VYPR

CVEs

101,972 total · page 1559 of 2,040

  • CVE-2019-5269HigNov 29, 2019
    risk 0.51cvss 7.8epss 0.00

    Some Huawei home routers have an improper authorization vulnerability. Due to improper authorization of certain programs, an attacker can exploit this vulnerability to execute uploaded malicious files and escalate privilege.

  • CVE-2019-5232HigNov 29, 2019
    risk 0.49cvss 7.5epss 0.01

    There is a use of insufficiently random values vulnerability in Huawei ViewPoint products. An unauthenticated, remote attacker can guess information by a large number of attempts. Successful exploitation may cause information leak.

  • CVE-2019-5225HigNov 29, 2019
    risk 0.51cvss 7.8epss 0.01

    P30, Mate 20, P30 Pro smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), versions earlier than Hima-AL00B 9.1.0.135(C00E200R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12) have a buffer overflow vulnerability on several , the…

  • CVE-2019-5218HigNov 29, 2019
    risk 0.57cvss 8.8epss 0.00

    There is an insufficient authentication vulnerability in Huawei Band 2 and Honor Band 3. The band does not sufficiently authenticate the device try to connect to it in certain scenario. Successful exploit could allow the attacker to spoof then connect to the band.

  • CVE-2019-5210HigNov 29, 2019
    risk 0.51cvss 7.8epss 0.00

    Nova 5i pro and Nova 5 smartphones with versions earlier than 9.1.1.190(C00E190R6P2)and Versions earlier than 9.1.1.175(C00E170R3P2) have an improper validation of array index vulnerability. The system does not properly validate the input value before use it as an array index…

  • CVE-2019-18922HigNov 29, 2019
    risk 0.51cvss 7.5epss 0.25

    A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product.

  • CVE-2019-19378HigNov 29, 2019
    risk 0.51cvss 7.8epss 0.02

    In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.

  • CVE-2019-16766HigNov 29, 2019
    risk 0.50cvss 8.7epss 0.01

    When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. This problem has been patched in version…

  • CVE-2019-19377HigNov 29, 2019
    risk 0.51cvss 7.8epss 0.03

    In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.

  • CVE-2019-19372HigNov 28, 2019
    risk 0.49cvss 7.5epss 0.01

    A downloadFile.php download_file path traversal vulnerability in rConfig through 3.9.3 allows attackers to list files in arbitrary folders and potentially download files. NOTE: the discoverer later reported that there was not a "fully working exploit.

  • CVE-2019-18276HigNov 28, 2019
    risk 0.44cvss 7.8epss 0.03

    An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux…

  • CVE-2019-18247HigNov 27, 2019
    risk 0.49cvss 7.5epss 0.02

    An attacker may use a specially crafted message to force Relion 650 series (versions 1.3.0.5 and prior) or Relion 670 series (versions 1.2.3.18, 2.0.0.11, 2.1.0.1 and prior) to reboot, which could cause a denial of service.

  • CVE-2019-6673HigNov 27, 2019
    risk 0.49cvss 7.5epss 0.01

    On versions 15.0.0-15.0.1 and 14.0.0-14.1.2, when the BIG-IP is configured in HTTP/2 Full Proxy mode, specifically crafted requests may cause a disruption of service provided by the Traffic Management Microkernel (TMM).

  • CVE-2019-6672HigNov 27, 2019
    risk 0.49cvss 7.5epss 0.01

    On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BIG-IP AFM system is degraded.

  • CVE-2019-6671HigNov 27, 2019
    risk 0.49cvss 7.5epss 0.01

    On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, under certain conditions tmm may leak memory when processing packet fragments, leading to resource starvation.

  • CVE-2019-6669HigNov 27, 2019
    risk 0.49cvss 7.5epss 0.01

    On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, undisclosed traffic flow may cause TMM to restart under some circumstances.

  • CVE-2019-6667HigNov 27, 2019
    risk 0.49cvss 7.5epss 0.01

    On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.5.1-11.6.5, under certain conditions, TMM may consume excessive resources when processing traffic for a Virtual Server with the FIX (Financial Information eXchange) profile…

  • CVE-2019-6666HigNov 27, 2019
    risk 0.49cvss 7.5epss 0.01

    On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, and 13.1.0-13.1.1.4, the TMM process may produce a core file when an upstream server or cache sends the BIG-IP an invalid age header value.

  • CVE-2019-6674HigNov 27, 2019
    risk 0.49cvss 7.5epss 0.01

    On F5 SSL Orchestrator 15.0.0-15.0.1 and 14.0.0-14.1.2, TMM may crash when processing SSLO data in a service-chaining configuration.

  • CVE-2019-15705HigNov 27, 2019
    risk 0.49cvss 7.5epss 0.02

    An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request.

  • CVE-2011-2480HigNov 27, 2019
    risk 0.49cvss 7.5epss 0.02

    Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allows a local unprivileged user to cause the kernel to copy large amounts of…

  • CVE-2012-2248HigNov 27, 2019
    risk 0.53cvss 8.1epss 0.02

    An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable.

  • CVE-2011-2187HigNov 27, 2019
    risk 0.51cvss 7.8epss 0.00

    xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication.

  • CVE-2011-2177HigNov 27, 2019
    risk 0.51cvss 7.8epss 0.02

    OpenOffice.org v3.3 allows execution of arbitrary code with the privileges of the user running the OpenOffice.org suite tools.

  • CVE-2019-10220HigNov 27, 2019
    risk 0.58cvss 8.8epss 0.05

    Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.

  • CVE-2017-12945HigNov 27, 2019
    risk 0.62cvss 8.8epss 0.17

    Insufficient validation of user-supplied input for the Solstice Pod before 2.8.4 networking configuration enables authenticated attackers to execute arbitrary commands as root.

  • CVE-2019-15300HigNov 27, 2019
    risk 0.00cvss 8.8epss 0.02

    A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query.

  • CVE-2019-15298HigNov 27, 2019
    risk 0.02cvss 8.8epss 0.27

    A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management feature that…

  • CVE-2019-14812HigNov 27, 2019
    risk 0.51cvss 7.8epss 0.02

    A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then…

  • CVE-2019-10216HigNov 27, 2019
    risk 0.51cvss 7.8epss 0.02

    In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and…

  • CVE-2019-14867HigNov 27, 2019
    risk 0.58cvss 8.8epss 0.06

    A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker…

  • CVE-2011-4310HigNov 26, 2019
    risk 0.49cvss 7.5epss 0.01

    The news module in CMSMS before 1.9.4.3 allows remote attackers to corrupt new articles.

  • CVE-2019-17590HigNov 26, 2019
    risk 0.57cvss 8.8epss 0.01

    The csrf_callback function in the CSRF Magic library through 2016-03-27 is vulnerable to CSRF protection bypass as it allows one to tamper with the csrf token values. A remote attacker can exploit this by crafting a malicious page and dispersing it to a victim via social…

  • CVE-2019-16387HigNov 26, 2019
    risk 0.53cvss 8.1epss 0.01

    PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchema_ListDatabases request while using a low-privilege account. (This can perform actions and retrieve data that only an administrator should have access to.) NOTE:…

  • CVE-2019-16255HigNov 26, 2019
    risk 0.53cvss 8.1epss 0.04

    Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.

  • CVE-2019-16201HigNov 26, 2019
    risk 0.49cvss 7.5epss 0.05

    WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.

  • CVE-2019-18679HigNov 26, 2019
    risk 0.45cvss 7.5epss 0.41

    An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation.…

  • CVE-2019-18676HigNov 26, 2019
    risk 0.42cvss 7.5epss 0.09

    An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security…

  • CVE-2019-18455HigNov 26, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop.

  • CVE-2019-7319HigNov 26, 2019
    risk 0.54cvss 8.3epss 0.01

    An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser…

  • CVE-2019-6477HigNov 26, 2019
    risk 0.49cvss 7.5epss 0.04

    With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been…

  • CVE-2019-4387HigNov 26, 2019
    risk 0.57cvss 8.8epss 0.01

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID:…

  • CVE-2019-18457HigNov 26, 2019
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.8 through 12.4 when handling Security tokens.. It has Insecure Permissions.

  • CVE-2018-20090HigNov 26, 2019
    risk 0.54cvss 8.3epss 0.01

    An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder.

  • CVE-2017-7399HigNov 26, 2019
    risk 0.57cvss 8.8epss 0.01

    Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x before 5.10.1 allows a read-only Cloudera Manager user to discover the usernames of other users and elevate the privileges of those users.

  • CVE-2019-19275HigNov 26, 2019
    risk 0.42cvss 7.5epss 0.03

    typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a…

  • CVE-2019-19274HigNov 26, 2019
    risk 0.42cvss 7.5epss 0.03

    typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a…

  • CVE-2019-18460HigNov 26, 2019
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control.

  • CVE-2018-17860HigNov 26, 2019
    risk 0.47cvss 7.2epss 0.01

    Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1.

  • CVE-2016-5724HigNov 26, 2019
    risk 0.49cvss 7.5epss 0.01

    Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles.