VYPR

CVEs

101,963 total · page 1605 of 2,040

  • CVE-2019-1145HigAug 14, 2019
    risk 0.61cvss 8.8epss 0.13

    A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view,…

  • CVE-2019-1144HigAug 14, 2019
    risk 0.61cvss 8.8epss 0.13

    A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view,…

  • CVE-2019-1140HigAug 14, 2019
    risk 0.58cvss 8.8epss 0.04

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current…

  • CVE-2019-1133HigAug 14, 2019
    risk 0.49cvss 7.5epss 0.03

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker…

  • CVE-2019-1057HigAug 14, 2019
    risk 0.49cvss 7.5epss 0.03

    A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability,…

  • CVE-2019-14526HigAug 14, 2019
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface Cross-Site Request Forgery token is stored in a dynamically generated JavaScript file, and therefore can be embedded in third party pages, and re-used against the Nighthawk web…

  • CVE-2019-14216HigAug 14, 2019
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icons) plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file.

  • CVE-2019-13030HigAug 14, 2019
    risk 0.53cvss 8.2epss 0.02

    eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. This is related to improper access control for addons…

  • CVE-2019-12104HigAug 14, 2019
    risk 0.58cvss 8.8epss 0.05

    The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection vulnerabilities.

  • CVE-2019-0965HigAug 14, 2019
    risk 0.50cvss 7.6epss 0.01

    A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating…

  • CVE-2019-0720HigAug 14, 2019
    risk 0.52cvss 8.0epss 0.04

    A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a…

  • CVE-2019-9583HigAug 14, 2019
    risk 0.53cvss 8.2epss 0.02

    eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15. Affected versions for CCU3: 3.41.11,…

  • CVE-2019-9582HigAug 14, 2019
    risk 0.49cvss 7.5epss 0.02

    eQ-3 Homematic CCU2 outdated base software packages allows Denial of Service. CCU2 affected versions: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15.

  • CVE-2019-9506HigAug 14, 2019
    risk 0.53cvss 8.1epss 0.03

    The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and…

  • CVE-2019-3639HigAug 14, 2019
    risk 0.46cvss 7.1epss 0.01

    Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header.

  • CVE-2019-10201HigAug 14, 2019
    risk 0.53cvss 8.1epss 0.01

    It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the sections, the message is still accepted, and the message can be modified. An attacker could use this…

  • CVE-2019-10199HigAug 14, 2019
    risk 0.57cvss 8.8epss 0.01

    It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.

  • CVE-2019-15050HigAug 14, 2019
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the AP4_AvccAtom class at Core/Ap4AvccAtom.cpp.

  • CVE-2019-15049HigAug 14, 2019
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the AP4_Dec3Atom class at Core/Ap4Dec3Atom.cpp.

  • CVE-2019-15048HigAug 14, 2019
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer overflow in the AP4_RtpAtom class at Core/Ap4RtpAtom.cpp.

  • CVE-2019-15047HigAug 14, 2019
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the function AP4_BitReader::SkipBits at Core/Ap4Utils.cpp.

  • CVE-2018-20968HigAug 14, 2019
    risk 0.57cvss 8.8epss 0.01

    The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF.

  • CVE-2018-20967HigAug 14, 2019
    risk 0.57cvss 8.8epss 0.01

    The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF.

  • CVE-2017-18513HigAug 14, 2019
    risk 0.57cvss 8.8epss 0.01

    The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface.

  • CVE-2017-18512HigAug 14, 2019
    risk 0.57cvss 8.8epss 0.01

    The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF.

  • CVE-2017-18511HigAug 14, 2019
    risk 0.57cvss 8.8epss 0.01

    The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF.

  • CVE-2017-18510HigAug 14, 2019
    risk 0.57cvss 8.8epss 0.01

    The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions.

  • CVE-2016-10885HigAug 14, 2019
    risk 0.57cvss 8.8epss 0.01

    The wp-editor plugin before 1.2.6 for WordPress has CSRF.

  • CVE-2016-10884HigAug 14, 2019
    risk 0.57cvss 8.8epss 0.01

    The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues.

  • CVE-2016-10882HigAug 14, 2019
    risk 0.57cvss 8.8epss 0.01

    The google-document-embedder plugin before 2.6.2 for WordPress has CSRF.

  • CVE-2015-9309HigAug 14, 2019
    risk 0.57cvss 8.8epss 0.01

    The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature.

  • CVE-2015-9308HigAug 14, 2019
    risk 0.57cvss 8.8epss 0.01

    The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature.

  • CVE-2015-9307HigAug 14, 2019
    risk 0.57cvss 8.8epss 0.01

    The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature.

  • CVE-2013-7476HigAug 14, 2019
    risk 0.57cvss 8.8epss 0.01

    The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface.

  • CVE-2019-8062HigAug 14, 2019
    risk 0.51cvss 7.8epss 0.03

    Adobe After Effects versions 16 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-7961HigAug 14, 2019
    risk 0.51cvss 7.8epss 0.03

    Adobe Prelude CC versions 8.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-7931HigAug 14, 2019
    risk 0.51cvss 7.8epss 0.03

    Adobe Premiere Pro CC versions 13.1.2 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-7870HigAug 14, 2019
    risk 0.51cvss 7.8epss 0.04

    Adobe Character Animator versions 2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-15046HigAug 14, 2019
    risk 0.49cvss 7.5epss 0.05

    Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.

  • CVE-2019-0349HigAug 14, 2019
    risk 0.47cvss 7.2epss 0.01

    SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73, 7.75, 7.76, 7.77, allows a user to…

  • CVE-2019-0351HigAug 14, 2019
    risk 0.57cvss 8.8epss 0.03

    A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including…

  • CVE-2019-0343HigAug 14, 2019
    risk 0.57cvss 8.8epss 0.01

    SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the…

  • CVE-2019-0341HigAug 14, 2019
    risk 0.57cvss 8.8epss 0.01

    The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. If an attacker runs script code in the context of the application, he could get access to the session cookie. The session cookie could then be abused to gain access to the application.

  • CVE-2019-14975HigAug 14, 2019
    risk 0.46cvss 7.1epss 0.01

    Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string.

  • CVE-2014-10375HigAug 14, 2019
    risk 0.49cvss 7.5epss 0.01

    handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header.

  • CVE-2019-9518HigAug 13, 2019
    risk 0.51cvss 7.5epss 0.25

    Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE.…

  • CVE-2019-9517HigAug 13, 2019
    risk 0.51cvss 7.5epss 0.27

    Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually…

  • CVE-2019-9515HigAug 13, 2019
    risk 0.56cvss 7.5epss 0.88

    Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame…

  • CVE-2019-9514HigAug 13, 2019
    risk 0.48cvss 7.5epss 0.83

    Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the…

  • CVE-2019-9513HigAug 13, 2019
    risk 0.55cvss 7.5epss 0.82

    Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can…