VYPR

CVEs

101,963 total · page 1585 of 2,040

  • CVE-2019-14960HigOct 1, 2019
    risk 0.51cvss 7.8epss 0.00

    JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll file.

  • CVE-2019-10435HigOct 1, 2019
    risk 0.49cvss 7.5epss 0.01

    Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.

  • CVE-2019-10434HigOct 1, 2019
    risk 0.49cvss 7.5epss 0.01

    Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

  • CVE-2019-16508HigOct 1, 2019
    risk 0.51cvss 7.8epss 0.01

    The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0 allows attackers to trigger an Integer Overflow and gain privileges via a malicious application. This occurs because of intentional access for the GPU…

  • CVE-2019-3732HigSep 30, 2019
    risk 0.49cvss 7.5epss 0.01

    RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to…

  • CVE-2019-3731HigSep 30, 2019
    risk 0.49cvss 7.5epss 0.01

    RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving…

  • CVE-2019-3730HigSep 30, 2019
    risk 0.49cvss 7.5epss 0.01

    RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could…

  • CVE-2019-3728HigSep 30, 2019
    risk 0.49cvss 7.5epss 0.02

    RSA BSAFE Crypto-C Micro Edition versions from 4.0.0.0 before 4.0.5.4 and from 4.1.0 before 4.1.4, RSA BSAFE Micro Edition Suite versions from 4.0.0 before 4.0.13 and from 4.1.0 before 4.4 and RSA Crypto-C versions from 6.0.0 through 6.4.* are vulnerable to an out-of-bounds read…

  • CVE-2019-17051HigSep 30, 2019
    risk 0.51cvss 7.8epss 0.02

    Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on a crafted Terminal file.

  • CVE-2019-13124HigSep 30, 2019
    risk 0.49cvss 7.5epss 0.01

    Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 2 of 2).

  • CVE-2019-13123HigSep 30, 2019
    risk 0.49cvss 7.5epss 0.01

    Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs involving 3 functions exhausting available stack memory because of Uncontrolled Recursion in the V8 JavaScript engine (issue 1 of 2).

  • CVE-2019-17050HigSep 30, 2019
    risk 0.47cvss 7.2epss 0.01

    An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env file. NOTE: a software maintainer has suggested a solution in which Compass is switched off in a…

  • CVE-2019-17049HigSep 30, 2019
    risk 0.49cvss 7.5epss 0.01

    NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account.

  • CVE-2019-16276HigSep 30, 2019
    risk 0.42cvss 7.5epss 0.05

    Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.

  • CVE-2019-13466HigSep 30, 2019
    risk 0.49cvss 7.5epss 0.01

    Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 have Incorrect Access Control. The “generate reports” archive is protected with a hard-coded password. An application update that addresses the protection of archive encryption is available.

  • CVE-2019-2341HigSep 30, 2019
    risk 0.51cvss 7.8epss 0.00

    Buffer overflow when the audio buffer size provided by user is larger than the maximum allowable audio buffer size. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon…

  • CVE-2019-2333HigSep 30, 2019
    risk 0.51cvss 7.8epss 0.00

    Buffer overflow due to improper validation of buffer size while IPA driver processing to perform read operation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in…

  • CVE-2019-2284HigSep 30, 2019
    risk 0.46cvss 7.0epss 0.00

    Possible use-after-free issue due to a race condition while calling camera ioctl concurrently in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, Qualcomm 215,…

  • CVE-2019-10510HigSep 30, 2019
    risk 0.53cvss 8.2epss 0.01

    BT process died and BT toggled due to null pointer dereference when invalid vendor pass through command sent from remote in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS405, QCS605, SD 636, SD 675, SD 730, SD 820A, SD 835, SD 845 /…

  • CVE-2019-10508HigSep 30, 2019
    risk 0.51cvss 7.8epss 0.00

    Lack of input validation for data received from user space can lead to OOB access in WLAN in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon…

  • CVE-2019-10507HigSep 30, 2019
    risk 0.51cvss 7.8epss 0.00

    Lack of check of extscan change results received from firmware can lead to an out of buffer read in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206,…

  • CVE-2019-10506HigSep 30, 2019
    risk 0.51cvss 7.8epss 0.00

    While processing QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY vendor command, driver does not validate the data obtained from the user space which could be invalid and thus leads to an undesired behaviour in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon…

  • CVE-2019-10501HigSep 30, 2019
    risk 0.51cvss 7.8epss 0.00

    Possible use after free issue due to improper input validation in volume listener library in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607,…

  • CVE-2019-10499HigSep 30, 2019
    risk 0.51cvss 7.8epss 0.00

    Improper validation of read and write index of tx and rx fifo`s before using for data copy from fifo can lead to out-of-bound access. in Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, QCS405, SD 665, SD…

  • CVE-2019-10498HigSep 30, 2019
    risk 0.51cvss 7.8epss 0.00

    Buffer overflow scenario if the client sends more than 5 io_vec requests to the server in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150,…

  • CVE-2019-10497HigSep 30, 2019
    risk 0.51cvss 7.8epss 0.00

    Use after free issue occurs If another instance of open for voice_svc node has been called from application without closing the previous one. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music,…

  • CVE-2019-10492HigSep 30, 2019
    risk 0.51cvss 7.8epss 0.00

    Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 820, SD 820A, SDM439

  • CVE-2019-10489HigSep 30, 2019
    risk 0.49cvss 7.5epss 0.01

    Possible null-pointer dereference can occur while parsing avi clip during copy in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607,…

  • CVE-2019-17046HigSep 30, 2019
    risk 0.47cvss 7.2epss 0.04

    Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.php/admin/media/settings/index page.

  • CVE-2019-16997HigSep 30, 2019
    risk 0.51cvss 7.2epss 0.49

    In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter.

  • CVE-2019-16996HigSep 30, 2019
    risk 0.48cvss 7.2epss 0.12

    In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter.

  • CVE-2019-16995HigSep 30, 2019
    risk 0.42cvss 7.5epss 0.04

    In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d.

  • CVE-2019-16745HigSep 30, 2019
    risk 0.57cvss 8.8epss 0.02

    eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection.

  • CVE-2019-16744HigSep 30, 2019
    risk 0.57cvss 8.8epss 0.02

    eBrigade before 5.0 has evenements.php cid SQL Injection.

  • CVE-2019-16743HigSep 30, 2019
    risk 0.57cvss 8.8epss 0.02

    eBrigade before 5.0 has evenement_ical.php evenement SQL Injection.

  • CVE-2017-18636HigSep 30, 2019
    risk 0.49cvss 7.5epss 0.02

    CDG through 2017-01-01 allows downloadDocument.jsp?command=download&pathAndName= directory traversal.

  • CVE-2019-16993HigSep 30, 2019
    risk 0.50cvss 8.8epss 0.01

    In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator…

  • CVE-2019-16992HigSep 30, 2019
    risk 0.49cvss 7.5epss 0.01

    The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user's private key to sign a certain cryptocurrency attestation (that an address at keybase.io can be used for Stellar payments to the user), which might be incompatible with a user's…

  • CVE-2019-3746HigSep 27, 2019
    risk 0.57cvss 8.8epss 0.02

    Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system.

  • CVE-2019-3736HigSep 27, 2019
    risk 0.47cvss 7.2epss 0.01

    Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the…

  • CVE-2019-11927HigSep 27, 2019
    risk 0.51cvss 7.8epss 0.01

    An integer overflow in WhatsApp media parsing libraries allows a remote attacker to perform an out-of-bounds write on the heap via specially-crafted EXIF tags in WEBP images. This issue affects WhatsApp for Android before version 2.19.143 and WhatsApp for iOS before version…

  • CVE-2019-9463HigSep 27, 2019
    risk 0.47cvss 7.3epss 0.00

    In Platform, there is a possible bypass of user interaction requirements due to background app interception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions:…

  • CVE-2019-9462HigSep 27, 2019
    risk 0.49cvss 7.5epss 0.01

    In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:…

  • CVE-2019-9432HigSep 27, 2019
    risk 0.49cvss 7.5epss 0.01

    In Bluetooth, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation. Product:…

  • CVE-2019-9430HigSep 27, 2019
    risk 0.49cvss 7.5epss 0.01

    In Bluetooth, there is a possible null pointer dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:…

  • CVE-2019-9429HigSep 27, 2019
    risk 0.51cvss 7.8epss 0.00

    In profman, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:…

  • CVE-2019-9425HigSep 27, 2019
    risk 0.49cvss 7.5epss 0.01

    In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:…

  • CVE-2019-9424HigSep 27, 2019
    risk 0.49cvss 7.5epss 0.00

    In the Screen Lock, there is a possible information disclosure due to an unusual root cause. In certain circumstances, the setting to hide the unlock pattern can be ignored. Product: AndroidVersions: Android-10Android ID: A-110941092

  • CVE-2019-9423HigSep 27, 2019
    risk 0.51cvss 7.8epss 0.00

    In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions:…

  • CVE-2019-9422HigSep 27, 2019
    risk 0.49cvss 7.5epss 0.01

    In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:…