VYPR

CVEs

101,975 total · page 1575 of 2,040

  • CVE-2019-18277HigOct 23, 2019
    risk 0.43cvss 7.5epss 0.10

    A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct…

  • CVE-2019-18220HigOct 23, 2019
    risk 0.57cvss 8.8epss 0.01

    Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated…

  • CVE-2019-10476HigOct 23, 2019
    risk 0.44cvss 7.8epss 0.00

    Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

  • CVE-2019-10471HigOct 23, 2019
    risk 0.50cvss 8.8epss 0.01

    A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

  • CVE-2019-10468HigOct 23, 2019
    risk 0.57cvss 8.8epss 0.01

    A cross-site request forgery vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

  • CVE-2019-10466HigOct 23, 2019
    risk 0.53cvss 8.1epss 0.01

    An XML external entities (XXE) vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service…

  • CVE-2019-10464HigOct 23, 2019
    risk 0.57cvss 8.8epss 0.01

    A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file…

  • CVE-2019-10462HigOct 23, 2019
    risk 0.46cvss 8.1epss 0.01

    A cross-site request forgery vulnerability in Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials.

  • CVE-2019-10461HigOct 23, 2019
    risk 0.51cvss 7.8epss 0.00

    Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

  • CVE-2019-10460HigOct 23, 2019
    risk 0.44cvss 7.8epss 0.00

    Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

  • CVE-2015-9498HigOct 22, 2019
    risk 0.57cvss 8.8epss 0.01

    The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value.

  • CVE-2015-9497HigOct 22, 2019
    risk 0.57cvss 8.8epss 0.01

    The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php.

  • CVE-2015-9496HigOct 22, 2019
    risk 0.57cvss 8.8epss 0.02

    The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring.

  • CVE-2019-12290HigOct 22, 2019
    risk 0.49cvss 7.5epss 0.03

    GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain…

  • CVE-2019-10079HigOct 22, 2019
    risk 0.42cvss 7.5epss 0.05

    Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions.

  • CVE-2019-4523HigOct 22, 2019
    risk 0.51cvss 7.8epss 0.00

    IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 165481.

  • CVE-2019-17424HigOct 22, 2019
    risk 0.55cvss 7.8epss 0.13

    A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows remote attackers (serving firewall configuration files) to achieve Remote Code Execution or Denial Of Service via a crafted file.

  • CVE-2019-17400HigOct 21, 2019
    risk 0.42cvss 7.5epss 0.02

    The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion.

  • CVE-2019-16404HigOct 21, 2019
    risk 0.57cvss 8.8epss 0.01

    Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter.

  • CVE-2019-17498HigOct 21, 2019
    risk 0.46cvss 8.1epss 0.04

    In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive…

  • CVE-2019-9491HigOct 21, 2019
    risk 0.55cvss 7.8epss 0.13

    Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.

  • CVE-2019-16965HigOct 21, 2019
    risk 0.40cvss 7.2epss 0.03

    resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data.

  • CVE-2019-16964HigOct 21, 2019
    risk 0.00cvss 8.8epss 0.02

    app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers (with at least the permission call_center_queue_add or call_center_queue_edit)…

  • CVE-2019-16980HigOct 21, 2019
    risk 0.50cvss 8.8epss 0.01

    In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_edit.php uses an unsanitized "id" variable coming from the URL in an unparameterized SQL query, leading to SQL injection.

  • CVE-2019-16530HigOct 21, 2019
    risk 0.47cvss 7.2epss 0.03

    Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution.

  • CVE-2019-18218HigOct 21, 2019
    risk 0.44cvss 7.8epss 0.02

    cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).

  • CVE-2019-18217HigOct 21, 2019
    risk 0.50cvss 7.5epss 0.20

    ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.

  • CVE-2019-10716HigOct 21, 2019
    risk 0.53cvss 7.7epss 0.04

    An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and passwords of integrated security technologies via a /integrations.json JSON REST API request.

  • CVE-2019-18214HigOct 19, 2019
    risk 0.50cvss 7.7epss 0.01

    The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.)

  • CVE-2019-18198HigOct 18, 2019
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.

  • CVE-2019-18197HigOct 18, 2019
    risk 0.42cvss 7.5epss 0.04

    In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized…

  • CVE-2019-13545HigOct 18, 2019
    risk 0.51cvss 7.8epss 0.02

    In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to write outside the intended buffer area, which may allow arbitrary code execution.

  • CVE-2019-13541HigOct 18, 2019
    risk 0.51cvss 7.8epss 0.02

    In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. This may allow an attacker to access information and remotely execute arbitrary code.

  • CVE-2019-17367HigOct 18, 2019
    risk 0.50cvss 8.8epss 0.01

    OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/.

  • CVE-2019-15901HigOct 18, 2019
    risk 0.00cvss 8.8epss 0.03

    An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setusercontext(3) call with flags to change the UID, primary GID, and secondary GIDs was replaced (on certain platforms: Linux and possibly NetBSD) with a single setuid(2) call. This…

  • CVE-2019-16919HigOct 18, 2019
    risk 0.42cvss 7.5epss 0.02

    Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not…

  • CVE-2019-17513HigOct 18, 2019
    risk 0.42cvss 7.5epss 0.02

    An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can…

  • CVE-2019-8226HigOct 17, 2019
    risk 0.49cvss 7.5epss 0.03

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an incomplete implementation of security mechanism vulnerability. Successful exploitation could…

  • CVE-2019-8225HigOct 17, 2019
    risk 0.57cvss 8.8epss 0.04

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution…

  • CVE-2019-8224HigOct 17, 2019
    risk 0.57cvss 8.8epss 0.04

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution…

  • CVE-2019-8223HigOct 17, 2019
    risk 0.57cvss 8.8epss 0.04

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution…

  • CVE-2019-8222HigOct 17, 2019
    risk 0.49cvss 7.5epss 0.03

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information…

  • CVE-2019-8219HigOct 17, 2019
    risk 0.57cvss 8.8epss 0.04

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution…

  • CVE-2019-8218HigOct 17, 2019
    risk 0.49cvss 7.5epss 0.03

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information…

  • CVE-2019-8217HigOct 17, 2019
    risk 0.57cvss 8.8epss 0.04

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution…

  • CVE-2019-8216HigOct 17, 2019
    risk 0.49cvss 7.5epss 0.03

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information…

  • CVE-2019-8210HigOct 17, 2019
    risk 0.57cvss 8.8epss 0.04

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution…

  • CVE-2019-8209HigOct 17, 2019
    risk 0.57cvss 8.8epss 0.04

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution…

  • CVE-2019-8208HigOct 17, 2019
    risk 0.57cvss 8.8epss 0.04

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution…

  • CVE-2019-8207HigOct 17, 2019
    risk 0.49cvss 7.5epss 0.03

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information…