VYPR

CVEs

82,359 total · page 1354 of 1,648

  • CVE-2018-5529HigJul 12, 2018
    risk 0.51cvss 7.8epss 0.00

    The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as a privileged process and can allow an unprivileged user to assume super-user privileges on the local client host. A malicious local unprivileged user may gain knowledge of…

  • CVE-2018-12980HigJul 12, 2018
    risk 0.63cvss 8.8epss 0.30

    An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server.

  • CVE-2017-14709HigJul 12, 2018
    risk 0.48cvss 7.4epss 0.00

    The komoot GmbH "Komoot - Cycling & Hiking Maps" app before 9.3.2 -- aka komoot-cycling-hiking-maps/id447374873 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a…

  • CVE-2018-14006HigJul 12, 2018
    risk 0.49cvss 7.5epss 0.01

    An integer overflow vulnerability exists in the function multipleTransfer of Neo Genesis Token (NGT), an Ethereum token smart contract. An attacker could use it to set any user's balance.

  • CVE-2018-14005HigJul 12, 2018
    risk 0.49cvss 7.5epss 0.01

    An integer overflow vulnerability exists in the function transferAny of Malaysia coins (Xmc), an Ethereum token smart contract. An attacker could use it to set any user's balance.

  • CVE-2018-14004HigJul 12, 2018
    risk 0.49cvss 7.5epss 0.01

    An integer overflow vulnerability exists in the function transfer_tokens_after_ICO of GlobeCoin (GLB), an Ethereum token smart contract. An attacker could use it to set any user's balance.

  • CVE-2018-14003HigJul 12, 2018
    risk 0.49cvss 7.5epss 0.01

    An integer overflow vulnerability exists in the function batchTransfer of WeMediaChain (WMC), an Ethereum token smart contract. An attacker could use it to set any user's balance.

  • CVE-2018-14002HigJul 12, 2018
    risk 0.49cvss 7.5epss 0.01

    An integer overflow vulnerability exists in the function distribute of MP3 Coin (MP3), an Ethereum token smart contract. An attacker could use it to set any user's balance.

  • CVE-2018-14001HigJul 12, 2018
    risk 0.49cvss 7.5epss 0.01

    An integer overflow vulnerability exists in the function batchTransfer of SHARKTECH (SKT), an Ethereum token smart contract. An attacker could use it to set any user's balance.

  • CVE-2018-13836HigJul 12, 2018
    risk 0.49cvss 7.5epss 0.01

    An integer overflow vulnerability exists in the function multiTransfer of Rocket Coin (XRC), an Ethereum token smart contract. An attacker could use it to set any user's balance.

  • CVE-2018-12540HigJul 12, 2018
    risk 0.50cvss 8.8epss 0.02

    In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.

  • CVE-2017-18155HigJul 12, 2018
    risk 0.51cvss 7.8epss 0.00

    While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, an uninitialized variable can be used leading to a kernel fault.

  • CVE-2018-13997HigJul 12, 2018
    risk 0.49cvss 7.5epss 0.01

    Genann through 2018-07-08 has a SEGV in genann_run in genann.c.

  • CVE-2018-11049HigJul 11, 2018
    risk 0.47cvss 7.3epss 0.00

    RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user…

  • CVE-2018-0032HigJul 11, 2018
    risk 0.49cvss 7.5epss 0.02

    The receipt of a crafted BGP UPDATE can lead to a routing process daemon (RPD) crash and restart. Repeated receipt of the same crafted BGP UPDATE can result in an extended denial of service condition for the device. This issue only affects the specific versions of Junos OS…

  • CVE-2018-0030HigJul 11, 2018
    risk 0.49cvss 7.5epss 0.02

    Receipt of a specific MPLS packet may cause MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2) line cards or PTX1K to crash and restart. By continuously sending specific MPLS packets, an attacker can repeatedly crash the line cards or PTX1K causing a sustained Denial of Service. Affected…

  • CVE-2018-0027HigJul 11, 2018
    risk 0.49cvss 7.5epss 0.02

    Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to hang or crash. When RPD is unavailable, routing updates cannot be processed which can lead to an extended network outage. If RSVP is not enabled on an interface, then the issue…

  • CVE-2018-0024HigJul 11, 2018
    risk 0.51cvss 7.8epss 0.00

    An Improper Privilege Management vulnerability in a shell session of Juniper Networks Junos OS allows an authenticated unprivileged attacker to gain full control of the system. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D45 on SRX Series;…

  • CVE-2018-3936HigJul 11, 2018
    risk 0.57cvss 8.8epss 0.02

    In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution.

  • CVE-2018-3933HigJul 11, 2018
    risk 0.57cvss 8.8epss 0.02

    An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted Microsoft Word (DOC) document can lead to an out-of-bounds write,…

  • CVE-2018-3932HigJul 11, 2018
    risk 0.57cvss 8.8epss 0.03

    An exploitable stack-based buffer overflow exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted Microsoft Word (DOC) document can lead to a stack-based…

  • CVE-2018-3931HigJul 11, 2018
    risk 0.51cvss 7.8epss 0.02

    In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `putShapeProperty` method.

  • CVE-2018-3930HigJul 11, 2018
    risk 0.51cvss 7.8epss 0.02

    In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `vbgetfp` method.

  • CVE-2018-3929HigJul 11, 2018
    risk 0.51cvss 7.8epss 0.02

    An exploitable heap corruption exists in the PowerPoint document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted PowerPoint (PPT) document can lead to heap corruption, resulting in remote…

  • CVE-2018-13989HigJul 11, 2018
    risk 0.60cvss 8.8epss 0.03

    Grundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks via a POST request to TCP port 8085 containing a predictable ID value, as demonstrated by a /sendrcpackage?keyid=-2544&keysymbol=-4081 request to shut off the device.

  • CVE-2018-11529HigJul 11, 2018
    risk 0.58cvss 8.0epss 0.41

    VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.

  • CVE-2017-16709HigJul 11, 2018
    risk 0.56cvss 7.2epss 0.72

    Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors.

  • CVE-2013-2972HigJul 11, 2018
    risk 0.49cvss 7.5epss 0.02

    IBM WebSphere Cast Iron 6.3 allows remote attackers to bypass intended access restrictions via unspecified vectors. IBM X-Force ID: 83868.

  • CVE-2013-2951HigJul 11, 2018
    risk 0.51cvss 7.8epss 0.00

    IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621.

  • CVE-2013-0589HigJul 11, 2018
    risk 0.49cvss 7.5epss 0.02

    IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to bypass the remote image filtering mechanism and obtain sensitive information via a crafted e-mail message. IBM X-Force ID: 83371.

  • CVE-2018-8007HigJul 11, 2018
    risk 0.48cvss 7.2epss 0.12

    Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the…

  • CVE-2017-7467HigJul 11, 2018
    risk 0.46cvss 7.0epss 0.03

    A buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this flaw to crash minicom, or execute arbitrary code in the context of the minicom process.

  • CVE-2018-8313HigJul 11, 2018
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10,…

  • CVE-2018-8312HigJul 11, 2018
    risk 0.52cvss 7.8epss 0.20

    A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka "Microsoft Access Remote Code Execution Vulnerability." This affects Microsoft Access, Microsoft Office.

  • CVE-2018-8311HigJul 11, 2018
    risk 0.59cvss 8.8epss 0.17

    A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka "Remote Code Execution Vulnerability in Skype For Business and Lync." This affects Skype, Microsoft Lync.

  • CVE-2018-8310HigJul 11, 2018
    risk 0.49cvss 7.5epss 0.05

    A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka "Microsoft Office Tampering Vulnerability." This affects Microsoft Word, Microsoft Office.

  • CVE-2018-8301HigJul 11, 2018
    risk 0.50cvss 7.5epss 0.13

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8275,…

  • CVE-2018-8300HigJul 11, 2018
    risk 0.58cvss 8.8epss 0.13

    A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka "Microsoft SharePoint Remote Code Execution Vulnerability." This affects Microsoft SharePoint.

  • CVE-2018-8298HigKEVJul 11, 2018
    risk 0.14cvss 7.5epss 0.75

    A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287,…

  • CVE-2018-8296HigJul 11, 2018
    risk 0.50cvss 7.5epss 0.16

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283,…

  • CVE-2018-8294HigJul 11, 2018
    risk 0.43cvss 7.5epss 0.19

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280,…

  • CVE-2018-8291HigJul 11, 2018
    risk 0.02cvss 7.5epss 0.70

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from…

  • CVE-2018-8290HigJul 11, 2018
    risk 0.43cvss 7.5epss 0.19

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280,…

  • CVE-2018-8288HigJul 11, 2018
    risk 0.02cvss 7.5epss 0.70

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from…

  • CVE-2018-8287HigJul 11, 2018
    risk 0.43cvss 7.5epss 0.16

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID…

  • CVE-2018-8286HigJul 11, 2018
    risk 0.43cvss 7.5epss 0.19

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280,…

  • CVE-2018-8284HigJul 11, 2018
    risk 0.56cvss 8.1epss 0.43

    A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework…

  • CVE-2018-8283HigJul 11, 2018
    risk 0.43cvss 7.5epss 0.14

    A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8287, CVE-2018-8288,…

  • CVE-2018-8282HigJul 11, 2018
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008,…

  • CVE-2018-8281HigJul 11, 2018
    risk 0.52cvss 7.8epss 0.20

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Microsoft Office,…