VYPR

CVEs

101,975 total · page 1570 of 2,040

  • CVE-2019-18804HigNov 7, 2019
    risk 0.49cvss 7.5epss 0.04

    DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.

  • CVE-2019-15004HigNov 7, 2019
    risk 0.49cvss 7.5epss 0.04

    The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with…

  • CVE-2019-18411HigNov 6, 2019
    risk 0.57cvss 8.8epss 0.02

    Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally. Attackers could use the…

  • CVE-2014-9013HigNov 6, 2019
    risk 0.64cvss 8.8epss 0.48

    The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmp_pp_ajax_call with an execution target of wp_insert_user.

  • CVE-2019-5125HigNov 6, 2019
    risk 0.51cvss 7.8epss 0.02

    An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20. A specially crafted J2K image file can cause an out of bounds write of a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to…

  • CVE-2019-5100HigNov 6, 2019
    risk 0.51cvss 7.8epss 0.02

    An exploitable integer overflow vulnerability exists in the BMP header parsing functionality of LEADTOOLS 20. A specially crafted BMP image file can cause an integer overflow, potentially resulting in code execution. An attacker can specially craft a BMP image to trigger this…

  • CVE-2019-5099HigNov 6, 2019
    risk 0.51cvss 7.8epss 0.02

    An exploitable integer underflow vulnerability exists in the CMP-parsing functionality of LEADTOOLS 20. A specially crafted CMP image file can cause an integer underflow, potentially resulting in code execution. An attacker can specially craft a CMP image to trigger this…

  • CVE-2019-5084HigNov 6, 2019
    risk 0.51cvss 7.8epss 0.02

    An exploitable heap out-of-bounds write vulnerability exists in the TIF-parsing functionality of LEADTOOLS 20. A specially crafted TIF image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution. An attacker can…

  • CVE-2009-5045HigNov 6, 2019
    risk 0.49cvss 7.5epss 0.02

    Dump Servlet information leak in jetty before 6.1.22.

  • CVE-2011-1298HigNov 6, 2019
    risk 0.49cvss 7.5epss 0.01

    An Integer Overflow exists in WebKit in Google Chrome before Blink M11 in the macOS WebCore::GraphicsContext::fillRect function.

  • CVE-2009-5050HigNov 6, 2019
    risk 0.49cvss 7.5epss 0.02

    konversation before 1.2.3 allows attackers to cause a denial of service.

  • CVE-2019-6120HigNov 6, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in NiceHash Miner before 2.0.3.0. A missing rate limit while adding a wallet via Email address allows remote attackers to submit a large number of email addresses to identify valid ones. By exploiting this vulnerability with CVE-2019-6122 (Username…

  • CVE-2019-2246HigNov 6, 2019
    risk 0.51cvss 7.8epss 0.00

    Thread start can cause invalid memory writes to arbitrary memory location since the argument is passed by user to kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9205, MDM9640,…

  • CVE-2019-10529HigNov 6, 2019
    risk 0.56cvss 8.1epss 0.02

    Possible use after free issue due to race condition while attempting to mark the entry pages as dirty using function set_page_dirty() in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &…

  • CVE-2019-10524HigNov 6, 2019
    risk 0.51cvss 7.8epss 0.00

    Lack of check for a negative value returned for get_clk is wrongly interpreted as valid pointer and lead to use after free in clk driver in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in…

  • CVE-2019-10512HigNov 6, 2019
    risk 0.51cvss 7.8epss 0.00

    Payload size is not checked before using it as array index in audio in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and…

  • CVE-2019-10502HigNov 6, 2019
    risk 0.51cvss 7.8epss 0.00

    Possible stack overflow when an index equal to io buffer size is accessed in camera module in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, Qualcomm 215, SD…

  • CVE-2019-10496HigNov 6, 2019
    risk 0.51cvss 7.8epss 0.00

    Lack of checking a variable received from driver and populating in Firmware data structure leads to buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,…

  • CVE-2019-10495HigNov 6, 2019
    risk 0.47cvss 7.3epss 0.00

    Arbitrary buffer write issue while processing sequence header during HEVC or AVC encoding. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in…

  • CVE-2019-10491HigNov 6, 2019
    risk 0.51cvss 7.8epss 0.00

    ADSP can be compromised since it`s a general-purpose CPU processing untrusted data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired…

  • CVE-2019-10488HigNov 6, 2019
    risk 0.49cvss 7.5epss 0.01

    Null pointer dereference can occur while parsing invalid chunks while playing the nonstandard clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in…

  • CVE-2010-2247HigNov 6, 2019
    risk 0.49cvss 7.5epss 0.01

    makepasswd 1.10 default settings generate insecure passwords

  • CVE-2019-18800HigNov 6, 2019
    risk 0.57cvss 8.8epss 0.02

    Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the…

  • CVE-2019-13079HigNov 6, 2019
    risk 0.57cvss 8.8epss 0.01

    Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /adminui/history_log.php. The affected parameter is TYPE_NAME.

  • CVE-2019-13078HigNov 6, 2019
    risk 0.57cvss 8.8epss 0.01

    Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /common/user_profile.php. The affected parameter is sort_column.

  • CVE-2019-13076HigNov 6, 2019
    risk 0.57cvss 8.8epss 0.01

    Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /userui/ticket_list.php, and affected parameters are order[0][column]…

  • CVE-2011-4625HigNov 6, 2019
    risk 0.49cvss 7.5epss 0.01

    simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.

  • CVE-2006-4245HigNov 6, 2019
    risk 0.53cvss 8.1epss 0.01

    archivemail 0.6.2 uses temporary files insecurely leading to a possible race condition.

  • CVE-2019-18650HigNov 6, 2019
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSRF vulnerability.

  • CVE-2019-8156HigNov 6, 2019
    risk 0.40cvss 7.2epss 0.02

    A server-side request forgery (SSRF) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to modify store configurations can manipulate the connector api endpoint to enable remote code execution.

  • CVE-2019-8231HigNov 6, 2019
    risk 0.47cvss 7.2epss 0.01

    In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification.

  • CVE-2019-8230HigNov 6, 2019
    risk 0.47cvss 7.2epss 0.01

    In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path.

  • CVE-2019-8229HigNov 6, 2019
    risk 0.47cvss 7.2epss 0.01

    In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates.

  • CVE-2019-8159HigNov 6, 2019
    risk 0.50cvss 8.8epss 0.03

    A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with system data manipulation privileges can execute aribitrary code through arbitrary file deletion and OS command injection.

  • CVE-2019-8155HigNov 6, 2019
    risk 0.49cvss 7.5epss 0.01

    Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorized actions.

  • CVE-2019-8154HigNov 6, 2019
    risk 0.50cvss 8.8epss 0.02

    A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to modify product catalogs can trigger PHP file inclusion through a crafted XML file that specifies product design update.

  • CVE-2019-8151HigNov 6, 2019
    risk 0.40cvss 7.2epss 0.02

    A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to manipulate shippment settings can execute arbitrary code through server-side request forgery due to unsafe handling…

  • CVE-2019-8150HigNov 6, 2019
    risk 0.50cvss 8.8epss 0.02

    A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate layouts and images can insert a malicious payload into the page layout.

  • CVE-2019-8141HigNov 6, 2019
    risk 0.40cvss 7.2epss 0.02

    A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with administrative privileges (system level import) can execute arbitrary code through a Phar deserialization…

  • CVE-2019-8137HigNov 6, 2019
    risk 0.50cvss 8.8epss 0.02

    A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate CMS section of the website can trigger remote code execution via custom layout update.

  • CVE-2019-8134HigNov 6, 2019
    risk 0.50cvss 8.8epss 0.01

    A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with marketing privileges can execute arbitrary SQL queries in the database when accessing email template variables.

  • CVE-2019-8130HigNov 6, 2019
    risk 0.50cvss 8.8epss 0.01

    A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with store manipulation privileges can execute arbitrary SQL queries by getting access to the database connection through group instance in email templates.

  • CVE-2019-8127HigNov 5, 2019
    risk 0.50cvss 8.8epss 0.01

    A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to an account with Newsletter Template editing permission could exfiltrate the Admin login data, and reset their password,…

  • CVE-2019-8125HigNov 5, 2019
    risk 0.47cvss 7.2epss 0.02

    A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution.

  • CVE-2019-8122HigNov 5, 2019
    risk 0.50cvss 8.8epss 0.02

    A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with privileges to create products can craft custom layout update and use import product functionality to enable remote…

  • CVE-2019-8119HigNov 5, 2019
    risk 0.40cvss 7.2epss 0.02

    A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated admin user with import product privileges can delete files through bulk product import and inject code into XSLT file. The…

  • CVE-2019-8116HigNov 5, 2019
    risk 0.42cvss 7.5epss 0.02

    Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can leverage a guest session id value following a successful login to gain access to customer account index page.

  • CVE-2019-8114HigNov 5, 2019
    risk 0.40cvss 7.2epss 0.02

    A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to import features can execute arbitrary code via crafted configuration…

  • CVE-2019-8112HigNov 5, 2019
    risk 0.42cvss 7.5epss 0.01

    A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can bypass the email confirmation mechanism via GET request that captures relevant account data obtained from the POST response related to new…

  • CVE-2019-8111HigNov 5, 2019
    risk 0.50cvss 8.8epss 0.02

    A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage plugin functionality related to email templates to manipulate the interceptor class in a way that allows an attacker to execute…