VYPR

CVEs

101,962 total · page 1582 of 2,040

  • CVE-2019-17244HigOct 8, 2019
    risk 0.51cvss 7.8epss 0.02

    IrfanView 4.53 allows Data from a Faulting Address to control Code Flow starting at JPEG_LS+0x0000000000001d8a.

  • CVE-2019-17243HigOct 8, 2019
    risk 0.51cvss 7.8epss 0.02

    IrfanView 4.53 allows Data from a Faulting Address to control Code Flow starting at JPEG_LS+0x0000000000003155.

  • CVE-2019-17242HigOct 8, 2019
    risk 0.51cvss 7.8epss 0.01

    IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000966f.

  • CVE-2019-17241HigOct 8, 2019
    risk 0.51cvss 7.8epss 0.01

    IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000d563.

  • CVE-2019-17347HigOct 8, 2019
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).

  • CVE-2019-17346HigOct 8, 2019
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.

  • CVE-2019-17342HigOct 8, 2019
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.

  • CVE-2019-17341HigOct 8, 2019
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.

  • CVE-2019-17340HigOct 8, 2019
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.

  • CVE-2019-17232HigOct 7, 2019
    risk 0.49cvss 7.5epss 0.04

    Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import.

  • CVE-2019-16913HigOct 7, 2019
    risk 0.51cvss 7.8epss 0.00

    PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86)%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: (F)" to the contents of the directory and its subfolders. In addition, the program installs a service called…

  • CVE-2019-13120HigOct 7, 2019
    risk 0.49cvss 7.5epss 0.01

    Amazon FreeRTOS up to and including v1.4.8 lacks length checking in prvProcessReceivedPublish, resulting in untargetable leakage of arbitrary memory contents on a device to an attacker. If an attacker has the authorization to send a malformed MQTT publish packet to an Amazon IoT…

  • CVE-2019-3745HigOct 7, 2019
    risk 0.47cvss 7.3epss 0.00

    The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only during the installation of the product by an administrator. A local…

  • CVE-2019-17314HigOct 7, 2019
    risk 0.47cvss 7.2epss 0.02

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Configurator module by an Admin user.

  • CVE-2019-17313HigOct 7, 2019
    risk 0.57cvss 8.8epss 0.02

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Studio module by a Developer user.

  • CVE-2019-17312HigOct 7, 2019
    risk 0.57cvss 8.8epss 0.02

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the file function by a Regular user.

  • CVE-2019-17311HigOct 7, 2019
    risk 0.57cvss 8.8epss 0.02

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user.

  • CVE-2019-17310HigOct 7, 2019
    risk 0.47cvss 7.2epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Campaigns module by an Admin user.

  • CVE-2019-17309HigOct 7, 2019
    risk 0.47cvss 7.2epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the EmailMan module by an Admin user.

  • CVE-2019-17308HigOct 7, 2019
    risk 0.57cvss 8.8epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Emails module by a Regular user.

  • CVE-2019-17307HigOct 7, 2019
    risk 0.47cvss 7.2epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Tracker module by an Admin user.

  • CVE-2019-17306HigOct 7, 2019
    risk 0.47cvss 7.2epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Configurator module by an Admin user.

  • CVE-2019-17305HigOct 7, 2019
    risk 0.57cvss 8.8epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Regular user.

  • CVE-2019-17304HigOct 7, 2019
    risk 0.47cvss 7.2epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by an Admin user.

  • CVE-2019-17303HigOct 7, 2019
    risk 0.57cvss 8.8epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Developer user.

  • CVE-2019-17302HigOct 7, 2019
    risk 0.57cvss 8.8epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by a Developer user.

  • CVE-2019-17301HigOct 7, 2019
    risk 0.47cvss 7.2epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by an Admin user.

  • CVE-2019-17300HigOct 7, 2019
    risk 0.57cvss 8.8epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by a Developer user.

  • CVE-2019-17299HigOct 7, 2019
    risk 0.47cvss 7.2epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by an Admin user.

  • CVE-2019-17298HigOct 7, 2019
    risk 0.57cvss 8.8epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Administration module by a Developer user.

  • CVE-2019-17297HigOct 7, 2019
    risk 0.57cvss 8.8epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Quotes module by a Regular user.

  • CVE-2019-17296HigOct 7, 2019
    risk 0.57cvss 8.8epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Contacts module by a Regular user.

  • CVE-2019-17295HigOct 7, 2019
    risk 0.57cvss 8.8epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the history function by a Regular user.

  • CVE-2019-17294HigOct 7, 2019
    risk 0.57cvss 8.8epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the export function by a Regular user.

  • CVE-2019-17293HigOct 7, 2019
    risk 0.57cvss 8.8epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Project module by a Regular user.

  • CVE-2019-17292HigOct 7, 2019
    risk 0.47cvss 7.2epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by an Admin user.

  • CVE-2019-17319HigOct 7, 2019
    risk 0.57cvss 8.8epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Emails module by a Regular user.

  • CVE-2019-17318HigOct 7, 2019
    risk 0.57cvss 8.8epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by a Regular user.

  • CVE-2019-17317HigOct 7, 2019
    risk 0.47cvss 7.2epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user.

  • CVE-2019-17316HigOct 7, 2019
    risk 0.57cvss 8.8epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user.

  • CVE-2019-17315HigOct 7, 2019
    risk 0.47cvss 7.2epss 0.01

    SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration module by an Admin user.

  • CVE-2015-9455HigOct 7, 2019
    risk 0.53cvss 8.1epss 0.01

    The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action.

  • CVE-2015-9454HigOct 7, 2019
    risk 0.57cvss 8.8epss 0.02

    The smooth-slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin current_slider_id parameter.

  • CVE-2019-16263HigOct 7, 2019
    risk 0.48cvss 7.4epss 0.01

    The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. Although the certificate chain must contain one of a set of pinned certificates, there are certain implementation errors such as a lack of hostname verification. NOTE:…

  • CVE-2019-15747HigOct 7, 2019
    risk 0.57cvss 8.8epss 0.01

    SITOS six Build v6.2.1 allows a user with the user role of Seminar Coordinator to escalate their permission to the Systemadministrator role due to insufficient checks on the server side.

  • CVE-2019-17219HigOct 6, 2019
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the device does not enforce any authentication. An adjacent attacker is able to use the network interface without proper access control.

  • CVE-2019-17217HigOct 6, 2019
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no CSRF protection established on the web service.

  • CVE-2019-17214HigOct 6, 2019
    risk 0.49cvss 7.5epss 0.02

    The WebARX plugin 1.3.0 for WordPress allows firewall bypass by appending &cc=1 to a URI.

  • CVE-2019-17199HigOct 5, 2019
    risk 0.46cvss 7.5epss 0.10

    www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring.

  • CVE-2019-17191HigOct 5, 2019
    risk 0.49cvss 7.5epss 0.02

    The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the…