VYPR

CVEs

101,963 total · page 1606 of 2,040

  • CVE-2019-9512HigAug 13, 2019
    risk 0.48cvss 7.5epss 0.83

    Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can…

  • CVE-2019-9511HigAug 13, 2019
    risk 0.53cvss 7.5epss 0.58

    Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size…

  • CVE-2019-5299HigAug 13, 2019
    risk 0.51cvss 7.8epss 0.01

    Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL00C00B175 have a signature verification bypass vulnerability. Attackers can induce users to install malicious applications. Due to a defect in the signature verification logic, the malicious applications can…

  • CVE-2019-5223HigAug 13, 2019
    risk 0.51cvss 7.8epss 0.01

    PCManager 9.1.3.1 has an improper authentication vulnerability. The certain driver interface of the software does not perform a validation of user-mode data properly, successful exploit could result in malicious code execution.

  • CVE-2019-11207HigAug 13, 2019
    risk 0.57cvss 8.8epss 0.01

    The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enterprise Virtual Appliance, and TIBCO LogLogic Log Management Intelligence contains multiple vulnerabilities that theoretically allow persistent and reflected cross-site scripting (XSS) attacks, as well as…

  • CVE-2019-14986HigAug 13, 2019
    risk 0.53cvss 8.1epss 0.03

    eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command (as well as "Set root password") are exposed.

  • CVE-2019-14984HigAug 13, 2019
    risk 0.53cvss 8.1epss 0.06

    eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because the undocumented addons/xmlapi/exec.cgi script uses CMD_EXEC to execute TCL code from a POST request.

  • CVE-2019-12808HigAug 13, 2019
    risk 0.51cvss 7.8epss 0.00

    ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission. An attacker can overwrite an executable that is launched as a service to exploit this vulnerability and execute arbitrary code with system privileges.

  • CVE-2019-12807HigAug 13, 2019
    risk 0.51cvss 7.8epss 0.02

    Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution…

  • CVE-2019-12806HigAug 13, 2019
    risk 0.58cvss 8.8epss 0.04

    UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can overwrite the stack with arbitrary data, due to a buffer overflow in a library. That leads remote attacker to execute arbitrary code via crafted https packets.

  • CVE-2019-10943HigAug 13, 2019
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC…

  • CVE-2019-10942HigAug 13, 2019
    risk 0.56cvss 8.6epss 0.01

    A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X204RNA (HSR) (All versions), SCALANCE X204RNA (PRP) (All…

  • CVE-2019-14993HigAug 13, 2019
    risk 0.49cvss 7.5epss 0.02

    Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding API.

  • CVE-2018-20964HigAug 13, 2019
    risk 0.57cvss 8.8epss 0.01

    The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF.

  • CVE-2019-5681HigAug 13, 2019
    risk 0.51cvss 7.8epss 0.00

    NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the custom NVIDIA API used in the mount system service where user data could be overridden, which may lead to code execution, denial of service, or information disclosure.

  • CVE-2019-13419HigAug 13, 2019
    risk 0.49cvss 7.5epss 0.01

    Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked.

  • CVE-2019-14530HigAug 13, 2019
    risk 0.08cvss 8.8epss 0.67

    An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory…

  • CVE-2019-14516HigAug 13, 2019
    risk 0.48cvss 7.4epss 0.01

    The mAadhaar application 1.2.7 for Android lacks SSL Certificate Validation, leading to man-in-the-middle attacks against requests for FAQs or Help.

  • CVE-2017-18509HigAug 13, 2019
    risk 0.00cvss 7.8epss 0.01

    An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain…

  • CVE-2019-13418HigAug 12, 2019
    risk 0.49cvss 7.5epss 0.01

    Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized.

  • CVE-2019-14969HigAug 12, 2019
    risk 0.51cvss 7.8epss 0.00

    Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\ and sub-folders. In addition, the service Netwrix.ADA.StorageAuditService (which writes to that directory) does not perform proper impersonation, and thus the target file…

  • CVE-2019-14966HigAug 12, 2019
    risk 0.00cvss 8.8epss 0.02

    An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. There exists an authenticated SQL injection.

  • CVE-2019-14951HigAug 12, 2019
    risk 0.49cvss 7.5epss 0.02

    The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks on the authentication process, which makes it easier for attackers to obtain multimedia-screen access via port 7050 on the…

  • CVE-2017-18504HigAug 12, 2019
    risk 0.57cvss 8.8epss 0.01

    The twitter-cards-meta plugin before 2.5.0 for WordPress has CSRF.

  • CVE-2016-10876HigAug 12, 2019
    risk 0.57cvss 8.8epss 0.01

    The wp-database-backup plugin before 4.3.1 for WordPress has CSRF.

  • CVE-2016-10874HigAug 12, 2019
    risk 0.57cvss 8.8epss 0.01

    The wp-database-backup plugin before 4.3.3 for WordPress has CSRF.

  • CVE-2019-14932HigAug 12, 2019
    risk 0.49cvss 7.5epss 0.02

    The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to access all candidates' information on the website via a modified selApp variable to personalData/resumeDetail.cfm. This includes personal information and other sensitive data.

  • CVE-2019-14935HigAug 12, 2019
    risk 0.51cvss 7.8epss 0.00

    3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link.

  • CVE-2019-14934HigAug 11, 2019
    risk 0.00cvss 7.8epss 0.01

    An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_kids in pdf.c doesn't validate a certain size value, which leads to a malloc failure and out-of-bounds write.

  • CVE-2019-14933HigAug 11, 2019
    risk 0.00cvss 8.8epss 0.01

    Bagisto 0.1.5 allows CSRF under /admin URIs.

  • CVE-2019-14924HigAug 10, 2019
    risk 0.00cvss 7.5epss 0.02

    An issue was discovered in GCDWebServer before 3.5.3. The method moveItem in the GCDWebUploader class checks the FileExtension of newAbsolutePath but not oldAbsolutePath. By leveraging this vulnerability, an adversary can make an inaccessible file be available (the credential of…

  • CVE-2019-12258HigAug 9, 2019
    risk 0.54cvss 7.5epss 0.23

    Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options.

  • CVE-2019-11042HigAug 9, 2019
    risk 0.47cvss 7.1epss 0.04

    When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This…

  • CVE-2019-11041HigAug 9, 2019
    risk 0.47cvss 7.1epss 0.04

    When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This…

  • CVE-2019-3744HigAug 9, 2019
    risk 0.51cvss 7.8epss 0.00

    Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a Universal Windows Platform application by manipulating the install software package feature with a race condition and a…

  • CVE-2019-3742HigAug 9, 2019
    risk 0.51cvss 7.8epss 0.00

    Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a named pipe that performs binary deserialization via a process hollowing technique to inject malicous code to run an…

  • CVE-2019-12263HigAug 9, 2019
    risk 0.53cvss 8.1epss 0.03

    Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition.

  • CVE-2019-12259HigAug 9, 2019
    risk 0.50cvss 7.5epss 0.16

    Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing.

  • CVE-2019-5406HigAug 9, 2019
    risk 0.47cvss 7.2epss 0.01

    A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.

  • CVE-2019-5405HigAug 9, 2019
    risk 0.48cvss 7.3epss 0.02

    A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.

  • CVE-2019-5404HigAug 9, 2019
    risk 0.57cvss 8.8epss 0.02

    A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.

  • CVE-2019-12257HigAug 9, 2019
    risk 0.64cvss 8.8epss 0.84

    Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc.

  • CVE-2019-5395HigAug 9, 2019
    risk 0.57cvss 8.8epss 0.02

    A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.

  • CVE-2019-12805HigAug 9, 2019
    risk 0.57cvss 8.8epss 0.03

    NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. User interaction is required to exploit this vulnerability in that the target must visit a…

  • CVE-2017-18486HigAug 9, 2019
    risk 0.47cvss 7.2epss 0.05

    Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the…

  • CVE-2019-14806HigAug 9, 2019
    risk 0.42cvss 7.5epss 0.02

    Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.

  • CVE-2019-14794HigAug 9, 2019
    risk 0.49cvss 7.5epss 0.01

    The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders.

  • CVE-2018-20960HigAug 8, 2019
    risk 0.53cvss 8.1epss 0.01

    Nespresso Prodigio devices lack Bluetooth connection security.

  • CVE-2018-20957HigAug 8, 2019
    risk 0.57cvss 8.8epss 0.01

    The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 allows replay attacks.

  • CVE-2018-20954HigAug 8, 2019
    risk 0.00cvss 7.5epss 0.01

    The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys.