VYPR

CVEs

101,975 total · page 1564 of 2,040

  • CVE-2019-19060HigNov 18, 2019
    risk 0.00cvss 7.5epss 0.04

    A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41.

  • CVE-2019-19053HigNov 18, 2019
    risk 0.00cvss 7.5epss 0.03

    A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka CID-bbe692e349e2.

  • CVE-2019-19052HigNov 18, 2019
    risk 0.00cvss 7.5epss 0.05

    A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486.

  • CVE-2019-19050HigNov 18, 2019
    risk 0.00cvss 7.5epss 0.05

    A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1.

  • CVE-2019-19049HigNov 18, 2019
    risk 0.42cvss 7.5epss 0.04

    A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures, aka CID-e13de8fe0d6a. NOTE: third parties dispute the…

  • CVE-2019-19048HigNov 18, 2019
    risk 0.42cvss 7.5epss 0.04

    A memory leak in the crypto_reportstat() function in drivers/virt/vboxguest/vboxguest_utils.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering copy_form_user() failures, aka CID-e0b0cb938864.

  • CVE-2019-19044HigNov 18, 2019
    risk 0.42cvss 7.5epss 0.04

    Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering kcalloc() or v3d_job_init() failures, aka CID-29cd13cfd762.

  • CVE-2019-19041HigNov 17, 2019
    risk 0.47cvss 7.2epss 0.02

    An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. They do not correctly verify the integrity of an upgrade package before processing it. As a result, official upgrade packages can be modified to inject an arbitrary Bash script that…

  • CVE-2019-19022HigNov 17, 2019
    risk 0.49cvss 7.5epss 0.01

    iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist…

  • CVE-2019-19011HigNov 17, 2019
    risk 0.49cvss 7.5epss 0.02

    MiniUPnP ngiflib 0.4 has a NULL pointer dereference in GifIndexToTrueColor in ngiflib.c via a file that lacks a palette.

  • CVE-2019-6664HigNov 15, 2019
    risk 0.49cvss 7.5epss 0.01

    On BIG-IP 15.0.0 and 14.1.0-14.1.0.6, under certain conditions, network protections on the management port do not follow current best practices.

  • CVE-2019-6661HigNov 15, 2019
    risk 0.49cvss 7.5epss 0.01

    When the BIG-IP APM 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.4.1, or 11.5.1-11.6.5 system processes certain requests, the APD/APMD daemon may consume excessive resources.

  • CVE-2019-6660HigNov 15, 2019
    risk 0.49cvss 7.5epss 0.01

    On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed HTTP requests may consume excessive amounts of systems resources which may lead to a denial of service.

  • CVE-2019-6659HigNov 15, 2019
    risk 0.49cvss 7.5epss 0.01

    On version 14.0.0-14.1.0.1, BIG-IP virtual servers with TLSv1.3 enabled may experience a denial of service due to undisclosed incoming messages.

  • CVE-2019-18372HigNov 15, 2019
    risk 0.51cvss 7.8epss 0.00

    Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an…

  • CVE-2019-12759HigNov 15, 2019
    risk 0.51cvss 7.8epss 0.00

    Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise…

  • CVE-2019-12757HigNov 15, 2019
    risk 0.51cvss 7.8epss 0.00

    Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an…

  • CVE-2018-18368HigNov 15, 2019
    risk 0.51cvss 7.8epss 0.01

    Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally…

  • CVE-2011-2726HigNov 15, 2019
    risk 0.49cvss 7.5epss 0.02

    An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent…

  • CVE-2016-5285HigNov 15, 2019
    risk 0.49cvss 7.5epss 0.02

    A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.

  • CVE-2014-0023HigNov 15, 2019
    risk 0.51cvss 7.8epss 0.00

    OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution

  • CVE-2014-0021HigNov 15, 2019
    risk 0.49cvss 7.5epss 0.04

    Chrony before 1.29.1 has traffic amplification in cmdmon protocol

  • CVE-2013-7089HigNov 15, 2019
    risk 0.42cvss 7.5epss 0.02

    ClamAV before 0.97.7: dbg_printhex possible information leak

  • CVE-2019-14869HigNov 15, 2019
    risk 0.57cvss 8.8epss 0.03

    A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted…

  • CVE-2019-18986HigNov 15, 2019
    risk 0.42cvss 7.5epss 0.01

    Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.

  • CVE-2019-11931HigNov 14, 2019
    risk 0.51cvss 7.8epss 0.01

    A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to…

  • CVE-2019-18980HigNov 14, 2019
    risk 0.49cvss 7.5epss 0.00

    On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use…

  • CVE-2019-15804HigNov 14, 2019
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\…

  • CVE-2019-15801HigNov 14, 2019
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found…

  • CVE-2019-15799HigNov 14, 2019
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via…

  • CVE-2019-11111HigNov 14, 2019
    risk 0.51cvss 7.8epss 0.00

    Pointer corruption in the Unified Shader Compiler in Intel(R) Graphics Drivers before 10.18.14.5074 (aka 15.36.x.5074) may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2019-0124HigNov 14, 2019
    risk 0.51cvss 7.8epss 0.00

    Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting TXT, may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2019-0123HigNov 14, 2019
    risk 0.51cvss 7.8epss 0.00

    Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting SGX, may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2019-11112HigNov 14, 2019
    risk 0.51cvss 7.8epss 0.00

    Memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver before 26.20.100.6813 (DCH) or 26.20.100.6812 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2019-0155HigNov 14, 2019
    risk 0.51cvss 7.8epss 0.01

    Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R)…

  • CVE-2019-0145HigNov 14, 2019
    risk 0.51cvss 7.8epss 0.00

    Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.

  • CVE-2019-0142HigNov 14, 2019
    risk 0.53cvss 8.2epss 0.00

    Insufficient access control in ilp60x64.sys driver for Intel(R) Ethernet 700 Series Controllers before version 1.33.0.0 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2019-0140HigNov 14, 2019
    risk 0.57cvss 8.8epss 0.01

    Buffer overflow in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an unauthenticated user to potentially enable an escalation of privilege via an adjacent access.

  • CVE-2013-3070HigNov 14, 2019
    risk 0.49cvss 7.5epss 0.02

    An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN.

  • CVE-2019-16110HigNov 14, 2019
    risk 0.53cvss 8.1epss 0.02

    The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and execute arbitrary code by only knowing the victim's IP address, because packet data can be injected into the unencrypted UDP packet stream.

  • CVE-2019-15465HigNov 14, 2019
    risk 0.51cvss 7.8epss 0.00

    The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteubm/j7y17lte:8.1.0/M1AJQ/J730GMUBS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows…

  • CVE-2019-15464HigNov 14, 2019
    risk 0.51cvss 7.8epss 0.00

    The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteub/j7y17lte:8.1.0/M1AJQ/J730GUBS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows…

  • CVE-2019-15463HigNov 14, 2019
    risk 0.51cvss 7.8epss 0.00

    The Samsung j7popeltemtr Android device with a build fingerprint of samsung/j7popeltemtr/j7popeltemtr:8.1.0/M1AJQ/J727T1UVS5BSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0)…

  • CVE-2019-15462HigNov 14, 2019
    risk 0.51cvss 7.8epss 0.00

    The Samsung J7 Duo Android device with a build fingerprint of samsung/j7duolteub/j7duolte:8.0.0/R16NW/J720MUBS3ASB2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows…

  • CVE-2019-15461HigNov 14, 2019
    risk 0.51cvss 7.8epss 0.00

    The Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB4:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows…

  • CVE-2019-15460HigNov 14, 2019
    risk 0.51cvss 7.8epss 0.00

    The Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXVS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows…

  • CVE-2019-15459HigNov 14, 2019
    risk 0.51cvss 7.8epss 0.00

    The Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows…

  • CVE-2019-15458HigNov 14, 2019
    risk 0.51cvss 7.8epss 0.00

    The Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXXS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows…

  • CVE-2019-15457HigNov 14, 2019
    risk 0.51cvss 7.8epss 0.00

    The Samsung J6 Android device with a build fingerprint of samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXXU3ASC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other…

  • CVE-2019-15456HigNov 14, 2019
    risk 0.51cvss 7.8epss 0.00

    The Samsung J6 Android device with a build fingerprint of samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXXU3ASC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other…