VYPR

CVEs

101,975 total · page 1573 of 2,040

  • CVE-2019-7620HigOct 30, 2019
    risk 0.42cvss 7.5epss 0.02

    Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop…

  • CVE-2018-5742HigOct 30, 2019
    risk 0.49cvss 7.5epss 0.02

    While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the…

  • CVE-2018-5735HigOct 30, 2019
    risk 0.49cvss 7.5epss 0.01

    The Debian backport of the fix for CVE-2017-3137 leads to assertion failure in validator.c:1858; Affects Debian versions 9.9.5.dfsg-9+deb8u15; 9.9.5.dfsg-9+deb8u18; 9.10.3.dfsg.P4-12.3+deb9u5; 9.11.5.P4+dfsg-5.1 No ISC releases are affected. Other packages from other…

  • CVE-2010-2064HigOct 29, 2019
    risk 0.46cvss 7.1epss 0.00

    rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr.

  • CVE-2010-2061HigOct 29, 2019
    risk 0.51cvss 7.8epss 0.00

    rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started.

  • CVE-2010-1678HigOct 29, 2019
    risk 0.49cvss 7.5epss 0.02

    Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing.

  • CVE-2018-19151HigOct 29, 2019
    risk 0.49cvss 7.5epss 0.01

    qtum through 0.16 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM.

  • CVE-2018-18931HigOct 29, 2019
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in the Tightrope Media Carousel digital signage product 7.0.4.104. Due to insecure default permissions on the C:\TRMS\Services directory, an attacker who has gained access to the system can elevate their privileges from a restricted account to full SYSTEM…

  • CVE-2018-18930HigOct 29, 2019
    risk 0.57cvss 8.8epss 0.03

    The Tightrope Media Carousel digital signage product 7.0.4.104 contains an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. An authenticated attacker can upload a crafted ZIP file (based on an…

  • CVE-2018-18929HigOct 29, 2019
    risk 0.57cvss 8.8epss 0.01

    The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4.104 is shipped with a default local administrator username and password. This can be found by a limited user account in an "unattend.xml" file left over on the C: drive from the Sysprep process. An attacker…

  • CVE-2011-1408HigOct 29, 2019
    risk 0.53cvss 8.2epss 0.02

    ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks.

  • CVE-2019-9926HigOct 29, 2019
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in LabKey Server 19.1.0. It is possible to force a logged-in administrator to execute code through a /reports-viewScriptReport.view CSRF vulnerability.

  • CVE-2019-9757HigOct 29, 2019
    risk 0.52cvss 7.5epss 0.37

    An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read.

  • CVE-2019-6851HigOct 29, 2019
    risk 0.51cvss 7.5epss 0.30

    A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol.

  • CVE-2019-6850HigOct 29, 2019
    risk 0.49cvss 7.5epss 0.02

    A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when reading specific registers with the REST API of the controller/communication module.

  • CVE-2019-6849HigOct 29, 2019
    risk 0.49cvss 7.5epss 0.02

    A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when using specific Modbus services provided by the REST API of the controller/communication module.

  • CVE-2019-6848HigOct 29, 2019
    risk 0.59cvss 8.6epss 0.33

    A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info), which could cause a Denial of Service attack on the PLC when sending…

  • CVE-2019-6845HigOct 29, 2019
    risk 0.49cvss 7.5epss 0.01

    A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information when transferring applications to the controller using Modbus…

  • CVE-2019-3979HigOct 29, 2019
    risk 0.49cvss 7.5epss 0.01

    RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can…

  • CVE-2019-3978HigOct 29, 2019
    risk 0.53cvss 7.5epss 0.10

    RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially resulting…

  • CVE-2019-3977HigOct 29, 2019
    risk 0.49cvss 7.5epss 0.01

    RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly…

  • CVE-2019-3976HigOct 29, 2019
    risk 0.57cvss 8.8epss 0.02

    RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell…

  • CVE-2019-18608HigOct 29, 2019
    risk 0.49cvss 7.5epss 0.01

    Cezerin v0.33.0 allows unauthorized order-information modification because certain internal attributes can be overwritten via a conflicting name when processing order requests. Hence, a malicious customer can manipulate an order (e.g., its payment status or shipping fee) by…

  • CVE-2019-18602HigOct 29, 2019
    risk 0.49cvss 7.5epss 0.02

    OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer.

