VYPR

CVEs

101,962 total · page 1580 of 2,040

  • CVE-2019-1319HigOct 10, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.

  • CVE-2019-1317HigOct 10, 2019
    risk 0.48cvss 7.3epss 0.01

    A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'.

  • CVE-2019-1316HigOct 10, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges, aka 'Microsoft Windows Setup Elevation of Privilege Vulnerability'.

  • CVE-2019-1315HigKEVOct 10, 2019
    risk 0.69cvss 7.8epss 0.03

    An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342.

  • CVE-2019-1311HigOct 10, 2019
    risk 0.53cvss 7.8epss 0.34

    A remote code execution vulnerability exists when the Windows Imaging API improperly handles objects in memory, aka 'Windows Imaging API Remote Code Execution Vulnerability'.

  • CVE-2019-1308HigOct 10, 2019
    risk 0.43cvss 7.5epss 0.10

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1335, CVE-2019-1366.

  • CVE-2019-1307HigOct 10, 2019
    risk 0.43cvss 7.5epss 0.10

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1308, CVE-2019-1335, CVE-2019-1366.

  • CVE-2019-1239HigOct 10, 2019
    risk 0.49cvss 7.5epss 0.07

    A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1238.

  • CVE-2019-1060HigOct 10, 2019
    risk 0.58cvss 8.8epss 0.13

    A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'.

  • CVE-2019-13921HigOct 10, 2019
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions < SP3 Update 1). Affected versions of the software contain a vulnerability that could allow an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if…

  • CVE-2019-10936HigOct 10, 2019
    risk 0.49cvss 7.5epss 0.02

    Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition.

  • CVE-2019-10923HigOct 10, 2019
    risk 0.49cvss 7.5epss 0.01

    An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation.

  • CVE-2019-17431HigOct 10, 2019
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability.

  • CVE-2019-17419HigOct 10, 2019
    risk 0.47cvss 7.2epss 0.01

    An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=user&c=admin_user&a=doGetUserInfo id parameter.

  • CVE-2019-17418HigOct 10, 2019
    risk 0.51cvss 7.2epss 0.49

    An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter, a different issue than CVE-2019-16997.

  • CVE-2019-5700HigOct 9, 2019
    risk 0.51cvss 7.8epss 0.01

    NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.

  • CVE-2019-5699HigOct 9, 2019
    risk 0.51cvss 7.8epss 0.00

    NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution. escalation of privileges, and…

  • CVE-2019-17414HigOct 9, 2019
    risk 0.49cvss 7.5epss 0.02

    tinylcy Vino through 2017-12-15 allows remote attackers to cause a denial of service ("vn_get_string error: Resource temporarily unavailable" error and daemon crash) via a long URL.

  • CVE-2019-17366HigOct 9, 2019
    risk 0.57cvss 8.8epss 0.01

    Citrix Application Delivery Management (ADM) 12.1 before build 54.13 has Incorrect Access Control.

  • CVE-2019-17365HigOct 9, 2019
    risk 0.51cvss 7.8epss 0.00

    Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable.

  • CVE-2019-5053HigOct 9, 2019
    risk 0.51cvss 7.8epss 0.01

    An exploitable use-after-free vulnerability exists in the Length parsing function of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a use-after-free condition. An attacker can craft a malicious PDF to trigger this vulnerability.

  • CVE-2019-5050HigOct 9, 2019
    risk 0.51cvss 7.8epss 0.03

    A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.

  • CVE-2019-5048HigOct 9, 2019
    risk 0.51cvss 7.8epss 0.02

    A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.

  • CVE-2019-5047HigOct 9, 2019
    risk 0.51cvss 7.8epss 0.01

    An exploitable Use After Free vulnerability exists in the CharProcs parsing functionality of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a Use After Free. An attacker can craft a malicious PDF to trigger this vulnerability.

  • CVE-2019-5046HigOct 9, 2019
    risk 0.51cvss 7.8epss 0.02

    A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would…

  • CVE-2019-5045HigOct 9, 2019
    risk 0.51cvss 7.8epss 0.02

    A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would…

  • CVE-2019-15023HigOct 9, 2019
    risk 0.49cvss 7.5epss 0.01

    A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration.

  • CVE-2019-15022HigOct 9, 2019
    risk 0.49cvss 7.5epss 0.01

    A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing.

  • CVE-2019-15018HigOct 9, 2019
    risk 0.49cvss 7.5epss 0.01

    A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant.

  • CVE-2019-15017HigOct 9, 2019
    risk 0.55cvss 8.4epss 0.00

    The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials.

  • CVE-2019-15016HigOct 9, 2019
    risk 0.57cvss 8.8epss 0.01

    An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database.

  • CVE-2019-15015HigOct 9, 2019
    risk 0.55cvss 8.4epss 0.00

    In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system.

  • CVE-2019-15014HigOct 9, 2019
    risk 0.57cvss 8.8epss 0.02

    A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI.

  • CVE-2019-3765HigOct 9, 2019
    risk 0.53cvss 8.1epss 0.01

    Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user…

  • CVE-2019-16905HigOct 9, 2019
    risk 0.44cvss 7.8epss 0.02

    OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the…

  • CVE-2019-15715HigOct 9, 2019
    risk 0.45cvss 7.2epss 0.30

    MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.

  • CVE-2019-0075HigOct 9, 2019
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the srxpfe process on Protocol Independent Multicast (PIM) enabled SRX series devices may lead to crash of the srxpfe process and an FPC reboot while processing (PIM) messages. Sustained receipt of these packets may lead to an extended denial of service…

  • CVE-2019-0071HigOct 9, 2019
    risk 0.51cvss 7.8epss 0.00

    Veriexec is a kernel-based file integrity subsystem in Junos OS that ensures only authorized binaries are able to be executed. Due to a flaw in specific versions of Junos OS, affecting specific EX Series platforms, the Veriexec subsystem will fail to initialize, in essence…

  • CVE-2019-0070HigOct 9, 2019
    risk 0.57cvss 8.8epss 0.00

    An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions to take control of other portions of the NFX platform they should not be able to access, and execute commands outside their authorized scope of control. This leads to the…

  • CVE-2019-0066HigOct 9, 2019
    risk 0.49cvss 7.5epss 0.01

    An unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service of Juniper Networks Junos OS allows attacker to cause a Denial of Service (DoS) condition and core the routing protocol daemon (rpd) process when a specific malformed IPv4 packet is…

  • CVE-2019-0064HigOct 9, 2019
    risk 0.49cvss 7.5epss 0.01

    On SRX5000 Series devices, if 'set security zones security-zone tcp-rst' is configured, the flowd process may crash when a specific TCP packet is received by the device and triggers a new session. The process restarts automatically. However, receipt of a constant stream…

  • CVE-2019-0062HigOct 9, 2019
    risk 0.49cvss 7.5epss 0.01

    A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineering techniques to fix and hijack a J-Web administrators web session and potentially gain administrative access to the device. This issue affects: Juniper Networks Junos OS 12.3…

  • CVE-2019-0061HigOct 9, 2019
    risk 0.51cvss 7.8epss 0.00

    The management daemon (MGD) is responsible for all configuration and management operations in Junos OS. The Junos CLI communicates with MGD over an internal unix-domain socket and is granted special permission to open this protected mode socket. Due to a misconfiguration of the…

  • CVE-2019-0060HigOct 9, 2019
    risk 0.49cvss 7.5epss 0.01

    The flowd process, responsible for forwarding traffic in SRX Series services gateways, may crash and restart when processing specific transit IP packets through an IPSec tunnel. Continued processing of these packets may result in an extended Denial of Service (DoS) condition.…

  • CVE-2019-0059HigOct 9, 2019
    risk 0.49cvss 7.5epss 0.01

    A memory leak vulnerability in the of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific commands from a peered BGP host and having those BGP states delivered to the vulnerable device. This issue affects: Juniper…

  • CVE-2019-0058HigOct 9, 2019
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the Veriexec subsystem of Juniper Networks Junos OS allowing an attacker to fully compromise the host system. A local authenticated user can elevate privileges to gain full control of the system even if they are specifically denied access to perform certain…

  • CVE-2019-0057HigOct 9, 2019
    risk 0.51cvss 7.8epss 0.00

    An improper authorization weakness in Juniper Networks Junos OS allows a local authenticated attacker to bypass regular security controls to access the Junos Device Manager (JDM) application and take control of the system. This issue affects: Juniper Networks Junos OS versions…

  • CVE-2019-0056HigOct 9, 2019
    risk 0.49cvss 7.5epss 0.01

    This issue only affects devices with three (3) or more MPC10's installed in a single chassis with OSPF enabled and configured on the device. An Insufficient Resource Pool weakness allows an attacker to cause the device's Open Shortest Path First (OSPF) states to transition to…

  • CVE-2019-0055HigOct 9, 2019
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the SIP ALG packet processing service of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific types of valid SIP traffic to the device. In this case, the flowd process crashes and generates a core…

  • CVE-2019-0050HigOct 9, 2019
    risk 0.49cvss 7.5epss 0.01

    Under certain heavy traffic conditions srxpfe process can crash and result in a denial of service condition for the SRX1500 device. Repeated crashes of the srxpfe can result in an extended denial of service condition. The SRX device may fail to forward traffic when this…