VYPR

CVEs

101,975 total · page 1569 of 2,040

  • CVE-2019-18817HigNov 12, 2019
    risk 0.42cvss 7.5epss 0.01

    Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836.

  • CVE-2014-7143HigNov 12, 2019
    risk 0.42cvss 7.5epss 0.03

    Python Twisted 14.0 trustRoot is not respected in HTTP client

  • CVE-2019-18874HigNov 12, 2019
    risk 0.42cvss 7.5epss 0.04

    psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.

  • CVE-2019-18862HigNov 11, 2019
    risk 0.54cvss 7.8epss 0.01

    maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.

  • CVE-2019-18857HigNov 11, 2019
    risk 0.42cvss 7.5epss 0.01

    darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript :alert substring.

  • CVE-2019-18856HigNov 11, 2019
    risk 0.49cvss 7.5epss 0.01

    A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.

  • CVE-2019-18855HigNov 11, 2019
    risk 0.49cvss 7.5epss 0.03

    A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes.

  • CVE-2019-18854HigNov 11, 2019
    risk 0.49cvss 7.5epss 0.03

    A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '' substring.

  • CVE-2019-18841HigNov 11, 2019
    risk 0.41cvss 7.3epss 0.01

    Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution.

  • CVE-2019-18836HigNov 11, 2019
    risk 0.49cvss 7.5epss 0.02

    Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used."

  • CVE-2019-18845HigNov 9, 2019
    risk 0.46cvss 7.1epss 0.00

    The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling…

  • CVE-2019-18840HigNov 9, 2019
    risk 0.49cvss 7.5epss 0.02

    In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the…

  • CVE-2009-4011HigNov 9, 2019
    risk 0.53cvss 8.1epss 0.01

    dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS console.

  • CVE-2019-5701HigNov 9, 2019
    risk 0.51cvss 7.8epss 0.01

    NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL…

  • CVE-2019-5697HigNov 9, 2019
    risk 0.46cvss 7.1epss 0.00

    NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in which it may grant a guest access to memory that it does not own, which may lead to information disclosure or denial of service.

  • CVE-2019-5692HigNov 9, 2019
    risk 0.51cvss 7.8epss 0.00

    NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the product uses untrusted input when calculating or using an array index, which may lead to escalation of privileges or denial of…

  • CVE-2019-5691HigNov 9, 2019
    risk 0.51cvss 7.8epss 0.00

    NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a NULL pointer is dereferenced, which may lead to denial of service or escalation of privileges.

  • CVE-2019-5690HigNov 9, 2019
    risk 0.51cvss 7.8epss 0.00

    NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the size of an input buffer is not validated, which may lead to denial of service or escalation of privileges.

  • CVE-2019-5689HigNov 9, 2019
    risk 0.51cvss 7.8epss 0.00

    NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of…

  • CVE-2018-1721HigNov 9, 2019
    risk 0.57cvss 8.8epss 0.02

    IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM…

  • CVE-2019-13539HigNov 8, 2019
    risk 0.46cvss 7.0epss 0.00

    Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While…

  • CVE-2019-3426HigNov 8, 2019
    risk 0.57cvss 8.8epss 0.01

    The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. An attacker could exploit this vulnerability for unauthorized operations.

  • CVE-2019-3425HigNov 8, 2019
    risk 0.57cvss 8.8epss 0.01

    The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. An attacker could exploit this vulnerability to directly reset or change passwords of other accounts.

  • CVE-2019-12410HigNov 8, 2019
    risk 0.49cvss 7.5epss 0.05

    While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The…

  • CVE-2019-12408HigNov 8, 2019
    risk 0.49cvss 7.5epss 0.03

    It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally…

  • CVE-2019-17661HigNov 8, 2019
    risk 0.57cvss 8.8epss 0.02

    A CSV injection in the codepress-admin-columns (aka Admin Columns) plugin 3.4.6 for WordPress allows malicious users to gain remote control of other computers. By choosing formula code as his first or last name, an attacker can create a user with a name that contains malicious…

  • CVE-2019-17327HigNov 8, 2019
    risk 0.47cvss 7.2epss 0.03

    JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. That leads remote attacker to execute arbitrary code via uploaded file.

  • CVE-2019-16209HigNov 8, 2019
    risk 0.48cvss 7.4epss 0.01

    A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections.

  • CVE-2019-16208HigNov 8, 2019
    risk 0.49cvss 7.5epss 0.00

    Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.).

  • CVE-2019-16207HigNov 8, 2019
    risk 0.51cvss 7.8epss 0.00

    Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges.

  • CVE-2019-16205HigNov 8, 2019
    risk 0.57cvss 8.8epss 0.01

    A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal.

  • CVE-2013-1889HigNov 8, 2019
    risk 0.42cvss 7.5epss 0.02

    mod_ruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot.

  • CVE-2019-10222HigNov 8, 2019
    risk 0.49cvss 7.5epss 0.05

    A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW…

  • CVE-2008-7272HigNov 8, 2019
    risk 0.49cvss 7.5epss 0.01

    FireGPG before 0.6 handle user’s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users’s private key.

  • CVE-2013-1809HigNov 7, 2019
    risk 0.49cvss 7.5epss 0.02

    Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories.

  • CVE-2013-1771HigNov 7, 2019
    risk 0.42cvss 7.5epss 0.03

    The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo.

  • CVE-2008-3278HigNov 7, 2019
    risk 0.51cvss 7.8epss 0.00

    frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f* (e.g. fcore, fcatch, fstack, fstep, ...) shipped in the package. A local attacker can exploit this vulnerability…

  • CVE-2007-5743HigNov 7, 2019
    risk 0.49cvss 7.5epss 0.01

    viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option.

  • CVE-2010-2450HigNov 7, 2019
    risk 0.49cvss 7.5epss 0.01

    The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key…

  • CVE-2019-3465HigNov 7, 2019
    risk 0.50cvss 8.8epss 0.03

    Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML…

  • CVE-2012-0051HigNov 7, 2019
    risk 0.48cvss 7.4epss 0.02

    Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval.

  • CVE-2010-2243HigNov 7, 2019
    risk 0.42cvss 7.5epss 0.03

    A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.34 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/current_clocksource results in an OOPS.

  • CVE-2019-18813HigNov 7, 2019
    risk 0.00cvss 7.5epss 0.04

    A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8.

  • CVE-2019-18812HigNov 7, 2019
    risk 0.42cvss 7.5epss 0.03

    A memory leak in the sof_dfsentry_write() function in sound/soc/sof/debug.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-c0a333d842ef.

  • CVE-2019-18810HigNov 7, 2019
    risk 0.00cvss 7.5epss 0.03

    A memory leak in the komeda_wb_connector_add() function in drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering drm_writeback_connector_init() failures, aka…

  • CVE-2019-18807HigNov 7, 2019
    risk 0.00cvss 7.5epss 0.03

    Two memory leaks in the sja1105_static_config_upload() function in drivers/net/dsa/sja1105/sja1105_spi.c in the Linux kernel before 5.3.5 allow attackers to cause a denial of service (memory consumption) by triggering static_config_buf_prepare_for_upload() or…

  • CVE-2019-17605HigNov 7, 2019
    risk 0.57cvss 8.8epss 0.01

    A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account (by also exploiting CVE-2019-17604) via a modified candidate id and an additional password parameter. The outcome is that the password of this…

  • CVE-2019-16877HigNov 7, 2019
    risk 0.50cvss 8.8epss 0.01

    Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4).

  • CVE-2019-16876HigNov 7, 2019
    risk 0.42cvss 7.5epss 0.01

    Portainer before 1.22.1 allows Directory Traversal.

  • CVE-2019-12331HigNov 7, 2019
    risk 0.50cvss 8.8epss 0.01

    PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By…