  • CVE-2019-18601HigOct 29, 2019
    risk 0.49cvss 7.5epss 0.01

    OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler.

  • CVE-2019-16647HigOct 29, 2019
    risk 0.47cvss 7.2epss 0.02

    Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows.

  • CVE-2019-15681HigOct 29, 2019
    risk 0.00cvss 7.5epss 0.03

    LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory…

  • CVE-2019-15680HigOct 29, 2019
    risk 0.49cvss 7.5epss 0.03

    TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity.

  • CVE-2019-10210HigOct 29, 2019
    risk 0.46cvss 7.0epss 0.00

    Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file.

  • CVE-2019-10208HigOct 29, 2019
    risk 0.57cvss 8.8epss 0.02

    A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on…

  • CVE-2019-0210HigOct 29, 2019
    risk 0.42cvss 7.5epss 0.07

    In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.

  • CVE-2019-0205HigOct 29, 2019
    risk 0.49cvss 7.5epss 0.09

    In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language…

  • CVE-2012-2945HigOct 29, 2019
    risk 0.49cvss 7.5epss 0.03

    Hadoop 1.0.3 contains a symlink vulnerability.

  • CVE-2012-0046HigOct 29, 2019
    risk 0.49cvss 7.5epss 0.01

    mediawiki allows deleted text to be exposed

  • CVE-2011-4931HigOct 29, 2019
    risk 0.49cvss 7.5epss 0.01

    gpw generates shorter passwords than required

  • CVE-2011-2538HigOct 29, 2019
    risk 0.47cvss 7.2epss 0.03

    Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability which allows remote, authenticated attackers to execute arbitrary commands.

  • CVE-2009-3723HigOct 29, 2019
    risk 0.49cvss 7.5epss 0.01

    asterisk allows calls on prohibited networks

  • CVE-2019-4546HigOct 29, 2019
    risk 0.57cvss 8.8epss 0.01

    After installing the IBM Maximo Health- Safety and Environment Manager 7.6.1, a user is granted additional privileges that they are not normally allowed to access. IBM X-Force ID: 165948.

  • CVE-2019-4339HigOct 29, 2019
    risk 0.49cvss 7.5epss 0.01

    IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 161418.

  • CVE-2019-4314HigOct 29, 2019
    risk 0.49cvss 7.5epss 0.01

    IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. IBM X-Force ID: 1610141.

  • CVE-2019-18188HigOct 28, 2019
    risk 0.49cvss 7.5epss 0.05

    Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution…

  • CVE-2019-18187HigKEVOct 28, 2019
    risk 0.63cvss 7.5epss 0.25

    Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution…

  • CVE-2017-15725HigOct 28, 2019
    risk 0.49cvss 7.5epss 0.01

    An XML External Entity Injection vulnerability exists in Dzone AnswerHub.

  • CVE-2012-5577HigOct 28, 2019
    risk 0.49cvss 7.5epss 0.01

    Python keyring lib before 0.10 created keyring files with world-readable permissions.

  • CVE-2019-3636HigOct 28, 2019
    risk 0.49cvss 7.5epss 0.00

    A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware…

  • CVE-2019-11043HigKEVOct 28, 2019
    risk 0.79cvss 8.7epss 0.99

    In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code…

  • CVE-2017-5731HigOct 28, 2019
    risk 0.51cvss 7.8epss 0.00

    Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access.

  • CVE-2010-4241HigOct 28, 2019
    risk 0.57cvss 8.8epss 0.01

    Tiki Wiki CMS Groupware 5.2 has CSRF

  • CVE-2019-18195HigOct 28, 2019
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered on TerraMaster FS-210 4.0.19 devices. Normal users can use 1.user.php for privilege elevation.

  • CVE-2005-2349HigOct 28, 2019
    risk 0.49cvss 7.5epss 0.02

    Zoo 2.10 has Directory traversal