VYPR

CVEs

82,359 total · page 1352 of 1,648

  • CVE-2018-2984HigJul 18, 2018
    risk 0.53cvss 8.1epss 0.02

    Vulnerability in the Oracle Hospitality Cruise Fleet Management System component of Oracle Hospitality Applications (subcomponent: Gangway Activity Web App). The supported version that is affected is 9.x. Easily exploitable vulnerability allows low privileged attacker with…

  • CVE-2018-2978HigJul 18, 2018
    risk 0.46cvss 7.1epss 0.02

    Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export). Supported versions that are affected are 2.8, 2.9 and 2.10. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP…

  • CVE-2018-2976HigJul 18, 2018
    risk 0.53cvss 8.2epss 0.02

    Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Networking). The supported version that is affected is 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to…

  • CVE-2018-2966HigJul 18, 2018
    risk 0.48cvss 7.4epss 0.01

    Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). Supported versions that are affected are 16.x, 17.x and 18.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to…

  • CVE-2018-2964HigJul 18, 2018
    risk 0.54cvss 8.3epss 0.03

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise…

  • CVE-2018-2958HigJul 18, 2018
    risk 0.53cvss 8.2epss 0.02

    Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with…

  • CVE-2018-2957HigJul 18, 2018
    risk 0.49cvss 7.5epss 0.03

    Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Logging). The supported version that is affected is 5.5.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP…

  • CVE-2018-2956HigJul 18, 2018
    risk 0.53cvss 8.1epss 0.00

    Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Integration). The supported version that is affected is 5.5.x. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the…

  • CVE-2018-2954HigJul 18, 2018
    risk 0.46cvss 7.0epss 0.00

    Vulnerability in the Oracle Order Management component of Oracle E-Business Suite (subcomponent: Product Diagnostic Tools). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Difficult to exploit vulnerability allows low…

  • CVE-2018-2953HigJul 18, 2018
    risk 0.53cvss 8.2epss 0.02

    Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows…

  • CVE-2018-2944HigJul 18, 2018
    risk 0.49cvss 7.5epss 0.03

    Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Monitoring and Diagnostics). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to…

  • CVE-2018-2942HigJul 18, 2018
    risk 0.54cvss 8.3epss 0.02

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). Supported versions that are affected are Java SE: 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise…

  • CVE-2018-2941HigJul 18, 2018
    risk 0.54cvss 8.3epss 0.02

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u181, 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise…

  • CVE-2018-2939HigJul 18, 2018
    risk 0.55cvss 8.4epss 0.00

    Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18.1 and 18.2. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the…

  • CVE-2018-2935HigJul 18, 2018
    risk 0.54cvss 8.3epss 0.02

    Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JSF). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2018-2932HigJul 18, 2018
    risk 0.46cvss 7.1epss 0.02

    Vulnerability in the Oracle SuperCluster Specific Software component of Oracle Sun Systems Products Suite (subcomponent: SuperCluster Virtual Assistant). The supported version that is affected is Prior to 2.5.0. Difficult to exploit vulnerability allows unauthenticated attacker…

  • CVE-2018-2928HigJul 18, 2018
    risk 0.53cvss 8.1epss 0.02

    Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RAD). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris.…

  • CVE-2018-2926HigJul 18, 2018
    risk 0.50cvss 7.6epss 0.01

    Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NVIDIA-GFX Kernel driver). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with network access via ISCSI to compromise…

  • CVE-2018-2920HigJul 18, 2018
    risk 0.48cvss 7.4epss 0.01

    Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). The supported version that is affected is Prior to 8.7.19. Easily exploitable vulnerability allows low privileged attacker with network access…

  • CVE-2018-2918HigJul 18, 2018
    risk 0.49cvss 7.5epss 0.02

    Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). The supported version that is affected is Prior to 8.7.18. Difficult to exploit vulnerability allows unauthenticated attacker with network…

  • CVE-2018-2908HigJul 18, 2018
    risk 0.50cvss 7.7epss 0.02

    Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with network access via RPC to compromise Solaris. While the…

  • CVE-2018-2907HigJul 18, 2018
    risk 0.56cvss 8.6epss 0.03

    Vulnerability in the Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Security Models). The supported version that is affected is 11.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion…

  • CVE-2018-2900HigJul 18, 2018
    risk 0.53cvss 8.2epss 0.02

    Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Layout Tools). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher.…

  • CVE-2018-2892HigJul 18, 2018
    risk 0.54cvss 7.8epss 0.02

    Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Availability Suite Service). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where…

  • CVE-2018-2882HigJul 18, 2018
    risk 0.50cvss 7.7epss 0.01

    Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Interfaces). Supported versions that are affected are 10.2.x, 11.0.x, 12.0.x,12.1.x, 12.1.1.x,12.1.2.x and 13.1.x. Easily exploitable vulnerability allows low privileged attacker with…

  • CVE-2018-14371HigJul 18, 2018
    risk 0.42cvss 7.5epss 0.04

    The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.

  • CVE-2018-14379HigJul 18, 2018
    risk 0.50cvss 8.8epss 0.02

    MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certain case where MP4DataAtom is required, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted MP4…

  • CVE-2018-14363HigJul 17, 2018
    risk 0.42cvss 7.5epss 0.02

    An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames.

  • CVE-2018-14346HigJul 17, 2018
    risk 0.57cvss 8.8epss 0.02

    GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).

  • CVE-2018-14345HigJul 17, 2018
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. This is related to…

  • CVE-2018-13860HigJul 17, 2018
    risk 0.49cvss 7.5epss 0.01

    MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the "/xml/menu/getObjectEditor.xml" URL, using a "?oid=systemSetup&id=_0" or…

  • CVE-2018-14338HigJul 17, 2018
    risk 0.53cvss 8.1epss 0.01

    samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow.

  • CVE-2018-13864HigJul 17, 2018
    risk 0.49cvss 7.5epss 0.03

    A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests.

  • CVE-2018-14337HigJul 17, 2018
    risk 0.49cvss 7.5epss 0.01

    The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length.

  • CVE-2018-14333HigJul 17, 2018
    risk 0.53cvss 8.1epss 0.03

    TeamViewer through 13.1.1548 stores a password in Unicode format within TeamViewer.exe process memory between "[00 88] and "[00 00 00]" delimiters, which might make it easier for attackers to obtain sensitive information by leveraging an unattended workstation on which…

  • CVE-2018-14331HigJul 17, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in XiaoCms X1 v20140305. There is a CSRF vulnerability to change the administrator account password via admin/index.php?c=index&a=my.

  • CVE-2018-0710HigJul 17, 2018
    risk 0.61cvss 8.8epss 0.14

    Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.

  • CVE-2018-0709HigJul 17, 2018
    risk 0.61cvss 8.8epss 0.14

    Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.

  • CVE-2018-0708HigJul 17, 2018
    risk 0.62cvss 8.8epss 0.26

    Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.

  • CVE-2018-0707HigJul 17, 2018
    risk 0.55cvss 7.2epss 0.59

    Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.

  • CVE-2018-0706HigJul 17, 2018
    risk 0.64cvss 8.8epss 0.49

    Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information.

  • CVE-2018-1046HigJul 16, 2018
    risk 0.51cvss 7.8epss 0.01

    pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution.…

  • CVE-2018-14326HigJul 16, 2018
    risk 0.50cvss 8.8epss 0.02

    In MP4v2 2.0.0, there is an integer overflow (with resultant memory corruption) when resizing MP4Array for the ftyp atom in mp4array.h.

  • CVE-2018-14325HigJul 16, 2018
    risk 0.50cvss 8.8epss 0.02

    In MP4v2 2.0.0, there is an integer underflow (with resultant memory corruption) when parsing MP4Atom in mp4atom.cpp.

  • CVE-2018-0385HigJul 16, 2018
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the detection engine parsing of Security Socket Layer (SSL) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The…

  • CVE-2018-0383HigJul 16, 2018
    risk 0.56cvss 8.6epss 0.03

    A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the transfer of files to an affected system via FTP. The vulnerability exists because the affected…

  • CVE-2018-0370HigJul 16, 2018
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause one of the detection engine processes to run out of memory and thus slow down traffic processing. The vulnerability is due to improper handling of…

  • CVE-2018-0369HigJul 16, 2018
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service (DoS) condition. There are four instances…

  • CVE-2018-0368HigJul 16, 2018
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient security restrictions imposed by the affected software. An attacker…

  • CVE-2018-0341HigJul 16, 2018
    risk 0.58cvss 8.8epss 0.06

    A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. The vulnerability…