VYPR

CVEs

101,975 total · page 1560 of 2,040

  • CVE-2019-18460HigNov 26, 2019
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control.

  • CVE-2018-17860HigNov 26, 2019
    risk 0.47cvss 7.2epss 0.01

    Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1.

  • CVE-2016-5724HigNov 26, 2019
    risk 0.49cvss 7.5epss 0.01

    Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles.

  • CVE-2016-4572HigNov 26, 2019
    risk 0.57cvss 8.8epss 0.01

    In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges.

  • CVE-2015-7831HigNov 26, 2019
    risk 0.57cvss 8.8epss 0.01

    In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used.

  • CVE-2015-6495HigNov 26, 2019
    risk 0.49cvss 7.5epss 0.01

    There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles.

  • CVE-2019-14853HigNov 26, 2019
    risk 0.49cvss 7.5epss 0.03

    An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.

  • CVE-2019-14890HigNov 26, 2019
    risk 0.55cvss 8.4epss 0.00

    A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license.

  • CVE-2011-4082HigNov 26, 2019
    risk 0.49cvss 7.5epss 0.02

    A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request.

  • CVE-2019-19272HigNov 26, 2019
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.

  • CVE-2019-19271HigNov 26, 2019
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can cause some CRL entries to be ignored, and can allow clients whose certificates…

  • CVE-2019-19270HigNov 26, 2019
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow…

  • CVE-2019-15972HigNov 26, 2019
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly…

  • CVE-2011-3632HigNov 26, 2019
    risk 0.46cvss 7.1epss 0.00

    Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks.

  • CVE-2011-3631HigNov 26, 2019
    risk 0.57cvss 8.8epss 0.03

    Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and…

  • CVE-2011-3630HigNov 26, 2019
    risk 0.57cvss 8.8epss 0.03

    Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it,…

  • CVE-2019-15956HigNov 26, 2019
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform an unauthorized system reset on an affected device. The vulnerability is due to improper authorization…

  • CVE-2019-15288HigNov 26, 2019
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE), Cisco TelePresence Codec (TC), and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The vulnerability is due…

  • CVE-2019-15286HigNov 26, 2019
    risk 0.51cvss 7.8epss 0.01

    Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain…

  • CVE-2019-15284HigNov 26, 2019
    risk 0.51cvss 7.8epss 0.01

    Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain…

  • CVE-2019-15271HigKEVNov 26, 2019
    risk 0.70cvss 8.8epss 0.06

    A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session token.…

  • CVE-2011-3600HigNov 26, 2019
    risk 0.50cvss 7.5epss 0.16

    The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open…

  • CVE-2019-18251HigNov 26, 2019
    risk 0.57cvss 8.8epss 0.02

    In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit.

  • CVE-2019-15595HigNov 26, 2019
    risk 0.57cvss 8.8epss 0.02

    A privilege escalation exists in UniFi Video Controller =<3.10.6 that would allow an attacker on the local machine to run arbitrary commands.

  • CVE-2019-11290HigNov 26, 2019
    risk 0.49cvss 7.5epss 0.01

    Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.

  • CVE-2011-3596HigNov 26, 2019
    risk 0.53cvss 7.5epss 0.11

    Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request.

  • CVE-2011-3355HigNov 25, 2019
    risk 0.48cvss 7.3epss 0.01

    evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim.

  • CVE-2011-3351HigNov 25, 2019
    risk 0.46cvss 7.1epss 0.00

    openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system.

  • CVE-2019-15629HigNov 25, 2019
    risk 0.49cvss 7.5epss 0.03

    Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is affected by a FLAG_MISUSE vulnerability that could be exploited to allow the application to share information to third-party applications on the device.

  • CVE-2019-19244HigNov 25, 2019
    risk 0.42cvss 7.5epss 0.03

    sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.

  • CVE-2019-19252HigNov 25, 2019
    risk 0.00cvss 7.8epss 0.00

    vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a.

  • CVE-2019-16765HigNov 25, 2019
    risk 0.41cvss 7.4epss 0.05

    If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker's choosing may be executed on the user's behalf. This is fixed in version 1.0.1 of the extension. Users…

  • CVE-2012-6639HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.02

    An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data.

  • CVE-2019-19246HigNov 25, 2019
    risk 0.42cvss 7.5epss 0.03

    Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.

  • CVE-2015-1396HigNov 25, 2019
    risk 0.49cvss 7.5epss 0.03

    A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.

  • CVE-2019-5881HigNov 25, 2019
    risk 0.53cvss 8.1epss 0.01

    Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2019-5880HigNov 25, 2019
    risk 0.48cvss 7.4epss 0.01

    Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2019-5878HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-5877HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Out of bounds memory access in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-5876HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-5874HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

  • CVE-2019-5871HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-5859HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Insufficient filtering in URI schemes in Google Chrome on Windows prior to 76.0.3809.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

  • CVE-2019-5858HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Incorrect security UI in MacOS services integration in Google Chrome on OS X prior to 76.0.3809.87 allowed a local attacker to execute arbitrary code via a crafted HTML page.

  • CVE-2019-5856HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Insufficient policy enforcement in storage in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

  • CVE-2019-5854HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2019-5853HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-5851HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Use after free in WebAudio in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-5849HigNov 25, 2019
    risk 0.53cvss 8.1epss 0.01

    Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2019-17403HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.03

    Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was found that may lead to Remote Code Execution.