VYPR

CVEs

101,975 total · page 1563 of 2,040

  • CVE-2012-2238HigNov 21, 2019
    risk 0.42cvss 7.5epss 0.02

    trytond 2.4: ModelView.button fails to validate authorization

  • CVE-2019-6852HigNov 20, 2019
    risk 0.49cvss 7.5epss 0.01

    A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the…

  • CVE-2015-3167HigNov 20, 2019
    risk 0.42cvss 7.5epss 0.04

    contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.

  • CVE-2013-1817HigNov 20, 2019
    risk 0.49cvss 7.5epss 0.03

    MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.

  • CVE-2013-1816HigNov 20, 2019
    risk 0.49cvss 7.5epss 0.03

    MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request.

  • CVE-2019-3466HigNov 20, 2019
    risk 0.51cvss 7.8epss 0.01

    The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.

  • CVE-2019-4561HigNov 20, 2019
    risk 0.57cvss 8.8epss 0.04

    IBM Security Identity Manager 6.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute…

  • CVE-2019-5542HigNov 20, 2019
    risk 0.50cvss 7.7epss 0.01

    VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain a denial-of-service vulnerability in the RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM.

  • CVE-2019-5540HigNov 20, 2019
    risk 0.50cvss 7.7epss 0.01

    VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an information disclosure vulnerability in vmnetdhcp. Successful exploitation of this issue may allow an attacker on a guest VM to disclose sensitive information by leaking memory from the host…

  • CVE-2011-0529HigNov 20, 2019
    risk 0.49cvss 7.5epss 0.01

    Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP.

  • CVE-2019-16200HigNov 20, 2019
    risk 0.49cvss 7.5epss 0.02

    GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The…

  • CVE-2019-6191HigNov 20, 2019
    risk 0.51cvss 7.8epss 0.00

    A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local privilege escalation.

  • CVE-2019-6189HigNov 20, 2019
    risk 0.51cvss 7.8epss 0.00

    A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL.

  • CVE-2019-6186HigNov 20, 2019
    risk 0.57cvss 8.8epss 0.01

    A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an authenticated user to execute code as another user.

  • CVE-2019-6184HigNov 20, 2019
    risk 0.51cvss 7.8epss 0.00

    A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation.

  • CVE-2019-6176HigNov 20, 2019
    risk 0.49cvss 7.5epss 0.01

    A potential vulnerability reported in ThinkPad USB-C Dock Firmware version 3.7.2 may allow a denial of service.

  • CVE-2019-12421HigNov 19, 2019
    risk 0.50cvss 8.8epss 0.02

    When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours…

  • CVE-2011-3349HigNov 19, 2019
    risk 0.51cvss 7.8epss 0.00

    lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation.

  • CVE-2019-10768HigNov 19, 2019
    risk 0.42cvss 7.5epss 0.02

    In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.

  • CVE-2019-11289HigNov 19, 2019
    risk 0.49cvss 8.6epss 0.02

    Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.

  • CVE-2011-2922HigNov 19, 2019
    risk 0.51cvss 7.8epss 0.01

    ktsuss versions 1.4 and prior spawns the GTK interface to run as root. This can allow a local attacker to escalate privileges to root and use the "GTK_MODULES" environment variable to possibly execute arbitrary code.

  • CVE-2019-18934HigNov 19, 2019
    risk 0.48cvss 7.3epss 0.03

    Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in…

  • CVE-2012-6135HigNov 19, 2019
    risk 0.42cvss 7.5epss 0.02

    RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.

  • CVE-2012-6071HigNov 19, 2019
    risk 0.49cvss 7.5epss 0.01

    nuSOAP before 0.7.3-5 does not properly check the hostname of a cert.

  • CVE-2012-6070HigNov 19, 2019
    risk 0.49cvss 7.5epss 0.02

    Falconpl before 0.9.6.9-git20120606 misuses the libcurl API which may allow remote attackers to interfere with security checks.

  • CVE-2014-5439HigNov 19, 2019
    risk 0.51cvss 7.8epss 0.03

    Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a…

  • CVE-2011-4967HigNov 19, 2019
    risk 0.49cvss 7.5epss 0.03

    tog-Pegasus has a package hash collision DoS vulnerability

  • CVE-2011-4954HigNov 19, 2019
    risk 0.51cvss 7.8epss 0.00

    cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE

  • CVE-2011-4952HigNov 19, 2019
    risk 0.50cvss 8.8epss 0.01

    cobbler: Web interface lacks CSRF protection when using Django framework

  • CVE-2011-4919HigNov 19, 2019
    risk 0.49cvss 7.5epss 0.03

    mpack 1.6 has information disclosure via eavesdropping on mails sent by other users

  • CVE-2019-16861HigNov 19, 2019
    risk 0.47cvss 7.3epss 0.00

    Code42 server through 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local server could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary…

  • CVE-2019-16860HigNov 19, 2019
    risk 0.47cvss 7.3epss 0.00

    Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local machine could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute…

  • CVE-2019-12422HigNov 18, 2019
    risk 0.49cvss 7.5epss 0.09

    Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.

  • CVE-2019-19117HigNov 18, 2019
    risk 0.58cvss 8.8epss 0.05

    /usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter.

  • CVE-2019-10764HigNov 18, 2019
    risk 0.41cvss 7.4epss 0.01

    In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage of a bit-length of the scalar during scalar multiplication is possible on an…

  • CVE-2008-7273HigNov 18, 2019
    risk 0.51cvss 7.8epss 0.00

    A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.

  • CVE-2012-4438HigNov 18, 2019
    risk 0.57cvss 8.8epss 0.02

    Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code.

  • CVE-2019-18215HigNov 18, 2019
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in signmgr.dll 6.5.0.819 in Comodo Internet Security through 12.0. A DLL Preloading vulnerability allows an attacker to implant an unsigned DLL named iLog.dll in a partially unprotected product directory. This DLL is then loaded into a high-privileged…

  • CVE-2019-3424HigNov 18, 2019
    risk 0.53cvss 8.2epss 0.01

    authentication issues vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can automatically obtain access to web services from the authorized browser of the same computer and perform operations.

  • CVE-2019-10172HigNov 18, 2019
    risk 0.50cvss 7.5epss 0.17

    A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.

  • CVE-2019-14467HigNov 18, 2019
    risk 0.51cvss 7.8epss 0.02

    The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code Execution by creating an album and attaching a malicious PHP file in the cover photo album, because the file extension is not checked.

  • CVE-2019-19079HigNov 18, 2019
    risk 0.42cvss 7.5epss 0.03

    A memory leak in the qrtr_tun_write_iter() function in net/qrtr/tun.c in the Linux kernel before 5.3 allows attackers to cause a denial of service (memory consumption), aka CID-a21b7f0cff19.

  • CVE-2019-19078HigNov 18, 2019
    risk 0.42cvss 7.5epss 0.07

    A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2.

  • CVE-2019-19075HigNov 18, 2019
    risk 0.00cvss 7.5epss 0.04

    A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e.

  • CVE-2019-19074HigNov 18, 2019
    risk 0.42cvss 7.5epss 0.04

    A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.

  • CVE-2019-19071HigNov 18, 2019
    risk 0.42cvss 7.5epss 0.04

    A memory leak in the rsi_send_beacon() function in drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering rsi_prepare_beacon() failures, aka CID-d563131ef23c.

  • CVE-2019-19070HigNov 18, 2019
    risk 0.42cvss 7.5epss 0.03

    A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_action_or_reset() failures, aka CID-d3b0ffa1d75d. NOTE: third parties dispute the…

  • CVE-2019-19069HigNov 18, 2019
    risk 0.42cvss 7.5epss 0.03

    A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99.

  • CVE-2019-19064HigNov 18, 2019
    risk 0.42cvss 7.5epss 0.03

    A memory leak in the fsl_lpspi_probe() function in drivers/spi/spi-fsl-lpspi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering pm_runtime_get_sync() failures, aka CID-057b8945f78f. NOTE: third parties dispute…

  • CVE-2019-19061HigNov 18, 2019
    risk 0.00cvss 7.5epss 0.03

    A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3.