VYPR

CVEs

100,472 total · page 1612 of 2,010

  • CVE-2019-0892HigMay 16, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

  • CVE-2019-0891HigMay 16, 2019
    risk 0.52cvss 7.8epss 0.20

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0893, CVE-2019-0894,…

  • CVE-2019-0890HigMay 16, 2019
    risk 0.52cvss 7.8epss 0.14

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894,…

  • CVE-2019-0889HigMay 16, 2019
    risk 0.52cvss 7.8epss 0.20

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894,…

  • CVE-2019-0885HigMay 16, 2019
    risk 0.52cvss 7.8epss 0.14

    A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'.

  • CVE-2019-0884HigMay 16, 2019
    risk 0.49cvss 7.5epss 0.08

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0911, CVE-2019-0918.

  • CVE-2019-0881HigMay 16, 2019
    risk 0.54cvss 7.8epss 0.03

    An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege Vulnerability'.

  • CVE-2019-0863HigKEVMay 16, 2019
    risk 0.66cvss 7.8epss 0.05

    An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.

  • CVE-2019-0820HigMay 16, 2019
    risk 0.49cvss 7.5epss 0.06

    A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.

  • CVE-2019-0734HigMay 16, 2019
    risk 0.53cvss 8.1epss 0.04

    An elevation of privilege vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully decode and replace authentication request using Kerberos, allowing an attacker to be validated as an Administrator.The update addresses this…

  • CVE-2019-0727HigMay 16, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Diagnostic Hub…

  • CVE-2019-0707HigMay 16, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it.To exploit the vulnerability, in a local attack scenario, an attacker could run a specially…

  • CVE-2019-10112HigMay 16, 2019
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived.

  • CVE-2019-10114HigMay 16, 2019
    risk 0.49cvss 7.5epss 0.02

    An Information Exposure issue (issue 2 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. During the OAuth authentication process, the application attempts to validate a parameter in an insecure way,…

  • CVE-2019-10113HigMay 16, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Making concurrent GET /api/v4/projects//languages requests may allow Uncontrolled Resource Consumption.

  • CVE-2018-17048HigMay 16, 2019
    risk 0.49cvss 7.5epss 0.02

    admin/Lib/Action/FpluginAction.class.php in FDCMS (aka Fangfa Content Manage System) 4.2 allows SQL Injection.

  • CVE-2019-12138HigMay 16, 2019
    risk 0.51cvss 7.8epss 0.01

    MacDown 0.7.1 allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note.

  • CVE-2019-12137HigMay 16, 2019
    risk 0.54cvss 7.8epss 0.06

    Typora 0.9.9.24.6 on macOS allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note.

  • CVE-2019-1858HigMay 16, 2019
    risk 0.56cvss 8.6epss 0.03

    A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application to leak system memory, which could cause an affected device to…

  • CVE-2019-1849HigMay 16, 2019
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the Border Gateway Patrol (BGP) Multiprotocol Label Switching (MPLS)-based Ethernet VPN (EVPN) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The…

  • CVE-2019-1846HigMay 16, 2019
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the Multiprotocol Label Switching (MPLS) Operations, Administration, and Maintenance (OAM) implementation of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to trigger a denial of…

  • CVE-2019-1825HigMay 16, 2019
    risk 0.53cvss 8.1epss 0.02

    A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly…

  • CVE-2019-1824HigMay 16, 2019
    risk 0.53cvss 8.1epss 0.02

    A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly…

  • CVE-2019-1823HigMay 16, 2019
    risk 0.58cvss 8.8epss 0.04

    A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This…

  • CVE-2019-1822HigMay 16, 2019
    risk 0.47cvss 7.2epss 0.04

    A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This…

  • CVE-2019-1821HigMay 16, 2019
    risk 0.68cvss 8.8epss 0.98

    A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This…

  • CVE-2019-1814HigMay 16, 2019
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the interactions between the DHCP and TFTP features for Cisco Small Business 300 Series (Sx300) Managed Switches could allow an unauthenticated, remote attacker to cause the device to become low on system memory, which in turn could lead to an unexpected…

  • CVE-2019-12111HigMay 15, 2019
    risk 0.00cvss 7.5epss 0.03

    A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c.

  • CVE-2019-12110HigMay 15, 2019
    risk 0.00cvss 7.5epss 0.03

    An AddPortMapping Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in upnpredirect.c.

  • CVE-2019-12109HigMay 15, 2019
    risk 0.00cvss 7.5epss 0.03

    A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for rem_port.

  • CVE-2019-12108HigMay 15, 2019
    risk 0.00cvss 7.5epss 0.03

    A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port.

  • CVE-2019-12107HigMay 15, 2019
    risk 0.00cvss 7.5epss 0.03

    The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd through 2.1 allows a remote attacker to leak information from the heap due to improper validation of an snprintf return value.

  • CVE-2019-12106HigMay 15, 2019
    risk 0.00cvss 7.5epss 0.03

    The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and 1.5 allows a remote attacker to crash the process due to a Use After Free vulnerability.

  • CVE-2019-12098HigMay 15, 2019
    risk 0.41cvss 7.4epss 0.02

    In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.

  • CVE-2019-1806HigMay 15, 2019
    risk 0.50cvss 7.7epss 0.02

    A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Small Business Sx200, Sx300, Sx500, ESW2 Series Managed Switches and Small Business Sx250, Sx350, Sx550 Series Switches could allow an authenticated, remote attacker to cause the…

  • CVE-2019-9196HigMay 15, 2019
    risk 0.49cvss 7.5epss 0.02

    The Face authentication component in Aware mobile liveness 2.2.1 sdk 2.2.0 for Knomi allows a Biometrical Liveness authentication bypass via parameter tampering of the /knomi/analyze security_level field.

  • CVE-2019-1773HigMay 15, 2019
    risk 0.51cvss 7.8epss 0.02

    A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates…

  • CVE-2019-1772HigMay 15, 2019
    risk 0.51cvss 7.8epss 0.02

    A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates…

  • CVE-2019-1771HigMay 15, 2019
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates…

  • CVE-2019-1735HigMay 15, 2019
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments…

  • CVE-2019-10640HigMay 15, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption.

  • CVE-2019-11224HigMay 15, 2019
    risk 0.58cvss 8.8epss 0.07

    HARMAN AMX MVP5150 v2.87.13 devices allow remote OS Command Injection.

  • CVE-2019-1726HigMay 15, 2019
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to access internal services that should be restricted on an affected device, such as the NX-API. The vulnerability is due to insufficient validation of arguments passed to a certain…

  • CVE-2019-1717HigMay 15, 2019
    risk 0.50cvss 7.5epss 0.10

    A vulnerability in the web-based management interface of Cisco Video Surveillance Manager could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to improper validation of parameters handled by the web-based management interface.…

  • CVE-2019-8936HigMay 15, 2019
    risk 0.49cvss 7.5epss 0.06

    NTP through 4.2.8p12 has a NULL Pointer Dereference.

  • CVE-2019-5598HigMay 15, 2019
    risk 0.49cvss 7.5epss 0.03

    In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in pf does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol…

  • CVE-2019-5526HigMay 15, 2019
    risk 0.54cvss 7.8epss 0.09

    VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a…

  • CVE-2019-3586HigMay 15, 2019
    risk 0.49cvss 7.5epss 0.01

    Protection Mechanism Failure in the Firewall in McAfee Endpoint Security (ENS) 10.x prior to 10.6.1 May 2019 update allows context-dependent attackers to circumvent ENS protection where GTI flagged IP addresses are not blocked by the ENS Firewall via specially crafted malicious…

  • CVE-2019-12101HigMay 15, 2019
    risk 0.49cvss 7.5epss 0.02

    coap_decode_option in coap.c in LibNyoci 0.07.00rc1 mishandles certain packets with "Uri-Path: (null)" and consequently allows remote attackers to cause a denial of service (segmentation fault).

  • CVE-2019-12099HigMay 14, 2019
    risk 0.62cvss 8.8epss 0.18

    In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/form_fileinput.php and includes/classes/PHPFusion/Installer/Lib/Core.settings.inc mishandle executable files during avatar upload.