VYPR

CVEs

82,359 total · page 1355 of 1,648

  • CVE-2018-8280HigJul 11, 2018
    risk 0.43cvss 7.5epss 0.19

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8286,…

  • CVE-2018-8279HigJul 11, 2018
    risk 0.57cvss 7.5epss 0.71

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274,…

  • CVE-2018-8275HigJul 11, 2018
    risk 0.50cvss 7.5epss 0.19

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274,…

  • CVE-2018-8274HigJul 11, 2018
    risk 0.50cvss 7.5epss 0.19

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8275, CVE-2018-8279,…

  • CVE-2018-8262HigJul 11, 2018
    risk 0.50cvss 7.5epss 0.19

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8125, CVE-2018-8274, CVE-2018-8275, CVE-2018-8279,…

  • CVE-2018-8260HigJul 11, 2018
    risk 0.58cvss 8.8epss 0.15

    A Remote Code Execution vulnerability exists in .NET software when the software fails to check the source markup of a file, aka ".NET Framework Remote Code Execution Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 4.7.2.

  • CVE-2018-8242HigJul 11, 2018
    risk 0.50cvss 7.5epss 0.18

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is…

  • CVE-2018-8238HigJul 11, 2018
    risk 0.51cvss 7.8epss 0.05

    A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass Vulnerability." This affects Skype, Microsoft Lync.

  • CVE-2018-8232HigJul 11, 2018
    risk 0.51cvss 7.8epss 0.01

    A Tampering vulnerability exists when Microsoft Macro Assembler improperly validates code, aka "Microsoft Macro Assembler Tampering Vulnerability." This affects Microsoft Visual Studio.

  • CVE-2018-8206HigJul 11, 2018
    risk 0.50cvss 7.5epss 0.11

    A denial of service vulnerability exists when Windows improperly handles File Transfer Protocol (FTP) connections, aka "Windows FTP Server Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012,…

  • CVE-2018-8202HigJul 11, 2018
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka ".NET Framework Elevation of Privilege Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET…

  • CVE-2018-8172HigJul 11, 2018
    risk 0.53cvss 7.8epss 0.31

    A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4.

  • CVE-2018-8171HigJul 11, 2018
    risk 0.50cvss 7.5epss 0.10

    A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.

  • CVE-2018-8125HigJul 11, 2018
    risk 0.50cvss 7.5epss 0.19

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8279,…

  • CVE-2018-3688HigJul 10, 2018
    risk 0.51cvss 7.8epss 0.00

    Unquoted service paths in Intel Quartus Prime Programmer and Tools in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code.

  • CVE-2018-3687HigJul 10, 2018
    risk 0.51cvss 7.8epss 0.00

    Unquoted service paths in Intel Quartus II Programmer and Tools in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code.

  • CVE-2018-3684HigJul 10, 2018
    risk 0.51cvss 7.8epss 0.00

    Unquoted service paths in Intel Quartus II in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code.

  • CVE-2018-3683HigJul 10, 2018
    risk 0.51cvss 7.8epss 0.00

    Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code.

  • CVE-2018-3682HigJul 10, 2018
    risk 0.53cvss 8.2epss 0.00

    BMC Firmware in Intel server boards, compute modules, and systems potentially allow an attacker with administrative privileges to make unauthorized read\writes to the SMBUS.

  • CVE-2018-3668HigJul 10, 2018
    risk 0.51cvss 7.8epss 0.00

    Unquoted service paths in Intel Processor Diagnostic Tool (IPDT) before version 4.1.0.27 allows a local attacker to potentially execute arbitrary code.

  • CVE-2018-3667HigJul 10, 2018
    risk 0.51cvss 7.8epss 0.00

    Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets permissions of installed files incorrectly, allowing for execution of arbitrary code and potential privilege escalation.

  • CVE-2018-3652HigJul 10, 2018
    risk 0.49cvss 7.6epss 0.00

    Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows a limited physical presence attacker to potentially access platform secrets…

  • CVE-2018-3628HigJul 10, 2018
    risk 0.57cvss 8.8epss 0.01

    Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to execute arbitrary code via the same subnet.

  • CVE-2018-3627HigJul 10, 2018
    risk 0.53cvss 8.2epss 0.01

    Logic bug in Intel Converged Security Management Engine 11.x may allow an attacker to execute arbitrary code via local privileged access.

  • CVE-2018-13875HigJul 10, 2018
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in the HDF HDF5 1.8.20 library. There is an out-of-bounds read in the function H5VM_memcpyvv in H5VM.c.

  • CVE-2018-13863HigJul 10, 2018
    risk 0.42cvss 7.5epss 0.02

    The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long…

  • CVE-2018-2438HigJul 10, 2018
    risk 0.49cvss 7.5epss 0.02

    The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has several denial-of-service vulnerabilities that allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.

  • CVE-2018-2436HigJul 10, 2018
    risk 0.57cvss 8.8epss 0.01

    Executing transaction WRCK in SAP R/3 Enterprise Retail (EHP6) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

  • CVE-2018-2433HigJul 10, 2018
    risk 0.49cvss 7.5epss 0.01

    SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding…

  • CVE-2018-2427HigJul 10, 2018
    risk 0.57cvss 8.8epss 0.02

    SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the…

  • CVE-2018-13848HigJul 10, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StszAtom::GetSampleSize in Core/Ap4StszAtom.cpp.

  • CVE-2018-13847HigJul 10, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StcoAtom::AdjustChunkOffsets in Core/Ap4StcoAtom.cpp.

  • CVE-2018-13844HigJul 10, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. NOTE: This has been disputed with the assertion that this vulnerability exists in the test harness and HTSlib users would be aware of the need to destruct this object returned by fai_load() in…

  • CVE-2018-13843HigJul 10, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue has been found in HTSlib 1.8. It is a memory leak in bgzf_getline in bgzf.c. NOTE: the software maintainer's position is that the "failure to free memory" can be fixed in applications that use the HTSlib library (such as test/test_bgzf.c in the original report) and is…

  • CVE-2018-10891HigJul 10, 2018
    risk 0.41cvss 7.3epss 0.02

    A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank.

  • CVE-2018-1331HigJul 10, 2018
    risk 0.58cvss 8.8epss 0.04

    In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user.

  • CVE-2018-1566HigJul 10, 2018
    risk 0.55cvss 8.4epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. IBM X-Force ID: 143023.

  • CVE-2018-1487HigJul 10, 2018
    risk 0.55cvss 8.4epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID:…

  • CVE-2018-1458HigJul 10, 2018
    risk 0.48cvss 7.4epss 0.02

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10,1, 10.5 and 11.1 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. IBM X-Force ID: 140209.

  • CVE-2018-13833HigJul 10, 2018
    risk 0.51cvss 7.8epss 0.02

    An issue was discovered in cmft through 2017-09-24. The cmft::rwReadFile function in image.cpp allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact.

  • CVE-2018-10943HigJul 10, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Barco ClickShare CSE-200 and CS-100 Base Units with firmware before 1.6.0.3. Sending an arbitrary unexpected string to TCP port 7100 respecting a certain frequency timing disconnects all clients and results in a crash of the Unit.

  • CVE-2018-1128HigJul 10, 2018
    risk 0.00cvss 7.5epss 0.01

    It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and…

  • CVE-2018-10887HigJul 10, 2018
    risk 0.00cvss 8.1epss 0.02

    A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An…

  • CVE-2018-10861HigJul 10, 2018
    risk 0.00cvss 8.1epss 0.03

    A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.

  • CVE-2018-12230HigJul 10, 2018
    risk 0.49cvss 7.5epss 0.01

    An wrong logical check identified in the transferFrom function of a smart contract implementation for RemiCoin (RMC), an Ethereum ERC20 token, allows the attacker to steal tokens or conduct resultant integer underflow attacks.

  • CVE-2016-10726HigJul 10, 2018
    risk 0.49cvss 7.5epss 0.03

    The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI.

  • CVE-2018-13795HigJul 9, 2018
    risk 0.49cvss 7.5epss 0.01

    Gravity before 0.5.1 does not support a maximum recursion depth.

  • CVE-2018-13793HigJul 9, 2018
    risk 0.57cvss 8.8epss 0.00

    Multiple Cross Site Request Forgery (CSRF) vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login.

  • CVE-2018-6967HigJul 9, 2018
    risk 0.53cvss 8.1epss 0.02

    VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers…

  • CVE-2018-6966HigJul 9, 2018
    risk 0.53cvss 8.1epss 0.02

    VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers…