VYPR

CVEs

1,630 total · page 27 of 33

  • CVE-2017-11292HigKEVOct 22, 2017
    risk 0.70cvss 8.8epss 0.12

    Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code…

  • CVE-2017-10271HigKEVOct 19, 2017
    risk 0.78cvss 7.5epss 1.00

    Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with…

  • CVE-2017-11826HigKEVOct 13, 2017
    risk 0.69cvss 7.8epss 0.82

    Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software…

  • CVE-2017-11774HigKEVOct 13, 2017
    risk 0.67cvss 7.8epss 0.60

    Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."

  • CVE-2017-1000253HigKEVOct 5, 2017
    risk 0.73cvss 7.8epss 0.11

    Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86…

  • CVE-2017-12149CriKEVOct 4, 2017
    risk 0.92cvss 9.8epss 0.91

    In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute…

  • CVE-2017-12617HigKEVOct 4, 2017
    risk 0.69cvss 8.1epss 1.00

    When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via…

  • CVE-2017-12240CriKEVSep 29, 2017
    risk 0.77cvss 9.8epss 0.14

    The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system…

  • CVE-2017-12238MedKEVSep 29, 2017
    risk 0.54cvss 6.5epss 0.02

    A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of…

  • CVE-2017-12237HigKEVSep 29, 2017
    risk 0.61cvss 7.5epss 0.07

    A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS 15.0 through 15.6 and Cisco IOS XE 3.5 through 16.5 could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads…

  • CVE-2017-12235HigKEVSep 29, 2017
    risk 0.61cvss 7.5epss 0.07

    A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS 12.2 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The…

  • CVE-2017-12234HigKEVSep 29, 2017
    risk 0.61cvss 7.5epss 0.07

    Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The…

  • CVE-2017-12233HigKEVSep 29, 2017
    risk 0.61cvss 7.5epss 0.07

    Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The…

  • CVE-2017-12232MedKEVSep 29, 2017
    risk 0.54cvss 6.5epss 0.02

    A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS 15.0 through 15.6 could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service…

  • CVE-2017-12231HigKEVSep 29, 2017
    risk 0.61cvss 7.5epss 0.07

    A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper…

  • CVE-2015-1187CriKEVSep 21, 2017
    risk 0.85cvss 9.8epss 0.83

    The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.

  • CVE-2017-12615HigKEVSep 19, 2017
    risk 0.82cvss 8.1epss 1.00

    When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and…

  • CVE-2017-9805HigKEVSep 15, 2017
    risk 0.69cvss 8.1epss 0.99

    The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.

  • CVE-2017-8759HigKEVSep 13, 2017
    risk 0.73cvss 7.8epss 0.89

    Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."

  • CVE-2017-6627HigKEVSep 7, 2017
    risk 0.61cvss 7.5epss 0.06

    A vulnerability in the UDP processing code of Cisco IOS 15.1, 15.2, and 15.4 and IOS XE 3.14 through 3.18 could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and a denial of service…

  • CVE-2017-11357CriKEVAug 23, 2017
    risk 0.91cvss 9.8epss 0.76

    Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.

  • CVE-2017-11317CriKEVAug 23, 2017
    risk 0.85cvss 9.8epss 0.83

    Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.

  • CVE-2017-6327HigKEVAug 11, 2017
    risk 0.75cvss 8.8epss 0.35

    The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after…

  • CVE-2015-2291HigKEVAug 9, 2017
    risk 0.72cvss 7.8epss 0.09

    (1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c)…

  • CVE-2017-12637HigKEVAug 7, 2017
    risk 0.68cvss 7.5epss 0.95

    Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security…

  • CVE-2017-6663MedKEVAug 7, 2017
    risk 0.54cvss 6.5epss 0.02

    A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to reload, resulting in a denial of service (DoS) condition. More Information:…

  • CVE-2017-9822HigKEVJul 20, 2017
    risk 0.79cvss 8.8epss 0.95

    DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."

  • CVE-2017-6316CriKEVJul 20, 2017
    risk 0.85cvss 9.8epss 0.73

    Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.

  • CVE-2017-6744HigKEVJul 17, 2017
    risk 0.70cvss 8.8epss 0.07

    The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could…

  • CVE-2017-6743HigKEVJul 17, 2017
    risk 0.70cvss 8.8epss 0.11

    The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could…

  • CVE-2017-6742HigKEVJul 17, 2017
    risk 0.71cvss 8.8epss 0.21

    A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the affected device. …

  • CVE-2017-6740HigKEVJul 17, 2017
    risk 0.70cvss 8.8epss 0.11

    The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could…

  • CVE-2017-6739HigKEVJul 17, 2017
    risk 0.70cvss 8.8epss 0.11

    A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the affected device. …

  • CVE-2017-6738HigKEVJul 17, 2017
    risk 0.70cvss 8.8epss 0.11

    The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could…

  • CVE-2017-6737HigKEVJul 17, 2017
    risk 0.73cvss 8.8epss 0.43

    A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the affected device. …

  • CVE-2017-6736HigKEVJul 17, 2017
    risk 0.78cvss 8.8epss 0.71

    The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could…

  • CVE-2017-8570HigKEVJul 11, 2017
    risk 0.73cvss 7.8epss 0.90

    Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243.

  • CVE-2017-9791CriKEVJul 10, 2017
    risk 0.80cvss 9.8epss 0.99

    The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.

  • CVE-2017-9248CriKEVJul 3, 2017
    risk 0.85cvss 9.8epss 0.75

    Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection…

  • CVE-2017-9841CriKEVJun 27, 2017
    risk 0.80cvss 9.8epss 1.00

    Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the…

  • CVE-2017-8543CriKEVJun 15, 2017
    risk 0.82cvss 9.8epss 0.74

    Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an…

  • CVE-2017-8464HigKEVJun 15, 2017
    risk 0.79cvss 8.8epss 0.90

    Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via…

  • CVE-2016-7836CriKEVJun 9, 2017
    risk 0.77cvss 9.8epss 0.19

    SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program.

  • CVE-2017-7494CriKEVMay 30, 2017
    risk 0.86cvss 9.8epss 0.99

    Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

  • CVE-2017-8540HigKEVMay 26, 2017
    risk 0.71cvss 7.8epss 0.72

    The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server…

  • CVE-2017-6862CriKEVMay 26, 2017
    risk 0.79cvss 9.8epss 0.43

    NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261.

  • CVE-2017-0263HigKEVMay 12, 2017
    risk 0.67cvss 7.8epss 0.10

    The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka…

  • CVE-2017-0262HigKEVMay 12, 2017
    risk 0.69cvss 7.8epss 0.81

    Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0281.

  • CVE-2017-0261HigKEVMay 12, 2017
    risk 0.69cvss 7.8epss 0.78

    Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0262 and CVE-2017-0281.

  • CVE-2017-0222HigKEVMay 12, 2017
    risk 0.72cvss 8.8epss 0.30

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0226.