.16cvss 9.8epss 1.00

    Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that…

  • CVE-2018-0802HigKEVJan 10, 2018
    risk 0.70cvss 7.8epss 0.93

    Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique…

  • CVE-2018-0798HigKEVJan 10, 2018
    risk 0.77cvss 8.8epss 0.95

    Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".

  • CVE-2017-1000486CriKEVJan 3, 2018
    risk 0.86cvss 9.8epss 0.94

    Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution

  • CVE-2017-17562HigKEVDec 12, 2017
    risk 0.68cvss 8.1epss 0.96

    Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When…

  • CVE-2017-15944CriKEVDec 11, 2017
    risk 0.87cvss 9.8epss 0.98

    Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.

  • CVE-2017-11882HigKEVNov 15, 2017
    risk 0.80cvss 7.8epss 1.00

    Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft…

  • CVE-2017-16651HigKEVNov 9, 2017
    risk 0.62cvss 7.8epss 0.43

    Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target…

  • CVE-2017-5070HigKEVOct 27, 2017
    risk 0.72cvss 8.8epss 0.31

    Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.