VYPR

CVEs

101,975 total · page 1561 of 2,040

  • CVE-2019-13724HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Out of bounds memory access in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-13723HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-13721HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-13720HigKEVNov 25, 2019
    risk 0.78cvss 8.8epss 0.73

    Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-13706HigNov 25, 2019
    risk 0.51cvss 7.8epss 0.01

    Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2019-13702HigNov 25, 2019
    risk 0.51cvss 7.8epss 0.01

    Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable.

  • CVE-2019-13700HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Out of bounds memory access in the gamepad API in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-13699HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Use after free in media in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-13698HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Out of bounds memory access in JavaScript in Google Chrome prior to 73.0.3683.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-13696HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Use after free in JavaScript in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-13695HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Use after free in audio in Google Chrome on Android prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-13694HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-13693HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.

  • CVE-2019-13692HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Insufficient policy enforcement in reader mode in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.

  • CVE-2019-13688HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-13687HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-13686HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Use after free in offline mode in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-13685HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Use after free in sharing view in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-13682HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

  • CVE-2019-13673HigNov 25, 2019
    risk 0.48cvss 7.4epss 0.01

    Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2019-13668HigNov 25, 2019
    risk 0.48cvss 7.4epss 0.01

    Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2019-13666HigNov 25, 2019
    risk 0.48cvss 7.4epss 0.01

    Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2012-5631HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.02

    ipa 3.0 does not properly check server identity before sending credential containing cookies

  • CVE-2019-18675HigNov 25, 2019
    risk 0.00cvss 7.8epss 0.01

    The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local users (with /dev/video0 access) to obtain read and write permissions on kernel…

  • CVE-2012-5617HigNov 25, 2019
    risk 0.51cvss 7.8epss 0.00

    gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation

  • CVE-2012-5535HigNov 25, 2019
    risk 0.49cvss 7.5epss 0.02

    gnome-system-log polkit policy allows arbitrary files on the system to be read

  • CVE-2012-5518HigNov 25, 2019
    risk 0.49cvss 7.5epss 0.01

    vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from anyone who has a matching key (and certificate)

  • CVE-2019-14822HigNov 25, 2019
    risk 0.46cvss 7.1epss 0.00

    A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a…

  • CVE-2019-14815HigNov 25, 2019
    risk 0.00cvss 7.8epss 0.00

    A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.

  • CVE-2019-10174HigNov 25, 2019
    risk 0.50cvss 8.8epss 0.03

    A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious…

  • CVE-2019-11287HigNov 23, 2019
    risk 0.49cvss 7.5epss 0.05

    Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason"…

  • CVE-2019-18909HigNov 22, 2019
    risk 0.52cvss 8.0epss 0.02

    The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.

  • CVE-2013-6234HigNov 22, 2019
    risk 0.56cvss 8.0epss 0.07

    Unrestricted file upload vulnerability in the Worksheet designer in SpagoBI before 4.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory,…

  • CVE-2012-6079HigNov 22, 2019
    risk 0.49cvss 7.5epss 0.02

    W3 Total Cache before 0.9.2.5 exposes sensitive cached database information which allows remote attackers to download this information via their hash keys.

  • CVE-2012-6078HigNov 22, 2019
    risk 0.49cvss 7.5epss 0.02

    W3 Total Cache before 0.9.2.5 generates hash keys insecurely which allows remote attackers to predict the values of the hashes.

  • CVE-2012-6077HigNov 22, 2019
    risk 0.49cvss 7.5epss 0.05

    W3 Total Cache before 0.9.2.5 allows remote attackers to retrieve password hash information due to insecure storage of database cache files.

  • CVE-2019-18610HigNov 22, 2019
    risk 0.53cvss 8.8epss 0.30

    An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to…

  • CVE-2019-17446HigNov 22, 2019
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Eracent EPA Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be used to start external programs with elevated permissions because of an Untrusted Search Path.

  • CVE-2013-6811HigNov 22, 2019
    risk 0.57cvss 8.8epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DSL-6740U gateway (Rev. H1) allow remote attackers to hijack the authentication of administrators for requests that change administrator credentials or enable remote management services to (1) Custom…

  • CVE-2019-18976HigNov 22, 2019
    risk 0.49cvss 7.5epss 0.07

    An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different…

  • CVE-2012-0877HigNov 22, 2019
    risk 0.49cvss 7.5epss 0.02

    PyXML: Hash table collisions CPU usage Denial of Service

  • CVE-2019-3427HigNov 22, 2019
    risk 0.47cvss 7.2epss 0.01

    The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a code injection vulnerability. An attacker could exploit the vulnerability to inject malicious code into the management page, resulting in users’ information leakage.

  • CVE-2019-19013HigNov 22, 2019
    risk 0.00cvss 8.8epss 0.01

    A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an arbitrary file by removing the CSRF token from a request.

  • CVE-2012-3407HigNov 22, 2019
    risk 0.51cvss 7.8epss 0.00

    plow has local buffer overflow vulnerability

  • CVE-2019-13157HigNov 22, 2019
    risk 0.49cvss 7.5epss 0.02

    nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.

  • CVE-2012-2079HigNov 22, 2019
    risk 0.57cvss 8.8epss 0.00

    A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.

  • CVE-2019-18888HigNov 21, 2019
    risk 0.42cvss 7.5epss 0.02

    An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the…

  • CVE-2019-18887HigNov 21, 2019
    risk 0.46cvss 8.1epss 0.01

    An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.

  • CVE-2014-5255HigNov 21, 2019
    risk 0.46cvss 7.0epss 0.00

    xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files. Note: A different vulnerability than CVE-2014-5254.

  • CVE-2014-2904HigNov 21, 2019
    risk 0.49cvss 7.5epss 0.01

    wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication.