VYPR

CVEs

101,963 total · page 1607 of 2,040

  • CVE-2016-10863HigAug 8, 2019
    risk 0.57cvss 8.8epss 0.01

    Edimax Wi-Fi Extender devices allow goform/formwlencryptvxd CSRF with resultant PSK key disclosure.

  • CVE-2016-10862HigAug 8, 2019
    risk 0.57cvss 8.8epss 0.01

    Neet AirStream NAS1.1 devices have a password of ifconfig for the root account. This cannot be changed via the configuration page.

  • CVE-2015-9292HigAug 8, 2019
    risk 0.57cvss 8.8epss 0.01

    6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter).

  • CVE-2019-14773HigAug 8, 2019
    risk 0.49cvss 7.5epss 0.02

    admin/includes/class.actions.snippet.php in the "Woody ad snippets" plugin through 2.2.5 for WordPress allows wp-admin/admin-post.php?action=close&post= deletion.

  • CVE-2019-14681HigAug 8, 2019
    risk 0.57cvss 8.8epss 0.01

    The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admin/options-general.php?page=daf_settings&daf_remove=true CSRF.

  • CVE-2019-14693HigAug 8, 2019
    risk 0.56cvss 8.5epss 0.04

    Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

  • CVE-2019-12959HigAug 8, 2019
    risk 0.57cvss 8.8epss 0.03

    Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter.

  • CVE-2019-5238HigAug 8, 2019
    risk 0.51cvss 7.8epss 0.01

    Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Successful exploitation may cause the attacker to execute code and read/write information.

  • CVE-2019-5237HigAug 8, 2019
    risk 0.51cvss 7.8epss 0.01

    Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Successful exploitation may cause the attacker to execute code and read/write information.

  • CVE-2019-13176HigAug 8, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF (reading local files, outbound HTTP,…

  • CVE-2019-1958HigAug 8, 2019
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI…

  • CVE-2019-1957HigAug 8, 2019
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport…

  • CVE-2019-1955HigAug 8, 2019
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to incomplete input…

  • CVE-2019-1944HigAug 7, 2019
    risk 0.47cvss 7.3epss 0.00

    Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information…

  • CVE-2019-1934HigAug 7, 2019
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The vulnerability is due to insufficient…

  • CVE-2019-1929HigAug 7, 2019
    risk 0.51cvss 7.8epss 0.01

    Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly…

  • CVE-2019-1928HigAug 7, 2019
    risk 0.51cvss 7.8epss 0.01

    Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly…

  • CVE-2019-1927HigAug 7, 2019
    risk 0.51cvss 7.8epss 0.01

    Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly…

  • CVE-2019-1926HigAug 7, 2019
    risk 0.51cvss 7.8epss 0.02

    Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly…

  • CVE-2019-1924HigAug 7, 2019
    risk 0.51cvss 7.8epss 0.01

    Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly…

  • CVE-2019-1918HigAug 7, 2019
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the implementation of Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS-IS area to cause a denial of service (DoS)…

  • CVE-2019-1925HigAug 7, 2019
    risk 0.51cvss 7.8epss 0.01

    Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly…

  • CVE-2019-1910HigAug 7, 2019
    risk 0.48cvss 7.4epss 0.00

    A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS–IS area to cause a denial of service…

  • CVE-2019-14474HigAug 7, 2019
    risk 0.49cvss 7.5epss 0.02

    eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input Validation in function 'Call()' of ReGa core logic process, resulting in the ability to start a Denial of Service. Due to Improper Authorization an attacker can obtain a session ID from CVE-2019-9583 or a valid…

  • CVE-2019-14749HigAug 7, 2019
    risk 0.61cvss 8.8epss 0.10

    An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields…

  • CVE-2019-10099HigAug 7, 2019
    risk 0.49cvss 7.5epss 0.01

    Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in…

  • CVE-2019-14745HigAug 7, 2019
    risk 0.00cvss 7.8epss 0.04

    In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of…

  • CVE-2019-14744HigAug 7, 2019
    risk 0.51cvss 7.8epss 0.04

    In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon…

  • CVE-2019-14432HigAug 7, 2019
    risk 0.57cvss 8.8epss 0.02

    Incorrect authentication of application WebSocket connections in Loom Desktop for Mac up to 0.16.0 allows remote code execution from either malicious JavaScript in a browser or hosts on the same network, during periods in which a user is recording a video with the application.…

  • CVE-2019-10386HigAug 7, 2019
    risk 0.57cvss 8.8epss 0.01

    A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through…

  • CVE-2019-10381HigAug 7, 2019
    risk 0.49cvss 7.5epss 0.01

    Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM.

  • CVE-2019-10380HigAug 7, 2019
    risk 0.57cvss 8.8epss 0.02

    Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.

  • CVE-2019-10371HigAug 7, 2019
    risk 0.42cvss 7.5epss 0.01

    A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.

  • CVE-2019-10368HigAug 7, 2019
    risk 0.57cvss 8.8epss 0.01

    A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using…

  • CVE-2018-14383HigAug 7, 2019
    risk 0.49cvss 7.5epss 0.01

    The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows XXE due to a weakly configured/parameterized XML parser. It was fixed in the versions 5.2.1 and 3.3.7

  • CVE-2016-5431HigAug 7, 2019
    risk 0.42cvss 7.5epss 0.01

    The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens.

  • CVE-2018-20959HigAug 7, 2019
    risk 0.53cvss 8.1epss 0.01

    Jura E8 devices lack Bluetooth connection security.

  • CVE-2016-10812HigAug 7, 2019
    risk 0.57cvss 8.8epss 0.01

    In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117).

  • CVE-2016-10811HigAug 7, 2019
    risk 0.57cvss 8.8epss 0.01

    In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116).

  • CVE-2016-10810HigAug 7, 2019
    risk 0.57cvss 8.8epss 0.01

    In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115).

  • CVE-2016-10809HigAug 7, 2019
    risk 0.57cvss 8.8epss 0.01

    In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114).

  • CVE-2016-10808HigAug 7, 2019
    risk 0.57cvss 8.8epss 0.01

    In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113).

  • CVE-2016-10805HigAug 7, 2019
    risk 0.57cvss 8.8epss 0.01

    cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109).

  • CVE-2016-10804HigAug 7, 2019
    risk 0.53cvss 8.1epss 0.01

    The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore (SEC-58).

  • CVE-2016-10803HigAug 7, 2019
    risk 0.49cvss 7.5epss 0.01

    cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923).

  • CVE-2016-10802HigAug 7, 2019
    risk 0.57cvss 8.8epss 0.01

    cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142).

  • CVE-2016-10801HigAug 7, 2019
    risk 0.57cvss 8.8epss 0.01

    cPanel before 58.0.4 has improper session handling for shared users (SEC-139).

  • CVE-2016-10800HigAug 7, 2019
    risk 0.51cvss 7.8epss 0.01

    cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls (SEC-138).

  • CVE-2019-1914HigAug 7, 2019
    risk 0.52cvss 7.2epss 0.25

    A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could…

  • CVE-2019-14734HigAug 7, 2019
    risk 0.57cvss 8.8epss 0.02

    AdPlug 2.3.1 has multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp.