VYPR

CVEs

101,972 total · page 1557 of 2,040

  • CVE-2019-19684HigDec 9, 2019
    risk 0.57cvss 8.8epss 0.02

    nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to upload a crafted Facebook Auth plugin.

  • CVE-2019-14251HigDec 9, 2019
    risk 0.49cvss 7.5epss 0.08

    An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a document on the server once successfully authenticated. However, an attacker can leverage downloadDocServer() to traverse the file system and access files or…

  • CVE-2019-19648HigDec 9, 2019
    risk 0.51cvss 7.8epss 0.02

    In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.

  • CVE-2019-19647HigDec 9, 2019
    risk 0.51cvss 7.8epss 0.02

    radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact…

  • CVE-2019-19642HigDec 8, 2019
    risk 0.59cvss 8.8epss 0.19

    On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in…

  • CVE-2019-19630HigDec 8, 2019
    risk 0.51cvss 7.8epss 0.01

    HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() function in string.c (when called from render_contents in ps-pdf.cxx) via a crafted HTML document.

  • CVE-2019-19449HigDec 8, 2019
    risk 0.51cvss 7.8epss 0.02

    In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/f2fs/segment.c (because the second argument to get_seg_entry is not validated).

  • CVE-2019-19448HigDec 8, 2019
    risk 0.51cvss 7.8epss 0.02

    In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can…

  • CVE-2019-19447HigDec 8, 2019
    risk 0.51cvss 7.8epss 0.04

    In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.

  • CVE-2019-2232HigDec 6, 2019
    risk 0.49cvss 7.5epss 0.01

    In handleRun of TextLine.java, there is a possible application crash due to improper input validation. This could lead to remote denial of service when processing Unicode with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2019-2230HigDec 6, 2019
    risk 0.49cvss 7.5epss 0.01

    In nfcManager_routeAid and nfcManager_unrouteAid of NativeNfcManager.cpp, there is possible memory reuse due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2019-2225HigDec 6, 2019
    risk 0.57cvss 8.8epss 0.00

    When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone. This could lead to remote escalation of privilege with no additional execution privileges needed.…

  • CVE-2019-2223HigDec 6, 2019
    risk 0.51cvss 7.8epss 0.01

    In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2019-2222HigDec 6, 2019
    risk 0.51cvss 7.8epss 0.01

    n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product:…

  • CVE-2019-2221HigDec 6, 2019
    risk 0.51cvss 7.8epss 0.00

    In hasActivityInVisibleTask of WindowProcessController.java there’s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges…

  • CVE-2019-2218HigDec 6, 2019
    risk 0.51cvss 7.8epss 0.00

    In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. This could lead to local escalation of privilege by installing malicious packages with User execution privileges needed. User interaction is…

  • CVE-2019-2217HigDec 6, 2019
    risk 0.51cvss 7.8epss 0.00

    In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2019-18575HigDec 6, 2019
    risk 0.46cvss 7.1epss 0.00

    Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit this vulnerability by creating a symlink to a target file, allowing the attacker to overwrite or corrupt a specified file on the…

  • CVE-2019-18672HigDec 6, 2019
    risk 0.42cvss 7.5epss 0.01

    Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and…

  • CVE-2012-2130HigDec 6, 2019
    risk 0.48cvss 7.4epss 0.02

    A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys.

  • CVE-2019-12734HigDec 6, 2019
    risk 0.57cvss 8.8epss 0.02

    SiteVision 4 has Incorrect Access Control.

  • CVE-2019-12733HigDec 6, 2019
    risk 0.58cvss 8.8epss 0.06

    SiteVision 4 allows Remote Code Execution.

  • CVE-2012-1615HigDec 6, 2019
    risk 0.51cvss 7.8epss 0.00

    A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file.

  • CVE-2012-1592HigDec 5, 2019
    risk 0.62cvss 8.8epss 0.29

    A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.

  • CVE-2019-19609HigDec 5, 2019
    risk 0.07cvss 7.2epss 0.54

    The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa…

  • CVE-2019-5098HigDec 5, 2019
    risk 0.56cvss 8.6epss 0.02

    An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This…

  • CVE-2019-17388HigDec 5, 2019
    risk 0.51cvss 7.8epss 0.01

    Weak file permissions applied to the Aviatrix VPN Client through 2.2.10 installation directory on Windows and Linux allow a local attacker to execute arbitrary code by gaining elevated privileges through file modifications.

  • CVE-2019-17387HigDec 5, 2019
    risk 0.51cvss 7.8epss 0.01

    An authentication flaw in the AVPNC_RP service in Aviatrix VPN Client through 2.2.10 allows an attacker to gain elevated privileges through arbitrary code execution on Windows, Linux, and macOS.

  • CVE-2019-19007HigDec 5, 2019
    risk 0.47cvss 7.2epss 0.02

    Intelbras IWR 3000N 1.8.7 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled, a related issue to CVE-2019-17600.

  • CVE-2013-0243HigDec 5, 2019
    risk 0.48cvss 7.4epss 0.01

    haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections

  • CVE-2019-17437HigDec 5, 2019
    risk 0.51cvss 7.8epss 0.00

    An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions…

  • CVE-2019-19601HigDec 5, 2019
    risk 0.51cvss 7.8epss 0.01

    OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of an incorrect sprintf.

  • CVE-2019-19598HigDec 5, 2019
    risk 0.57cvss 8.8epss 0.04

    D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used to determine the time when the user sent the request. If…

  • CVE-2019-19597HigDec 5, 2019
    risk 0.59cvss 8.8epss 0.21

    D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header.

  • CVE-2019-19590HigDec 5, 2019
    risk 0.51cvss 7.8epss 0.03

    In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free.…

  • CVE-2019-19588HigDec 5, 2019
    risk 0.49cvss 7.5epss 0.01

    The validators package 0.12.2 through 0.12.5 for Python enters an infinite loop when validators.domain is called with a crafted domain string. This is fixed in 0.12.6.

  • CVE-2019-19553HigDec 5, 2019
    risk 0.49cvss 7.5epss 0.04

    In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection.

  • CVE-2019-19522HigDec 5, 2019
    risk 0.51cvss 7.8epss 0.00

    OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by…

  • CVE-2019-19520HigDec 5, 2019
    risk 0.51cvss 7.8epss 0.01

    xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen.

  • CVE-2019-19519HigDec 5, 2019
    risk 0.51cvss 7.8epss 0.00

    In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a logic error in the main function in su/su.c.

  • CVE-2019-16753HigDec 4, 2019
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. The content to be signed is composed of a representation of strings, rather than being composed of their binary representations. This is a weak signature scheme design that would allow…

  • CVE-2019-19364HigDec 4, 2019
    risk 0.51cvss 7.8epss 0.00

    A weak malicious user can escalate its privilege whenever CatalystProductionSuite.2019.1.exe (version 1.1.0.21) and CatalystBrowseSuite.2019.1.exe (version 1.1.0.21) installers run. The vulnerability is in the form of DLL Hijacking. The installers try to load DLLs that don’t…

  • CVE-2019-18346HigDec 4, 2019
    risk 0.57cvss 8.8epss 0.01

    A CSRF issue was discovered in DAViCal through 1.1.8. If an authenticated user visits an attacker-controlled webpage, the attacker can send arbitrary requests in the name of the user to the application. If the attacked user is an administrator, the attacker could for example add…

  • CVE-2019-17555HigDec 4, 2019
    risk 0.00cvss 7.5epss 0.02

    The AsyncResponseWrapperImpl class in Apache Olingo versions 4.0.0 to 4.6.0 reads the Retry-After header and passes it to the Thread.sleep() method without any check. If a malicious server returns a huge value in the header, then it can help to implement a DoS attack.

  • CVE-2019-7201HigDec 4, 2019
    risk 0.51cvss 7.8epss 0.00

    An unquoted service path vulnerability is reported to affect the service QVssService in QNAP NetBak Replicator. This vulnerability could allow an authorized but non-privileged local user to execute arbitrary code with elevated system privileges. QNAP have already fixed this…

  • CVE-2018-0728HigDec 4, 2019
    risk 0.49cvss 7.5epss 0.01

    This improper access control vulnerability in Helpdesk allows attackers to access the system logs. To fix the vulnerability, QNAP recommend updating QTS and Helpdesk to their latest versions.

  • CVE-2019-11937HigDec 4, 2019
    risk 0.00cvss 7.5epss 0.01

    In Mcrouter prior to v0.41.0, a large struct input provided to the Carbon protocol reader could result in stack exhaustion and denial of service.

  • CVE-2019-11923HigDec 4, 2019
    risk 0.00cvss 7.5epss 0.01

    In Mcrouter prior to v0.41.0, the deprecated ASCII parser would allocate a buffer to a user-specified length with no maximum length enforced, allowing for resource exhaustion or denial of service.

  • CVE-2019-15638HigDec 4, 2019
    risk 0.51cvss 7.8epss 0.00

    COPA-DATA zenone32 zenon Editor through 8.10 has an Uncontrolled Search Path Element.

  • CVE-2019-14909HigDec 4, 2019
    risk 0.54cvss 8.3epss 0.01

    A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted.