VYPR

CVEs

101,963 total · page 1591 of 2,040

  • CVE-2019-6826HigSep 17, 2019
    risk 0.51cvss 7.8epss 0.01

    A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier versions, which could cause arbitrary code execution on the system running SoMachine HVAC when a malicious DLL library is loaded by the product.

  • CVE-2019-6813HigSep 17, 2019
    risk 0.49cvss 7.5epss 0.02

    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port…

  • CVE-2019-6811HigSep 17, 2019
    risk 0.49cvss 7.5epss 0.01

    An Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability exists in Modicon Quantum 140 NOE771x1 version 6.9 and earlier, which could cause denial of service when the module receives an IP fragmented packet with a length greater than 65535 bytes. The module…

  • CVE-2019-6810HigSep 17, 2019
    risk 0.57cvss 8.8epss 0.02

    CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause the execution of commands by unauthorized users when using IEC 60870-5-104 protocol.

  • CVE-2019-6809HigSep 17, 2019
    risk 0.49cvss 7.5epss 0.02

    A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading…

  • CVE-2019-13538HigSep 17, 2019
    risk 0.56cvss 8.6epss 0.01

    3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also…

  • CVE-2019-11665HigSep 17, 2019
    risk 0.49cvss 7.5epss 0.01

    Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.

  • CVE-2019-4183HigSep 17, 2019
    risk 0.49cvss 7.5epss 0.04

    IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973.

  • CVE-2019-4175HigSep 17, 2019
    risk 0.49cvss 7.5epss 0.01

    IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158880.

  • CVE-2019-11666HigSep 17, 2019
    risk 0.57cvss 8.8epss 0.01

    Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data.

  • CVE-2019-11667HigSep 17, 2019
    risk 0.49cvss 7.5epss 0.01

    Unauthorized access to contact information in Micro Focus Service Manager, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to private data.

  • CVE-2019-9009HigSep 17, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.

  • CVE-2019-14835HigSep 17, 2019
    risk 0.51cvss 7.8epss 0.01

    A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to…

  • CVE-2018-20336HigSep 17, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack-based buffer overflow issue in parse_req_queries function in wanduck.c via a long string over UDP, which may lead to an information leak.

  • CVE-2019-15729HigSep 17, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. An internal endpoint unintentionally disclosed information about the last pipeline that ran for a merge request.

  • CVE-2016-10991HigSep 17, 2019
    risk 0.49cvss 7.5epss 0.02

    The imdb-widget plugin before 1.0.9 for WordPress has Local File Inclusion.

  • CVE-2016-10989HigSep 17, 2019
    risk 0.57cvss 8.8epss 0.01

    The leenkme plugin before 2.6.0 for WordPress has wp-admin/admin.php?page=leenkme_facebook CSRF.

  • CVE-2016-10982HigSep 17, 2019
    risk 0.57cvss 8.8epss 0.01

    The kento-post-view-counter plugin through 2.8 for WordPress has wp-admin/admin.php?page=kentopvc_settings CSRF.

  • CVE-2016-10978HigSep 17, 2019
    risk 0.57cvss 8.8epss 0.01

    The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF.

  • CVE-2016-10974HigSep 17, 2019
    risk 0.57cvss 8.8epss 0.01

    The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has frs_save CSRF with resultant stored XSS.

  • CVE-2019-9008HigSep 17, 2019
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime.

  • CVE-2019-4147HigSep 16, 2019
    risk 0.47cvss 7.2epss 0.01

    IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.

  • CVE-2019-16371HigSep 16, 2019
    risk 0.53cvss 8.2epss 0.01

    LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because do_popupregister can be bypassed via clickjacking.

  • CVE-2019-15736HigSep 16, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack.

  • CVE-2019-8371HigSep 16, 2019
    risk 0.47cvss 7.2epss 0.03

    OpenEMR v5.0.1-6 allows code execution.

  • CVE-2019-15730HigSep 16, 2019
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 8.14 through 12.2.1. The Jira integration contains a SSRF vulnerability as a result of a bypass of the current protection mechanisms against this type of attack, which would allow sending requests to any…

  • CVE-2019-15728HigSep 16, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1. Protections against SSRF attacks on the Kubernetes integration are insufficient, which could have allowed an attacker to request any local network resource accessible from the GitLab server.

  • CVE-2019-15725HigSep 16, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information.

  • CVE-2019-15722HigSep 16, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources.

  • CVE-2019-0207HigSep 16, 2019
    risk 0.49cvss 7.5epss 0.03

    Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal attack to read any files on Windows platform.

  • CVE-2019-16353HigSep 16, 2019
    risk 0.49cvss 7.5epss 0.01

    Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash via crafted traffic from a remote device, as demonstrated by an RX7i device.

  • CVE-2019-16347HigSep 16, 2019
    risk 0.50cvss 8.8epss 0.01

    ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.

  • CVE-2019-16346HigSep 16, 2019
    risk 0.50cvss 8.8epss 0.02

    ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.

  • CVE-2016-10968HigSep 16, 2019
    risk 0.57cvss 8.8epss 0.02

    The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege escalation.

  • CVE-2016-10966HigSep 16, 2019
    risk 0.49cvss 7.5epss 0.03

    The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload.

  • CVE-2016-10965HigSep 16, 2019
    risk 0.49cvss 7.5epss 0.02

    The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion.

  • CVE-2016-10960HigSep 16, 2019
    risk 0.58cvss 8.8epss 0.09

    The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.

  • CVE-2016-10958HigSep 16, 2019
    risk 0.49cvss 7.5epss 0.02

    The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php.

  • CVE-2019-16170HigSep 16, 2019
    risk 0.39cvss 7.1epss 0.01

    An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control.

  • CVE-2016-10956HigSep 16, 2019
    risk 0.50cvss 7.5epss 0.10

    The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.

  • CVE-2019-16319HigSep 15, 2019
    risk 0.49cvss 7.5epss 0.04

    In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero.

  • CVE-2019-16318HigSep 14, 2019
    risk 0.50cvss 8.8epss 0.01

    In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and…

  • CVE-2019-16317HigSep 14, 2019
    risk 0.50cvss 8.8epss 0.02

    In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory,…

  • CVE-2019-16313HigSep 14, 2019
    risk 0.53cvss 7.5epss 0.47

    ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code.

  • CVE-2019-16311HigSep 14, 2019
    risk 0.57cvss 8.8epss 0.01

    NIUSHOP V1.11 has CSRF via search_info to index.php.

  • CVE-2019-16294HigSep 14, 2019
    risk 0.47cvss 7.8epss 0.10

    SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.

  • CVE-2019-16305HigSep 14, 2019
    risk 0.58cvss 8.8epss 0.07

    In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also…

  • CVE-2019-5484HigSep 13, 2019
    risk 0.42cvss 7.5epss 0.03

    Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted.

  • CVE-2019-11660HigSep 13, 2019
    risk 0.54cvss 7.8epss 0.08

    Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges.

  • CVE-2019-5315HigSep 13, 2019
    risk 0.47cvss 7.2epss 0.02

    A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system…