VYPR

CVEs

101,963 total · page 1590 of 2,040

  • CVE-2014-10396HigSep 20, 2019
    risk 0.49cvss 7.5epss 0.03

    The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php.

  • CVE-2019-16645HigSep 20, 2019
    risk 0.60cvss 8.6epss 0.08

    An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack.

  • CVE-2019-14816HigSep 20, 2019
    risk 0.00cvss 7.8epss 0.01

    There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

  • CVE-2019-14814HigSep 20, 2019
    risk 0.00cvss 7.8epss 0.01

    There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

  • CVE-2019-11326HigSep 20, 2019
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product is protected by a login. A guest is allowed to login. Once logged in as a guest, an attacker can browse a URL to read the password of the…

  • CVE-2019-11280HigSep 20, 2019
    risk 0.57cvss 8.8epss 0.01

    Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote…

  • CVE-2019-4565HigSep 20, 2019
    risk 0.49cvss 7.5epss 0.01

    IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626.

  • CVE-2015-9402HigSep 20, 2019
    risk 0.57cvss 8.8epss 0.02

    The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload.

  • CVE-2015-9400HigSep 20, 2019
    risk 0.57cvss 8.8epss 0.02

    The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection.

  • CVE-2015-9399HigSep 20, 2019
    risk 0.47cvss 7.2epss 0.02

    The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection.

  • CVE-2015-9398HigSep 20, 2019
    risk 0.57cvss 8.8epss 0.02

    The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection.

  • CVE-2015-9395HigSep 20, 2019
    risk 0.57cvss 8.8epss 0.02

    The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action.

  • CVE-2015-9394HigSep 20, 2019
    risk 0.57cvss 8.8epss 0.01

    The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php.

  • CVE-2016-11004HigSep 20, 2019
    risk 0.57cvss 8.8epss 0.02

    The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation.

  • CVE-2016-11003HigSep 20, 2019
    risk 0.57cvss 8.8epss 0.02

    The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation.

  • CVE-2016-11002HigSep 20, 2019
    risk 0.57cvss 8.8epss 0.02

    The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation.

  • CVE-2019-15089HigSep 20, 2019
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator.

  • CVE-2019-15087HigSep 20, 2019
    risk 0.47cvss 7.2epss 0.03

    An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution.

  • CVE-2019-15085HigSep 20, 2019
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form.

  • CVE-2019-16531HigSep 20, 2019
    risk 0.53cvss 8.8epss 0.03

    LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.

  • CVE-2019-9719HigSep 19, 2019
    risk 0.57cvss 8.8epss 0.02

    A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties dispute that this is a vulnerability because…

  • CVE-2019-14821HigSep 19, 2019
    risk 0.57cvss 8.8epss 0.01

    An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices…

  • CVE-2019-15033HigSep 19, 2019
    risk 0.50cvss 7.7epss 0.01

    Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. An attacker can specify an intranet address in the file parameter to index.php, when sending a file to a remote server, as demonstrated by the file=http%3A%2F%2F192.168.1.2 substring.

  • CVE-2019-16510HigSep 19, 2019
    risk 0.49cvss 7.5epss 0.01

    libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady in mms/iso_mms/server/mms_server.c, as demonstrated by server_example_goose.

  • CVE-2019-16412HigSep 19, 2019
    risk 0.49cvss 7.5epss 0.01

    In goform/setSysTools on Tenda N301 wireless routers, attackers can trigger a device crash via a zero wanMTU value. (Prohibition of this zero value is only enforced within the GUI.)

  • CVE-2019-15001HigSep 19, 2019
    risk 0.48cvss 7.2epss 0.11

    The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator…

  • CVE-2019-14994HigSep 19, 2019
    risk 0.49cvss 7.5epss 0.06

    The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before…

  • CVE-2019-6010HigSep 19, 2019
    risk 0.51cvss 7.8epss 0.02

    Integer overflow vulnerability in LINE(Android) from 4.4.0 to the version before 9.15.1 allows remote attackers to cause a denial of service (DoS) condition or execute arbitrary code via a specially crafted image.

  • CVE-2019-15943HigSep 19, 2019
    risk 0.61cvss 8.8epss 0.09

    vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a memset call.

  • CVE-2019-16413HigSep 19, 2019
    risk 0.00cvss 7.5epss 0.03

    An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems.

  • CVE-2019-13556HigSep 18, 2019
    risk 0.57cvss 8.8epss 0.02

    In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.

  • CVE-2019-11661HigSep 18, 2019
    risk 0.54cvss 8.3epss 0.01

    Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized access and modification of data.

  • CVE-2019-5534HigSep 18, 2019
    risk 0.50cvss 7.7epss 0.02

    VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine's vAppConfig properties. A malicious…

  • CVE-2019-5532HigSep 18, 2019
    risk 0.50cvss 7.7epss 0.02

    VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. A malicious user with access to the log files…

  • CVE-2019-5042HigSep 18, 2019
    risk 0.57cvss 8.8epss 0.02

    An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free. An attacker can send a malicious PDF to trigger this…

  • CVE-2019-13552HigSep 18, 2019
    risk 0.57cvss 8.8epss 0.03

    In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution.

  • CVE-2019-9679HigSep 18, 2019
    risk 0.57cvss 8.8epss 0.01

    Some of Dahua's Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for…

  • CVE-2019-9678HigSep 18, 2019
    risk 0.49cvss 7.5epss 0.01

    Some Dahua products have the problem of denial of service during the login process. An attacker can cause a device crashed by constructing a malicious packet. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X…

  • CVE-2019-14458HigSep 18, 2019
    risk 0.49cvss 7.5epss 0.02

    VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header.

  • CVE-2019-14252HigSep 18, 2019
    risk 0.47cvss 7.2epss 0.01

    An issue was discovered in the secure portal in Publisure 2.1.2. Once successfully authenticated as an administrator, one is able to inject arbitrary PHP code by using the adminCons.php form. The code is then stored in the E:\PUBLISURE\webservice\webpages\AdminDir\Templates\…

  • CVE-2019-15843HigSep 18, 2019
    risk 0.48cvss 7.4epss 0.01

    A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3. A particular condition involving a man-in-the-middle attack may lead to partial data leakage or malicious file writing.

  • CVE-2019-16403HigSep 18, 2019
    risk 0.57cvss 8.8epss 0.01

    In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers.

  • CVE-2019-16396HigSep 17, 2019
    risk 0.51cvss 7.8epss 0.01

    GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() function in cobc/parser.y via crafted COBOL source code.

  • CVE-2019-16395HigSep 17, 2019
    risk 0.51cvss 7.8epss 0.01

    GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() function in cobc/tree.c via crafted COBOL source code.

  • CVE-2019-6839HigSep 17, 2019
    risk 0.57cvss 8.8epss 0.01

    A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15),…

  • CVE-2019-6836HigSep 17, 2019
    risk 0.49cvss 7.5epss 0.01

    A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow the…

  • CVE-2019-6832HigSep 17, 2019
    risk 0.54cvss 8.3epss 0.01

    A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication.

  • CVE-2019-6831HigSep 17, 2019
    risk 0.56cvss 8.6epss 0.01

    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active connections when an unusually high number of IEC 60870- 5-104 packets are received…

  • CVE-2019-6829HigSep 17, 2019
    risk 0.49cvss 7.5epss 0.02

    A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus.

  • CVE-2019-6828HigSep 17, 2019
    risk 0.49cvss 7.5epss 0.02

    A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading…