VYPR

CVEs

101,963 total · page 1598 of 2,040

  • CVE-2019-15496HigAug 28, 2019
    risk 0.57cvss 8.8epss 0.01

    MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.

  • CVE-2019-13348HigAug 28, 2019
    risk 0.57cvss 8.8epss 0.01

    In Knowage through 6.1.1, an authenticated user who accesses the datasources page will gain access to any data source credentials in cleartext, which includes databases.

  • CVE-2019-10390HigAug 28, 2019
    risk 0.50cvss 8.8epss 0.02

    A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and earlier allowed attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.

  • CVE-2019-10384HigAug 28, 2019
    risk 0.50cvss 8.8epss 0.02

    Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user.

  • CVE-2015-9353HigAug 28, 2019
    risk 0.47cvss 7.2epss 0.01

    The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066.

  • CVE-2019-15702HigAug 27, 2019
    risk 0.49cvss 7.5epss 0.01

    In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a denial-of-service, because sys/net/gnrc/transport_layer/tcp/gnrc_tcp_option.c has an infinite loop for an unknown zero-length option.

  • CVE-2019-15701HigAug 27, 2019
    risk 0.57cvss 8.8epss 0.02

    components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote attackers to execute arbitrary OS commands (by spawning a child process as the current user on the victim's machine) when the search function's autocomplete feature is used. The victim must import data from an…

  • CVE-2019-13270HigAug 27, 2019
    risk 0.57cvss 8.8epss 0.01

    Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it…

  • CVE-2019-13269HigAug 27, 2019
    risk 0.57cvss 8.8epss 0.01

    Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with…

  • CVE-2019-13268HigAug 27, 2019
    risk 0.57cvss 8.8epss 0.01

    TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To…

  • CVE-2019-13267HigAug 27, 2019
    risk 0.57cvss 8.8epss 0.01

    TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an…

  • CVE-2019-13266HigAug 27, 2019
    risk 0.57cvss 8.8epss 0.01

    TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the…

  • CVE-2019-13265HigAug 27, 2019
    risk 0.57cvss 8.8epss 0.01

    D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as…

  • CVE-2019-13264HigAug 27, 2019
    risk 0.57cvss 8.8epss 0.01

    D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it…

  • CVE-2019-13263HigAug 27, 2019
    risk 0.57cvss 8.8epss 0.01

    D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with…

  • CVE-2019-13271HigAug 27, 2019
    risk 0.57cvss 8.8epss 0.01

    Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as…

  • CVE-2019-11457HigAug 27, 2019
    risk 0.57cvss 8.8epss 0.01

    Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/.

  • CVE-2019-15660HigAug 27, 2019
    risk 0.57cvss 8.8epss 0.01

    The wp-members plugin before 3.2.8 for WordPress has CSRF.

  • CVE-2017-18592HigAug 27, 2019
    risk 0.49cvss 7.5epss 0.01

    The woocommerce-catalog-enquiry plugin before 3.1.0 for WordPress has an incorrect wp_upload directory for file uploads.

  • CVE-2015-9348HigAug 27, 2019
    risk 0.49cvss 7.5epss 0.02

    The sell-downloads plugin before 1.0.8 for WordPress has insufficient restrictions on brute-force guessing of purchase IDs.

  • CVE-2019-15649HigAug 27, 2019
    risk 0.57cvss 8.8epss 0.02

    The insert-or-embed-articulate-content-into-wordpress plugin before 4.2999 for WordPress has insufficient restrictions on file upload.

  • CVE-2019-15647HigAug 27, 2019
    risk 0.58cvss 8.8epss 0.05

    The groundhogg plugin before 1.3.5 for WordPress has wp-admin/admin-ajax.php?action=bulk_action_listener remote code execution.

  • CVE-2019-15645HigAug 27, 2019
    risk 0.57cvss 8.8epss 0.01

    The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF.

  • CVE-2018-21006HigAug 27, 2019
    risk 0.57cvss 8.8epss 0.01

    The bbp-move-topics plugin before 1.1.6 for WordPress has CSRF.

  • CVE-2018-21002HigAug 27, 2019
    risk 0.57cvss 8.8epss 0.01

    The js-support-ticket plugin before 2.0.6 for WordPress has CSRF.

  • CVE-2015-9345HigAug 27, 2019
    risk 0.49cvss 7.5epss 0.01

    The link-log plugin before 2.0 for WordPress has HTTP Response Splitting.

  • CVE-2015-9343HigAug 27, 2019
    risk 0.57cvss 8.8epss 0.01

    The wp-rollback plugin before 1.2.3 for WordPress has CSRF.

  • CVE-2019-15658HigAug 26, 2019
    risk 0.48cvss 7.3epss 0.01

    connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data.

  • CVE-2019-8460HigAug 26, 2019
    risk 0.42cvss 7.5epss 0.02

    OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of service.

  • CVE-2019-7996HigAug 26, 2019
    risk 0.57cvss 8.8epss 0.03

    Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.

  • CVE-2019-7995HigAug 26, 2019
    risk 0.57cvss 8.8epss 0.03

    Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.

  • CVE-2019-7994HigAug 26, 2019
    risk 0.58cvss 8.8epss 0.06

    Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-7991HigAug 26, 2019
    risk 0.57cvss 8.8epss 0.03

    Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.

  • CVE-2019-7989HigAug 26, 2019
    risk 0.58cvss 8.8epss 0.14

    Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-7988HigAug 26, 2019
    risk 0.58cvss 8.8epss 0.05

    Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-7986HigAug 26, 2019
    risk 0.58cvss 8.8epss 0.05

    Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-7985HigAug 26, 2019
    risk 0.58cvss 8.8epss 0.08

    Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-7984HigAug 26, 2019
    risk 0.58cvss 8.8epss 0.05

    Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-7983HigAug 26, 2019
    risk 0.58cvss 8.8epss 0.05

    Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-7982HigAug 26, 2019
    risk 0.58cvss 8.8epss 0.05

    Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-7980HigAug 26, 2019
    risk 0.58cvss 8.8epss 0.05

    Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-7979HigAug 26, 2019
    risk 0.58cvss 8.8epss 0.05

    Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-7978HigAug 26, 2019
    risk 0.58cvss 8.8epss 0.08

    Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-7976HigAug 26, 2019
    risk 0.58cvss 8.8epss 0.06

    Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-15642HigAug 26, 2019
    risk 0.03cvss 8.8epss 0.38

    rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a server, which is…

  • CVE-2019-15547HigAug 26, 2019
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled.

  • CVE-2019-15546HigAug 26, 2019
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities.

  • CVE-2019-15545HigAug 26, 2019
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in the libp2p-core crate before 0.8.1 for Rust. Attackers can spoof ed25519 signatures.

  • CVE-2019-15544HigAug 26, 2019
    risk 0.49cvss 7.5epss 0.04

    An issue was discovered in the protobuf crate before 2.6.0 for Rust. Attackers can exhaust all memory via Vec::reserve calls.

  • CVE-2019-15542HigAug 26, 2019
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization.