VYPR

CVEs

101,963 total · page 1602 of 2,040

  • CVE-2019-4340HigAug 20, 2019
    risk 0.53cvss 8.2epss 0.02

    IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID:…

  • CVE-2019-4338HigAug 20, 2019
    risk 0.49cvss 7.5epss 0.02

    IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not properly restrict the size or amount of resources that are requested or influenced by an actor. This weakness can be used to consume more resources than intended. IBM X-Force ID: 161417.

  • CVE-2019-2134HigAug 20, 2019
    risk 0.51cvss 7.8epss 0.01

    In phFriNfc_ExtnsTransceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product:…

  • CVE-2019-2133HigAug 20, 2019
    risk 0.51cvss 7.8epss 0.01

    In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…

  • CVE-2019-2132HigAug 20, 2019
    risk 0.51cvss 7.8epss 0.01

    It is possible to overlay the VPN dialog by a malicious application. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2…

  • CVE-2019-2131HigAug 20, 2019
    risk 0.51cvss 7.8epss 0.01

    An application with overlay permission can display overlays on top of settings UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1…

  • CVE-2019-2128HigAug 20, 2019
    risk 0.51cvss 7.8epss 0.00

    In ACELP_4t64_fx of c4t64fx.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:…

  • CVE-2019-2127HigAug 20, 2019
    risk 0.51cvss 7.8epss 0.00

    In AudioInputDescriptor::setClientActive of AudioInputDescriptor.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.…

  • CVE-2019-2126HigAug 20, 2019
    risk 0.58cvss 8.8epss 0.05

    In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…

  • CVE-2019-2125HigAug 20, 2019
    risk 0.47cvss 7.3epss 0.00

    In ChangeDefaultDialerDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without the user's informed consent, with no additional privileges needed. User…

  • CVE-2019-2122HigAug 20, 2019
    risk 0.47cvss 7.3epss 0.00

    In LockTaskController.lockKeyguardIfNeeded of the LockTaskController.java, there was a difference in the handling of the default case between the WindowManager and the Settings. This could lead to a local escalation of privilege with no additional execution privileges needed.…

  • CVE-2019-2121HigAug 20, 2019
    risk 0.46cvss 7.0epss 0.00

    In ActivityManagerService.attachApplication of ActivityManagerService, there is a possible race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.…

  • CVE-2019-2120HigAug 20, 2019
    risk 0.51cvss 7.8epss 0.00

    In OatFileAssistant::GenerateOatFile of oat_file_assistant.cc, there is a possible file corruption issue due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2019-13520HigAug 20, 2019
    risk 0.51cvss 7.8epss 0.03

    Multiple buffer overflow issues have been identified in Alpha5 Smart Loader: All versions prior to 4.2. An attacker could use specially crafted project files to overflow the buffer and execute code under the privileges of the application.

  • CVE-2019-11924HigAug 20, 2019
    risk 0.00cvss 7.5epss 0.02

    A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. This issue affects versions v2019.01.28.00 and above of fizz, until v2019.08.05.00.

  • CVE-2019-4460HigAug 20, 2019
    risk 0.49cvss 7.5epss 0.03

    IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID:…

  • CVE-2019-4433HigAug 20, 2019
    risk 0.54cvss 8.2epss 0.04

    IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere Identity Insight 8.1 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or…

  • CVE-2019-4419HigAug 20, 2019
    risk 0.53cvss 8.2epss 0.02

    IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162737.

  • CVE-2019-4402HigAug 20, 2019
    risk 0.49cvss 7.5epss 0.02

    IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. IBM X-Force ID: 162263.

  • CVE-2019-4310HigAug 20, 2019
    risk 0.49cvss 7.5epss 0.02

    IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161036.

  • CVE-2019-4294HigAug 20, 2019
    risk 0.51cvss 7.8epss 0.01

    IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection…

  • CVE-2019-4253HigAug 20, 2019
    risk 0.51cvss 7.8epss 0.00

    IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. IBM X-Force ID: 159941.

  • CVE-2019-4117HigAug 20, 2019
    risk 0.57cvss 8.8epss 0.01

    IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158116.

  • CVE-2019-3968HigAug 20, 2019
    risk 0.58cvss 8.8epss 0.10

    In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form.

  • CVE-2019-10745HigAug 20, 2019
    risk 0.42cvss 7.5epss 0.01

    assign-deep is vulnerable to Prototype Pollution in versions before 0.4.8 and version 1.0.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using either a constructor or a _proto_ payload.

  • CVE-2018-1796HigAug 20, 2019
    risk 0.51cvss 7.8epss 0.00

    IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. IBM X-Force ID: 149426.

  • CVE-2019-11209HigAug 20, 2019
    risk 0.57cvss 8.8epss 0.01

    The realm configuration component of TIBCO Software Inc.'s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition contains a vulnerability that theoretically fails to properly enforce access controls. This issue affects TIBCO FTL Community Edition…

  • CVE-2017-18523HigAug 20, 2019
    risk 0.57cvss 8.8epss 0.01

    The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the address book.

  • CVE-2019-15238HigAug 20, 2019
    risk 0.57cvss 8.8epss 0.01

    The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field.

  • CVE-2017-18569HigAug 20, 2019
    risk 0.57cvss 8.8epss 0.01

    The my-wp-translate plugin before 1.0.4 for WordPress has CSRF.

  • CVE-2016-10915HigAug 20, 2019
    risk 0.57cvss 8.8epss 0.01

    The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF.

  • CVE-2016-10914HigAug 20, 2019
    risk 0.57cvss 8.8epss 0.01

    The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file.

  • CVE-2015-9331HigAug 20, 2019
    risk 0.49cvss 7.5epss 0.01

    The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit.

  • CVE-2015-9318HigAug 20, 2019
    risk 0.49cvss 7.5epss 0.01

    The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies.

  • CVE-2014-10381HigAug 20, 2019
    risk 0.57cvss 8.8epss 0.01

    The user-domain-whitelist plugin before 1.5 for WordPress has CSRF.

  • CVE-2011-5328HigAug 20, 2019
    risk 0.57cvss 8.8epss 0.01

    The user-access-manager plugin before 1.2 for WordPress has CSRF.

  • CVE-2019-14687HigAug 20, 2019
    risk 0.51cvss 7.8epss 0.02

    A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14684.

  • CVE-2019-14684HigAug 20, 2019
    risk 0.51cvss 7.8epss 0.01

    A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14687.

  • CVE-2019-11521HigAug 20, 2019
    risk 0.53cvss 8.1epss 0.02

    OX App Suite 7.10.1 allows Content Spoofing.

  • CVE-2019-12889HigAug 20, 2019
    risk 0.46cvss 7.0epss 0.01

    An unauthenticated privilege escalation exists in SailPoint Desktop Password Reset 7.2. A user with local access to only the Windows logon screen can escalate their privileges to NT AUTHORITY\System. An attacker would need local access to the machine for a successful exploit.…

  • CVE-2019-15239HigAug 20, 2019
    risk 0.00cvss 7.8epss 0.01

    In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by…

  • CVE-2019-15237HigAug 20, 2019
    risk 0.48cvss 7.4epss 0.01

    Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.

  • CVE-2019-15229HigAug 20, 2019
    risk 0.57cvss 8.8epss 0.01

    FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.

  • CVE-2019-15225HigAug 19, 2019
    risk 0.49cvss 7.5epss 0.03

    In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service (memory consumption). This is a related issue to…

  • CVE-2019-11163HigAug 19, 2019
    risk 0.51cvss 7.8epss 0.00

    Insufficient access control in a hardware abstraction driver for Intel(R) Processor Identification Utility for Windows before version 6.1.0731 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local…

  • CVE-2019-11162HigAug 19, 2019
    risk 0.51cvss 7.8epss 0.00

    Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access.

  • CVE-2019-11148HigAug 19, 2019
    risk 0.51cvss 7.8epss 0.00

    Improper permissions in the installer for Intel(R) Remote Displays SDK before version 2.0.1 R2 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2019-11146HigAug 19, 2019
    risk 0.51cvss 7.8epss 0.00

    Improper file verification in Intel® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2019-11145HigAug 19, 2019
    risk 0.51cvss 7.8epss 0.00

    Improper file verification in Intel® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2019-0173HigAug 19, 2019
    risk 0.49cvss 7.6epss 0.01

    Authentication bypass in the web console for Intel(R) Raid Web Console 2 all versions may allow an unauthenticated attacker to potentially enable disclosure of information via network access.