VYPR

CVEs

101,975 total · page 1572 of 2,040

  • CVE-2013-2262HigNov 4, 2019
    risk 0.49cvss 7.5epss 0.02

    Cryptocat strophe.js before 2.0.22 has information disclosure

  • CVE-2013-2261HigNov 4, 2019
    risk 0.53cvss 7.5epss 0.12

    Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Information Disclosure

  • CVE-2019-18680HigNov 4, 2019
    risk 0.42cvss 7.5epss 0.04

    An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0.

  • CVE-2019-0350HigNov 4, 2019
    risk 0.49cvss 7.5epss 0.01

    SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker to send a malformed connection request, which crashes the indexserver of an SAP HANA instance, leading to Denial of Service

  • CVE-2018-19031HigNov 4, 2019
    risk 0.57cvss 8.8epss 0.02

    A command injection vulnerability exists when the authorized user passes crafted parameter to background process in the router. This affects 360 router series products (360 Safe Router P0,P1,P2,P3,P4), the affected version is V2.0.61.58897.

  • CVE-2013-4100HigNov 4, 2019
    risk 0.49cvss 7.5epss 0.02

    Cryptocat before 2.0.22 has Remote Denial of Service via username

  • CVE-2013-4412HigNov 4, 2019
    risk 0.49cvss 7.5epss 0.03

    slim has NULL pointer dereference when using crypt() method from glibc 2.17

  • CVE-2019-18665HigNov 2, 2019
    risk 0.50cvss 7.5epss 0.15

    The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion.

  • CVE-2019-18661HigNov 2, 2019
    risk 0.49cvss 7.5epss 0.02

    Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by changing a certain check_pwd return value from 0 to 1. An attack does not achieve administrative control of a device; however, the attacker can view all of the web pages of the administration console.

  • CVE-2005-2352HigNov 1, 2019
    risk 0.53cvss 8.1epss 0.01

    I race condition in Temp files was found in gs-gpl before 8.56 addons scripts.

  • CVE-2013-0165HigNov 1, 2019
    risk 0.48cvss 7.3epss 0.01

    cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp.

  • CVE-2013-4367HigNov 1, 2019
    risk 0.44cvss 7.8epss 0.00

    ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'.

  • CVE-2013-2227HigNov 1, 2019
    risk 0.53cvss 7.5epss 0.13

    GLPI 0.83.7 has Local File Inclusion in common.tabs.php.

  • CVE-2019-15588HigNov 1, 2019
    risk 0.47cvss 7.2epss 0.06

    There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability.

  • CVE-2012-2979HigNov 1, 2019
    risk 0.49cvss 7.5epss 0.02

    FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child server process (SIGSEGV) and cause a denial of service in the NSD server.

  • CVE-2013-4751HigNov 1, 2019
    risk 0.53cvss 8.1epss 0.01

    php-symfony2-Validator has loss of information during serialization

  • CVE-2013-2600HigNov 1, 2019
    risk 0.49cvss 7.5epss 0.02

    MiniUPnPd has information disclosure use of snprintf()

  • CVE-2019-18230HigOct 31, 2019
    risk 0.49cvss 7.5epss 0.01

    Honeywell equIP and Performance series IP cameras, multiple versions, A vulnerability exists where the affected product allows unauthenticated access to audio streaming over HTTP.

  • CVE-2019-18228HigOct 31, 2019
    risk 0.49cvss 7.5epss 0.02

    Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vulnerability exists in the affected products where a specially crafted HTTP packet request could result in a denial of service.

  • CVE-2019-18227HigOct 31, 2019
    risk 0.49cvss 7.5epss 0.03

    Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data.

  • CVE-2019-16906HigOct 31, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. By using plugins/servlet/nfj/PushNotification?username= with a modified username, a different user's notifications can be read without authentication/authorization. These…

  • CVE-2019-16675HigOct 31, 2019
    risk 0.51cvss 7.8epss 0.03

    An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original…

  • CVE-2019-5043HigOct 31, 2019
    risk 0.49cvss 7.5epss 0.01

    An exploitable denial-of-service vulnerability exists in the Weave daemon of the Nest Cam IQ Indoor, version 4620002. A set of TCP connections can cause unrestricted resource allocation, resulting in a denial of service. An attacker can connect multiple times to trigger this…

  • CVE-2019-5030HigOct 31, 2019
    risk 0.57cvss 8.8epss 0.03

    A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro MR1 (7,0,2019,0220). While parsing a document text info container, the TxMasterStyleAtom::parse function is incorrectly checking the…

  • CVE-2019-5010HigOct 31, 2019
    risk 0.50cvss 7.5epss 0.21

    An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS…

  • CVE-2018-4064HigOct 31, 2019
    risk 0.47cvss 7.1epss 0.16

    An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user…

  • CVE-2018-4002HigOct 31, 2019
    risk 0.49cvss 7.5epss 0.02

    An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. When parsing labels in mDNS packets, the firewall unsafely handles label compression pointers, leading to an uncontrolled recursion that eventually…

  • CVE-2018-3983HigOct 31, 2019
    risk 0.51cvss 7.8epss 0.01

    An exploitable uninitialized pointer vulnerability exists in the Word document parser of the the Atlantis Word Processor. A specially crafted document can cause an array fetch to return an uninitialized pointer and then performs some arithmetic before writing a value to the…

  • CVE-2013-2075HigOct 31, 2019
    risk 0.57cvss 8.8epss 0.02

    Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. NOTE: this issue exists because of…

  • CVE-2012-6122HigOct 31, 2019
    risk 0.49cvss 7.5epss 0.02

    Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value.

  • CVE-2019-5150HigOct 31, 2019
    risk 0.58cvss 8.9epss 0.02

    An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. When the "VideoTags" plugin is enabled, a specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion,…

  • CVE-2019-18396HigOct 31, 2019
    risk 0.51cvss 7.2epss 0.16

    An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to…

  • CVE-2019-15710HigOct 31, 2019
    risk 0.47cvss 7.2epss 0.02

    An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted "execute date" commands.

  • CVE-2013-2024HigOct 31, 2019
    risk 0.58cvss 8.8epss 0.05

    OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0.

  • CVE-2013-2012HigOct 31, 2019
    risk 0.40cvss 7.3epss 0.00

    autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory.

  • CVE-2019-12612HigOct 31, 2019
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. In order to exploit this vulnerability, an attacker needs presence in Bitdefender BOX setup network and…

  • CVE-2019-3421HigOct 31, 2019
    risk 0.52cvss 8.0epss 0.01

    The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE product ZX297520V3 are impacted by a Command Injection vulnerability. Unauthorized users can exploit this vulnerability to control the user terminal system.

  • CVE-2019-18368HigOct 31, 2019
    risk 0.48cvss 7.3epss 0.01

    In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible.

  • CVE-2019-18423HigOct 31, 2019
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEM_add_to_physmap hypercall. p2m->max_mapped_gfn is used by the functions p2m_resolve_translation_fault() and p2m_get_entry() to sanity check guest physical frame.…

  • CVE-2019-18422HigOct 31, 2019
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system…

  • CVE-2019-18421HigOct 31, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues with restartable PV type change operations. To avoid using shadow pagetables for…

  • CVE-2010-0747HigOct 30, 2019
    risk 0.51cvss 7.8epss 0.00

    drbd8 allows local users to bypass intended restrictions for certain actions via netlink packets, similar to CVE-2009-3725.

  • CVE-2010-0737HigOct 30, 2019
    risk 0.52cvss 8.0epss 0.01

    A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user.

  • CVE-2019-18635HigOct 30, 2019
    risk 0.42cvss 7.5epss 0.02

    An issue was discovered in Mooltipass Moolticute through v0.42.1 and v0.42.x-testing through v0.42.5-testing. There is a NULL pointer dereference in MPDevice_win.cpp.

  • CVE-2019-17323HigOct 30, 2019
    risk 0.57cvss 8.8epss 0.02

    ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation and execution via report print function of rexpert viewer with modified XML document. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.

  • CVE-2013-1391HigOct 30, 2019
    risk 0.58cvss 7.5epss 0.76

    Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration.

  • CVE-2019-18206HigOct 30, 2019
    risk 0.57cvss 8.8epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Zucchetti InfoBusiness before and including 4.4.1 allows arbitrary file upload.

  • CVE-2019-18204HigOct 30, 2019
    risk 0.57cvss 8.8epss 0.02

    Zucchetti InfoBusiness before and including 4.4.1 allows any authenticated user to upload .php files in order to achieve code execution.

  • CVE-2018-16417HigOct 30, 2019
    risk 0.49cvss 7.5epss 0.03

    Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection.

  • CVE-2019-15682HigOct 30, 2019
    risk 0.49cvss 7.5epss 0.01

    RDesktop version 1.8.4 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. These issues have been fixed in version 1.8.5