VYPR

CVEs

101,963 total · page 1595 of 2,040

  • CVE-2019-16100HigSep 8, 2019
    risk 0.49cvss 7.5epss 0.02

    Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to trigger a web-interface outage via slow client-side HTTP traffic from a single source.

  • CVE-2019-16099HigSep 8, 2019
    risk 0.57cvss 8.8epss 0.01

    Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file.

  • CVE-2016-10937HigSep 8, 2019
    risk 0.49cvss 7.5epss 0.01

    IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate.

  • CVE-2019-16096HigSep 8, 2019
    risk 0.49cvss 7.5epss 0.02

    Kilo 0.0.1 has a heap-based buffer overflow because there is an integer overflow in a calculation involving the number of tabs in one row.

  • CVE-2019-16095HigSep 8, 2019
    risk 0.49cvss 7.5epss 0.01

    Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c.

  • CVE-2019-16094HigSep 8, 2019
    risk 0.49cvss 7.5epss 0.01

    Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c.

  • CVE-2019-16091HigSep 8, 2019
    risk 0.49cvss 7.5epss 0.01

    Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c.

  • CVE-2019-9458HigSep 6, 2019
    risk 0.46cvss 7.0epss 0.00

    In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2019-9345HigSep 6, 2019
    risk 0.51cvss 7.8epss 0.00

    In the Android kernel in sdcardfs there is a possible violation of the separation of data between profiles due to shared mapping of obb files. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

  • CVE-2019-9270HigSep 6, 2019
    risk 0.51cvss 7.8epss 0.00

    In the Android kernel in unifi and r8180 WiFi drivers there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2019-2182HigSep 6, 2019
    risk 0.51cvss 7.8epss 0.00

    In the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2019-9854HigSep 6, 2019
    risk 0.44cvss 7.8epss 0.02

    LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of…

  • CVE-2019-16059HigSep 6, 2019
    risk 0.57cvss 8.8epss 0.01

    Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code at index.php/dashboard/viewprofile via a crafted HTML page.

  • CVE-2019-16058HigSep 6, 2019
    risk 0.00cvss 7.5epss 0.02

    An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits depending on the signature scheme.

  • CVE-2019-16056HigSep 6, 2019
    risk 0.00cvss 7.5epss 0.05

    An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on…

  • CVE-2019-15890HigSep 6, 2019
    risk 0.49cvss 7.5epss 0.04

    libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.

  • CVE-2018-18630HigSep 6, 2019
    risk 0.51cvss 7.8epss 0.00

    A vulnerability was found in McKesson Cardiology product 13.x and 14.x. Insecure file permissions in the default installation may allow an attacker with local system access to execute unauthorized arbitrary code.

  • CVE-2019-13953HigSep 6, 2019
    risk 0.57cvss 8.8epss 0.01

    An exploitable authentication bypass vulnerability exists in the Bluetooth Low Energy (BLE) authentication module of YI M1 Mirrorless Camera V3.2-cn. An attacker can send a set of BLE commands to trigger this vulnerability, resulting in sensitive data leakage (e.g., personal…

  • CVE-2018-6240HigSep 6, 2019
    risk 0.51cvss 7.8epss 0.00

    NVIDIA Tegra contains a vulnerability in BootRom where a user with kernel level privileges can write an arbitrary value to an arbitrary physical address

  • CVE-2019-13517HigSep 6, 2019
    risk 0.57cvss 8.8epss 0.01

    In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Server, with Windows Server Versions 4.4 through 4.12, a vulnerability has been identified where existing access privileges are not restricted in coordination with the expiration of access based on active directory…

  • CVE-2019-9254HigSep 5, 2019
    risk 0.51cvss 7.8epss 0.00

    In readArgumentList of zygote.java in Android 10, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2019-2181HigSep 5, 2019
    risk 0.51cvss 7.8epss 0.00

    In binder_transaction of binder.c in the Android kernel, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2019-2178HigSep 5, 2019
    risk 0.51cvss 7.8epss 0.00

    In rw_t4t_sm_read_ndef of rw_t4t in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC service with no additional execution privileges needed. User interaction…

  • CVE-2019-2177HigSep 5, 2019
    risk 0.57cvss 8.8epss 0.01

    In isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible device type confusion due to a permissions bypass. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2019-2176HigSep 5, 2019
    risk 0.51cvss 7.8epss 0.01

    In ihevcd_parse_buffering_period_sei of ihevcd_parse_headers.c in Android 8.0, 8.1 and 9, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed…

  • CVE-2019-2175HigSep 5, 2019
    risk 0.51cvss 7.8epss 0.00

    In checkAccess of SliceManagerService.java in Android 9, there is a possible permissions check bypass due to incorrect order of arguments. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2019-2174HigSep 5, 2019
    risk 0.51cvss 7.8epss 0.00

    In SensorManager::assertStateLocked of SensorManager.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not…

  • CVE-2019-2123HigSep 5, 2019
    risk 0.51cvss 7.8epss 0.00

    In execTransact of Binder.java in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible local execution of arbitrary code in a privileged process due to a memory overwrite. This could lead to local escalation of privilege with no additional execution privileges needed. User…

  • CVE-2019-2115HigSep 5, 2019
    risk 0.51cvss 7.8epss 0.00

    In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for…

  • CVE-2019-2108HigSep 5, 2019
    risk 0.51cvss 7.8epss 0.01

    In ihevcd_ref_list of ihevcd_ref_list.c in Android 10, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2019-14224HigSep 5, 2019
    risk 0.47cvss 7.2epss 0.05

    An issue was discovered in Alfresco Community Edition 5.2 201707. By leveraging multiple components in the Alfresco Software applications, an exploit chain was observed that allows an attacker to achieve remote code execution on the victim machine. The attacker must upload…

  • CVE-2019-15029HigSep 5, 2019
    risk 0.61cvss 8.8epss 0.12

    FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger the command, one needs to call the services.php file via a GET request…

  • CVE-2019-11380HigSep 5, 2019
    risk 0.49cvss 7.5epss 0.02

    The master-password feature in the ES File Explorer File Manager application 4.2.0.1.3 for Android can be bypassed via a com.estrongs.android.pop.ftp.ESFtpShortcut intent, leading to remote FTP access to the entirety of local storage.

  • CVE-2019-15953HigSep 5, 2019
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in Total.js CMS 12.0.0. An authenticated user with limited privileges can get access to a resource that they do not own by calling the associated API. The product correctly manages privileges only for the front-end resource path, not for API requests.…

  • CVE-2019-15952HigSep 5, 2019
    risk 0.58cvss 8.8epss 0.05

    An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack (../) to include .html files that are outside the permitted directory. Also, if a page contains a template directive, then the directive will be…

  • CVE-2019-13191HigSep 5, 2019
    risk 0.49cvss 7.5epss 0.01

    A SQL injection vulnerability in IntraMaps MapControl 8 allows attackers to execute arbitrary SQL commands via the /ApplicationEngine/Search/Refine/Set page.

  • CVE-2019-5069HigSep 5, 2019
    risk 0.57cvss 8.8epss 0.02

    A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability.

  • CVE-2019-15949HigKEVSep 5, 2019
    risk 0.78cvss 8.8epss 0.78

    Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is…

  • CVE-2019-15947HigSep 5, 2019
    risk 0.49cvss 7.5epss 0.01

    In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user's wallet.dat file, including their private keys, via a grep "6231 0500" command.

  • CVE-2019-15942HigSep 5, 2019
    risk 0.57cvss 8.8epss 0.02

    FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer.

  • CVE-2019-4321HigSep 5, 2019
    risk 0.49cvss 7.5epss 0.01

    IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Operations Center for Emergency Management V5.1.0 - V5.1.0.6, and IBM Water Operations for Waternamics V5.1.0 - V5.2.1.1 does not require that users should have strong passwords by default, which makes it easier…

  • CVE-2019-12223HigSep 5, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1.07_190502 devices, and other SRN-x devices before 2019-05-03. A system crash and reboot can be achieved by submitting a long username in excess of 117 characters. The username triggers a buffer overflow in the…

  • CVE-2018-21010HigSep 5, 2019
    risk 0.00cvss 8.8epss 0.02

    OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.

  • CVE-2018-21009HigSep 5, 2019
    risk 0.57cvss 8.8epss 0.02

    Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.

  • CVE-2019-1939HigSep 5, 2019
    risk 0.58cvss 8.8epss 0.05

    A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by the application on Windows…

  • CVE-2019-12645HigSep 5, 2019
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code on an affected device The vulnerability is due to improper file level permissions…

  • CVE-2019-12633HigSep 5, 2019
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. The vulnerability is due to improper validation of…

  • CVE-2019-12632HigSep 5, 2019
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on an affected system. The vulnerability exists because the affected system does not properly validate user-supplied…

  • CVE-2019-15927HigSep 4, 2019
    risk 0.00cvss 7.8epss 0.00

    An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c.

  • CVE-2019-15925HigSep 4, 2019
    risk 0.00cvss 7.8epss 0.00

    An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function hclge_tm_schd_mode_vnet_base_cfg in the file drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c.