VYPR

CVEs

101,975 total · page 1571 of 2,040

  • CVE-2019-8110HigNov 5, 2019
    risk 0.50cvss 8.8epss 0.02

    A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage email templates hierarchy to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code.

  • CVE-2019-8109HigNov 5, 2019
    risk 0.45cvss 8.0epss 0.01

    A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution.

  • CVE-2019-8093HigNov 5, 2019
    risk 0.50cvss 8.8epss 0.01

    An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products to read/delete an arbitary files.

  • CVE-2019-8091HigNov 5, 2019
    risk 0.47cvss 7.2epss 0.02

    A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution.

  • CVE-2019-5089HigNov 5, 2019
    risk 0.51cvss 7.8epss 0.02

    An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 4.0.7 x64. A specially crafted JPEG file can cause an out-of-bounds memory write, allowing an attacker to execute arbitrary code on the victim machine. An attacker could exploit a…

  • CVE-2019-5088HigNov 5, 2019
    risk 0.51cvss 7.8epss 0.02

    An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 14.0.7 x64. A specially crafted BMP file can cause an out-of-bounds memory write, allowing a potential attacker to execute arbitrary code on the victim machine. Can trigger this…

  • CVE-2019-16284HigNov 5, 2019
    risk 0.47cvss 7.2epss 0.02

    A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to…

  • CVE-2018-19167HigNov 5, 2019
    risk 0.49cvss 7.5epss 0.01

    CloakCoin through 2.2.2.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.

  • CVE-2018-19166HigNov 5, 2019
    risk 0.49cvss 7.5epss 0.01

    peercoin through 0.6.4 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.

  • CVE-2018-19165HigNov 5, 2019
    risk 0.49cvss 7.5epss 0.01

    neblio through 1.5.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.

  • CVE-2018-19164HigNov 5, 2019
    risk 0.49cvss 7.5epss 0.01

    reddcoin through 2.1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.

  • CVE-2018-19163HigNov 5, 2019
    risk 0.49cvss 7.5epss 0.01

    stratisX through 2.0.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.

  • CVE-2018-19162HigNov 5, 2019
    risk 0.49cvss 7.5epss 0.01

    Divi through 4.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.

  • CVE-2018-19161HigNov 5, 2019
    risk 0.49cvss 7.5epss 0.01

    alqo through 4.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.

  • CVE-2018-19160HigNov 5, 2019
    risk 0.49cvss 7.5epss 0.01

    Diamond through 3.0.1.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.

  • CVE-2018-19159HigNov 5, 2019
    risk 0.49cvss 7.5epss 0.01

    lux through 5.2.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.

  • CVE-2018-19157HigNov 5, 2019
    risk 0.49cvss 7.5epss 0.01

    Phore through 1.3.3.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.

  • CVE-2018-19156HigNov 5, 2019
    risk 0.49cvss 7.5epss 0.01

    PIVX through 3.1.03 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk.

  • CVE-2018-19155HigNov 5, 2019
    risk 0.49cvss 7.5epss 0.01

    navcoin through 4.3.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM.

  • CVE-2018-19154HigNov 5, 2019
    risk 0.49cvss 7.5epss 0.01

    HTMLCOIN through 2.12 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM.

  • CVE-2018-19153HigNov 5, 2019
    risk 0.49cvss 7.5epss 0.01

    particl through 0.17 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM.

  • CVE-2018-19152HigNov 5, 2019
    risk 0.49cvss 7.5epss 0.01

    emercoin through 0.7 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM.

  • CVE-2019-10084HigNov 5, 2019
    risk 0.49cvss 7.5epss 0.01

    In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and thereby potentially bypass authorization and audit mechanisms. Session and query…

  • CVE-2010-2222HigNov 5, 2019
    risk 0.49cvss 7.5epss 0.01

    The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query.

  • CVE-2019-1789HigNov 5, 2019
    risk 0.49cvss 7.5epss 0.01

    ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking.

  • CVE-2019-15966HigNov 5, 2019
    risk 0.50cvss 7.7epss 0.01

    A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation in the web application.…

  • CVE-2019-12625HigNov 5, 2019
    risk 0.49cvss 7.5epss 0.02

    ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.

  • CVE-2019-18631HigNov 5, 2019
    risk 0.51cvss 7.8epss 0.01

    The Windows component of Centrify Authentication and Privilege Elevation Services 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1 (18.8), 3.5.2 (18.11), and 3.6.0 (19.6) does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input…

  • CVE-2019-17062HigNov 5, 2019
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID eShop Professional Edition Version 4.9.x-4.10.x and OXID eShop Community Edition Version: 4.9.x-4.10.x. By using a specially crafted URL, users…

  • CVE-2019-17598HigNov 5, 2019
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the…

  • CVE-2019-17221HigNov 5, 2019
    risk 0.49cvss 7.5epss 0.03

    PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a…

  • CVE-2013-6364HigNov 5, 2019
    risk 0.53cvss 8.8epss 0.02

    Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book

  • CVE-2019-3685HigNov 5, 2019
    risk 0.48cvss 7.4epss 0.01

    Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary

  • CVE-2010-3668HigNov 4, 2019
    risk 0.49cvss 7.5epss 0.01

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl.

  • CVE-2013-4374HigNov 4, 2019
    risk 0.46cvss 7.1epss 0.00

    An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files.

  • CVE-2010-3663HigNov 4, 2019
    risk 0.57cvss 8.8epss 0.02

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.

  • CVE-2010-3662HigNov 4, 2019
    risk 0.57cvss 8.8epss 0.01

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.

  • CVE-2017-5333HigNov 4, 2019
    risk 0.51cvss 7.8epss 0.02

    Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.

  • CVE-2017-5332HigNov 4, 2019
    risk 0.51cvss 7.8epss 0.02

    The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

  • CVE-2017-5331HigNov 4, 2019
    risk 0.51cvss 7.8epss 0.00

    Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

  • CVE-2019-18178HigNov 4, 2019
    risk 0.49cvss 7.5epss 0.01

    Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The function FF_Close() is defined in ff_file.c. The file handler pxFile is freed by ffconfigFREE, which (by default) is a macro definition of vPortFree(), but it is reused to flush modified file content from the…

  • CVE-2019-17210HigNov 4, 2019
    risk 0.49cvss 7.5epss 0.01

    A denial-of-service issue was discovered in the MQTT library in Arm Mbed OS 2017-11-02. The function readMQTTLenString() is called by the function MQTTDeserialize_publish() to get the length and content of the MQTT topic name. In the function readMQTTLenString(),…

  • CVE-2013-4251HigNov 4, 2019
    risk 0.44cvss 7.8epss 0.00

    The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.

  • CVE-2005-4890HigNov 4, 2019
    risk 0.44cvss 7.8epss 0.01

    There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.

  • CVE-2019-13496HigNov 4, 2019
    risk 0.53cvss 8.1epss 0.01

    One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity Defender product, and replacing a failed SAML response with a successful SAML response.

  • CVE-2013-4105HigNov 4, 2019
    risk 0.49cvss 7.5epss 0.01

    Cryptocat before 2.0.22 has Multiparty Encryption Scheme Information Disclosure

  • CVE-2013-2257HigNov 4, 2019
    risk 0.49cvss 7.5epss 0.02

    Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brute Force Weakness

  • CVE-2019-18684HigNov 4, 2019
    risk 0.46cvss 7.0epss 0.00

    Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=(ALL)…

  • CVE-2019-18683HigNov 4, 2019
    risk 0.46cvss 7.0epss 0.01

    An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race…

  • CVE-2013-4104HigNov 4, 2019
    risk 0.49cvss 7.5epss 0.01

    Cryptocat before 2.0.22 has weak encryption in the Socialist Millionnaire Protocol