VYPR

CVEs

101,963 total · page 1609 of 2,040

  • CVE-2019-7928HigAug 2, 2019
    risk 0.42cvss 7.5epss 0.01

    A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. By abusing insufficient brute-forcing defenses in the token exchange protocol, an unauthenticated attacker could disrupt transactions between…

  • CVE-2019-7923HigAug 2, 2019
    risk 0.40cvss 7.2epss 0.01

    A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by authenticated user with admin privileges to manipulate shipment settings to execute arbitrary code.

  • CVE-2019-7915HigAug 2, 2019
    risk 0.42cvss 7.5epss 0.01

    A denial-of-service vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Under certain conditions, an unauthenticated attacker could force the Magento store's full page cache to serve a 404 page to customers.

  • CVE-2019-7913HigAug 2, 2019
    risk 0.40cvss 7.2epss 0.01

    A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to manipulate shipment methods to execute arbitrary code.

  • CVE-2019-7912HigAug 2, 2019
    risk 0.40cvss 7.2epss 0.02

    A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to edit configuration keys to remove file extension filters, potentially resulting in…

  • CVE-2019-7911HigAug 2, 2019
    risk 0.40cvss 7.2epss 0.01

    A server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with…

  • CVE-2019-7903HigAug 2, 2019
    risk 0.40cvss 7.2epss 0.02

    A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to email templates can execute arbitrary code by previewing a malicious template.

  • CVE-2019-7896HigAug 2, 2019
    risk 0.40cvss 7.2epss 0.02

    A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv…

  • CVE-2019-7895HigAug 2, 2019
    risk 0.40cvss 7.2epss 0.02

    A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to layouts can execute arbitrary code through a crafted XML layout update.

  • CVE-2019-7892HigAug 2, 2019
    risk 0.40cvss 7.2epss 0.02

    A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery.

  • CVE-2019-7890HigAug 2, 2019
    risk 0.41cvss 7.3epss 0.01

    An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details.

  • CVE-2019-7886HigAug 2, 2019
    risk 0.42cvss 7.5epss 0.01

    A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A weak cryptograhic mechanism is used to generate the intialization vector in multiple security relevant contexts.

  • CVE-2019-7885HigAug 2, 2019
    risk 0.50cvss 8.8epss 0.02

    Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This vulnerability could be abused by an authenticated user with the…

  • CVE-2019-7876HigAug 2, 2019
    risk 0.50cvss 8.8epss 0.02

    A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout.

  • CVE-2019-7871HigAug 2, 2019
    risk 0.50cvss 8.8epss 0.01

    A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data…

  • CVE-2019-7865HigAug 2, 2019
    risk 0.50cvss 8.8epss 0.01

    A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at the time of editing or configuration.

  • CVE-2019-7861HigAug 2, 2019
    risk 0.42cvss 7.5epss 0.02

    Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

  • CVE-2019-7860HigAug 2, 2019
    risk 0.42cvss 7.5epss 0.01

    A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

  • CVE-2019-7859HigAug 2, 2019
    risk 0.42cvss 7.5epss 0.01

    A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control.

  • CVE-2019-7858HigAug 2, 2019
    risk 0.42cvss 7.5epss 0.01

    A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks.

  • CVE-2019-7854HigAug 2, 2019
    risk 0.42cvss 7.5epss 0.01

    An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details.

  • CVE-2019-7849HigAug 2, 2019
    risk 0.42cvss 7.5epss 0.01

    A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x prior to 1.9.4.2, Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to…

  • CVE-2019-6969HigAug 2, 2019
    risk 0.49cvss 7.5epss 0.03

    The web interface of the D-Link DVA-5592 20180823 is vulnerable to an authentication bypass that allows an unauthenticated user to have access to sensitive information such as the Wi-Fi password and the phone number (if VoIP is in use).

  • CVE-2019-14541HigAug 2, 2019
    risk 0.51cvss 7.8epss 0.01

    GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id in cobc/typeck.c via crafted COBOL source code.

  • CVE-2019-10094HigAug 2, 2019
    risk 0.51cvss 7.8epss 0.02

    A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later.

  • CVE-2019-10088HigAug 2, 2019
    risk 0.58cvss 8.8epss 0.05

    A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later.

  • CVE-2019-10961HigAug 2, 2019
    risk 0.58cvss 8.8epss 0.04

    In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution.

  • CVE-2017-18463HigAug 2, 2019
    risk 0.51cvss 7.8epss 0.00

    cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225).

  • CVE-2017-18460HigAug 2, 2019
    risk 0.51cvss 7.8epss 0.00

    cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221).

  • CVE-2017-18459HigAug 2, 2019
    risk 0.51cvss 7.8epss 0.00

    cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220).

  • CVE-2017-18435HigAug 2, 2019
    risk 0.48cvss 7.3epss 0.01

    cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238).

  • CVE-2017-18434HigAug 2, 2019
    risk 0.51cvss 7.8epss 0.00

    cPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call (SEC-237).

  • CVE-2017-18433HigAug 2, 2019
    risk 0.57cvss 8.8epss 0.02

    cPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call (SEC-236).

  • CVE-2017-18432HigAug 2, 2019
    risk 0.51cvss 7.8epss 0.00

    In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password (SEC-234).

  • CVE-2017-18431HigAug 2, 2019
    risk 0.49cvss 7.5epss 0.01

    cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941).

  • CVE-2019-5501HigAug 2, 2019
    risk 0.49cvss 7.5epss 0.02

    Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose sensitive LDAP account information to unauthenticated remote attackers.

  • CVE-2019-5493HigAug 2, 2019
    risk 0.49cvss 7.5epss 0.01

    Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which discloses information to an unauthenticated attacker. A successful attack requires that multiple non-default options be enabled.

  • CVE-2019-14235HigAug 2, 2019
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.

  • CVE-2019-14233HigAug 2, 2019
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested…

  • CVE-2019-14232HigAug 2, 2019
    risk 0.49cvss 7.5epss 0.04

    An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic…

  • CVE-2019-14528HigAug 2, 2019
    risk 0.51cvss 7.8epss 0.01

    GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in cobc/scanner.l via crafted COBOL source code.

  • CVE-2019-10171HigAug 2, 2019
    risk 0.49cvss 7.5epss 0.01

    It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service.

  • CVE-2018-1987HigAug 2, 2019
    risk 0.51cvss 7.8epss 0.00

    IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if tracing is activated, the IBM Spectrum Protect node password may be displayed in plain text in the ERP trace file. IBM X-Force ID: 154280.

  • CVE-2017-18415HigAug 2, 2019
    risk 0.51cvss 7.8epss 0.00

    cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302).

  • CVE-2017-18414HigAug 2, 2019
    risk 0.48cvss 7.4epss 0.01

    cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300).

  • CVE-2017-18413HigAug 2, 2019
    risk 0.51cvss 7.8epss 0.00

    In cPanel before 67.9999.103, the backup system overwrites root's home directory when a mount disappears (SEC-299).

  • CVE-2017-18406HigAug 2, 2019
    risk 0.49cvss 7.5epss 0.01

    cPanel before 67.9999.103 allows SQL injection during eximstats processing (SEC-276).

  • CVE-2017-18400HigAug 2, 2019
    risk 0.51cvss 7.8epss 0.01

    cPanel before 68.0.15 allows local root code execution via cpdavd (SEC-333).

  • CVE-2019-10168HigAug 2, 2019
    risk 0.51cvss 7.8epss 0.01

    The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe…

  • CVE-2019-10167HigAug 2, 2019
    risk 0.51cvss 7.8epss 0.01

    The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities.…