VYPR

CVEs

101,963 total · page 1610 of 2,040

  • CVE-2019-10166HigAug 2, 2019
    risk 0.51cvss 7.8epss 0.00

    It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a…

  • CVE-2017-18390HigAug 2, 2019
    risk 0.51cvss 7.8epss 0.00

    cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322).

  • CVE-2017-18388HigAug 2, 2019
    risk 0.51cvss 7.8epss 0.00

    cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315).

  • CVE-2017-18387HigAug 2, 2019
    risk 0.47cvss 7.2epss 0.02

    cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314).

  • CVE-2017-18386HigAug 2, 2019
    risk 0.47cvss 7.2epss 0.02

    cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313).

  • CVE-2017-18383HigAug 2, 2019
    risk 0.51cvss 7.8epss 0.00

    cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309).

  • CVE-2014-8184HigAug 2, 2019
    risk 0.51cvss 7.8epss 0.02

    A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause applications that use liblouis (such as Orca) to crash, or potentially execute…

  • CVE-2019-14524HigAug 2, 2019
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465.

  • CVE-2019-14523HigAug 2, 2019
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmt_okt_load_song in the Amiga Oktalyzer parser in fmt/okt.c.

  • CVE-2019-14513HigAug 1, 2019
    risk 0.49cvss 7.5epss 0.02

    Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491.

  • CVE-2019-14260HigAug 1, 2019
    risk 0.52cvss 8.0epss 0.03

    On the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP phone with firmware 1.50.13, a command injection (missing input validation) issue in the password change field for the Change Password interface allows an authenticated remote attacker in the same network…

  • CVE-2016-10826HigAug 1, 2019
    risk 0.57cvss 8.8epss 0.01

    cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93).

  • CVE-2016-10820HigAug 1, 2019
    risk 0.57cvss 8.8epss 0.01

    cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31).

  • CVE-2016-10816HigAug 1, 2019
    risk 0.57cvss 8.8epss 0.02

    cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121).

  • CVE-2016-10814HigAug 1, 2019
    risk 0.57cvss 8.8epss 0.01

    cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119).

  • CVE-2019-14497HigAug 1, 2019
    risk 0.51cvss 7.8epss 0.01

    ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTracker 1.02.00 has a heap-based buffer overflow.

  • CVE-2019-14496HigAug 1, 2019
    risk 0.51cvss 7.8epss 0.01

    LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 has a stack-based buffer overflow.

  • CVE-2019-9140HigAug 1, 2019
    risk 0.53cvss 8.1epss 0.01

    When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly. This could lead to javascript code execution, url redirection, sensitive information disclosure. An attacker can exploit this issue by enticing an…

  • CVE-2019-14494HigAug 1, 2019
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.

  • CVE-2019-14493HigAug 1, 2019
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp.

  • CVE-2019-14492HigAug 1, 2019
    risk 0.42cvss 7.5epss 0.03

    An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.

  • CVE-2019-14491HigAug 1, 2019
    risk 0.47cvss 8.2epss 0.03

    An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.

  • CVE-2016-10834HigAug 1, 2019
    risk 0.57cvss 8.8epss 0.01

    cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105).

  • CVE-2016-10833HigAug 1, 2019
    risk 0.49cvss 7.5epss 0.01

    cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104).

  • CVE-2016-10831HigAug 1, 2019
    risk 0.47cvss 7.2epss 0.01

    cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101).

  • CVE-2016-10830HigAug 1, 2019
    risk 0.53cvss 8.1epss 0.01

    cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100).

  • CVE-2016-10828HigAug 1, 2019
    risk 0.57cvss 8.8epss 0.03

    cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97).

  • CVE-2016-10825HigAug 1, 2019
    risk 0.53cvss 8.1epss 0.01

    cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92).

  • CVE-2016-10823HigAug 1, 2019
    risk 0.57cvss 8.8epss 0.02

    cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89).

  • CVE-2019-14486HigAug 1, 2019
    risk 0.51cvss 7.8epss 0.01

    GnuCOBOL 2.2 has a buffer overflow in cb_evaluate_expr in cobc/field.c via crafted COBOL source code.

  • CVE-2016-10848HigAug 1, 2019
    risk 0.47cvss 7.2epss 0.01

    cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81).

  • CVE-2016-10847HigAug 1, 2019
    risk 0.53cvss 8.1epss 0.01

    cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80).

  • CVE-2016-10846HigAug 1, 2019
    risk 0.53cvss 8.1epss 0.01

    cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79).

  • CVE-2016-10845HigAug 1, 2019
    risk 0.53cvss 8.1epss 0.01

    cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78).

  • CVE-2016-10843HigAug 1, 2019
    risk 0.53cvss 8.1epss 0.01

    cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76).

  • CVE-2016-10840HigAug 1, 2019
    risk 0.57cvss 8.8epss 0.02

    cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72).

  • CVE-2016-10839HigAug 1, 2019
    risk 0.53cvss 8.1epss 0.01

    cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71).

  • CVE-2016-10837HigAug 1, 2019
    risk 0.49cvss 7.5epss 0.02

    cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46).

  • CVE-2019-14259HigAug 1, 2019
    risk 0.52cvss 8.0epss 0.03

    On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands…

  • CVE-2018-20914HigAug 1, 2019
    risk 0.48cvss 7.3epss 0.01

    In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368).

  • CVE-2018-20911HigAug 1, 2019
    risk 0.47cvss 7.2epss 0.02

    cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup (SEC-359).

  • CVE-2018-20909HigAug 1, 2019
    risk 0.46cvss 7.1epss 0.00

    cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups (SEC-338).

  • CVE-2016-10860HigAug 1, 2019
    risk 0.53cvss 8.1epss 0.01

    cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66).

  • CVE-2016-10859HigAug 1, 2019
    risk 0.53cvss 8.1epss 0.01

    cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65).

  • CVE-2016-10850HigAug 1, 2019
    risk 0.57cvss 8.8epss 0.02

    cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83).

  • CVE-2015-9291HigAug 1, 2019
    risk 0.49cvss 7.5epss 0.01

    cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221).

  • CVE-2013-7473HigAug 1, 2019
    risk 0.57cvss 8.8epss 0.01

    Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to add an admin account.

  • CVE-2019-3890HigAug 1, 2019
    risk 0.53cvss 8.1epss 0.01

    It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.

  • CVE-2019-0193HigKEVAug 1, 2019
    risk 0.12cvss 7.2epss 0.84

    In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow…

  • CVE-2018-20895HigAug 1, 2019
    risk 0.47cvss 7.2epss 0.01

    In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393).