VYPR

CVEs

101,963 total · page 1583 of 2,040

  • CVE-2019-17191HigOct 5, 2019
    risk 0.49cvss 7.5epss 0.02

    The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the…

  • CVE-2019-17188HigOct 4, 2019
    risk 0.47cvss 7.2epss 0.01

    An unrestricted file upload vulnerability was discovered in catalog/productinfo/imageupload in Fecshop FecMall 2.3.4. An attacker can bypass a front-end restriction and upload PHP code to the webserver, by providing image data and the image/jpeg content type, with a .php…

  • CVE-2019-16865HigOct 4, 2019
    risk 0.42cvss 7.5epss 0.03

    An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.

  • CVE-2019-17183HigOct 4, 2019
    risk 0.49cvss 7.5epss 0.01

    Foxit Reader before 9.7 allows an Access Violation and crash if insufficient memory exists.

  • CVE-2019-17180HigOct 4, 2019
    risk 0.51cvss 7.8epss 0.01

    Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of privilege, or unspecified other…

  • CVE-2019-11655HigOct 4, 2019
    risk 0.57cvss 8.8epss 0.02

    Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. This vulnerability could allow Unrestricted Upload of File with Dangerous type.

  • CVE-2019-6015HigOct 4, 2019
    risk 0.49cvss 7.5epss 0.02

    FON2601E-SE, FON2601E-RE, FON2601E-FSW-S, and FON2601E-FSW-B with firmware versions 1.1.7 and earlier contain an issue where they may behave as open resolvers. If this vulnerability is exploited, FON routers may be leveraged for DNS amplification attacks to some other entities.

  • CVE-2019-6776HigOct 4, 2019
    risk 0.51cvss 7.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2019-6775HigOct 4, 2019
    risk 0.51cvss 7.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2019-6774HigOct 4, 2019
    risk 0.51cvss 7.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2019-13320HigOct 4, 2019
    risk 0.51cvss 7.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2019-13319HigOct 4, 2019
    risk 0.51cvss 7.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2019-13317HigOct 4, 2019
    risk 0.51cvss 7.8epss 0.08

    This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2019-13316HigOct 4, 2019
    risk 0.51cvss 7.8epss 0.08

    This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2019-13315HigOct 4, 2019
    risk 0.51cvss 7.8epss 0.08

    This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists…

  • CVE-2019-17178HigOct 4, 2019
    risk 0.42cvss 7.5epss 0.03

    HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.

  • CVE-2019-17177HigOct 4, 2019
    risk 0.42cvss 7.5epss 0.03

    libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.

  • CVE-2019-17175HigOct 4, 2019
    risk 0.49cvss 7.5epss 0.02

    joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path traversal.

  • CVE-2019-4227HigOct 4, 2019
    risk 0.48cvss 7.3epss 0.01

    IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being disconnected as they should. IBM X-Force ID: 159352.

  • CVE-2018-11768HigOct 4, 2019
    risk 0.49cvss 7.5epss 0.07

    In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.

  • CVE-2019-13332HigOct 3, 2019
    risk 0.51cvss 7.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2019-13331HigOct 3, 2019
    risk 0.51cvss 7.8epss 0.06

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2019-13330HigOct 3, 2019
    risk 0.51cvss 7.8epss 0.06

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2019-13329HigOct 3, 2019
    risk 0.51cvss 7.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within…

  • CVE-2019-13328HigOct 3, 2019
    risk 0.51cvss 7.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2019-13327HigOct 3, 2019
    risk 0.51cvss 7.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2019-13326HigOct 3, 2019
    risk 0.51cvss 7.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2019-13325HigOct 3, 2019
    risk 0.51cvss 7.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2019-13324HigOct 3, 2019
    risk 0.51cvss 7.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2019-13323HigOct 3, 2019
    risk 0.51cvss 7.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2019-11932HigOct 3, 2019
    risk 0.57cvss 8.8epss 0.44

    A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause…

  • CVE-2019-15766HigOct 3, 2019
    risk 0.57cvss 8.8epss 0.03

    The KSLABS KSWEB (aka ru.kslabs.ksweb) application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrary file to be written to (and the config_text parameter set to the content of the…

  • CVE-2019-16328HigOct 3, 2019
    risk 0.53cvss 7.5epss 0.13

    In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings.

  • CVE-2019-16866HigOct 3, 2019
    risk 0.42cvss 7.5epss 0.04

    Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.

  • CVE-2019-15163HigOct 3, 2019
    risk 0.00cvss 7.5epss 0.04

    rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails.

  • CVE-2018-16452HigOct 3, 2019
    risk 0.00cvss 7.5epss 0.04

    The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.

  • CVE-2018-16451HigOct 3, 2019
    risk 0.00cvss 7.5epss 0.04

    The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.

  • CVE-2018-16301HigOct 3, 2019
    risk 0.00cvss 7.8epss 0.01

    The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of…

  • CVE-2018-16300HigOct 3, 2019
    risk 0.00cvss 7.5epss 0.04

    The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.

  • CVE-2018-16230HigOct 3, 2019
    risk 0.00cvss 7.5epss 0.04

    The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).

  • CVE-2018-16229HigOct 3, 2019
    risk 0.01cvss 7.5epss 0.07

    The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().

  • CVE-2018-16228HigOct 3, 2019
    risk 0.00cvss 7.5epss 0.04

    The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().

  • CVE-2018-16227HigOct 3, 2019
    risk 0.01cvss 7.5epss 0.07

    The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.

  • CVE-2018-14882HigOct 3, 2019
    risk 0.42cvss 7.5epss 0.04

    The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.

  • CVE-2018-14881HigOct 3, 2019
    risk 0.42cvss 7.5epss 0.05

    The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).

  • CVE-2018-14880HigOct 3, 2019
    risk 0.42cvss 7.5epss 0.05

    The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().

  • CVE-2018-14879HigOct 3, 2019
    risk 0.39cvss 7.0epss 0.05

    The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().

  • CVE-2018-14470HigOct 3, 2019
    risk 0.42cvss 7.5epss 0.04

    The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().

  • CVE-2018-14469HigOct 3, 2019
    risk 0.42cvss 7.5epss 0.05

    The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().

  • CVE-2018-14468HigOct 3, 2019
    risk 0.42cvss 7.5epss 0.04

    The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().