VYPR

CVEs

100,082 total · page 1614 of 2,002

  • CVE-2019-8999HigApr 18, 2019
    risk 0.49cvss 7.5epss 0.01

    An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account.

  • CVE-2019-10303HigApr 18, 2019
    risk 0.57cvss 8.8epss 0.01

    Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier stored credentials unencrypted in the credentials.xml file on the Jenkins master where they could be viewed by users with access to the master file system.

  • CVE-2019-10302HigApr 18, 2019
    risk 0.50cvss 8.8epss 0.01

    Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

  • CVE-2019-10301HigApr 18, 2019
    risk 0.50cvss 8.8epss 0.01

    A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained…

  • CVE-2019-10300HigApr 18, 2019
    risk 0.45cvss 8.0epss 0.01

    A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through…

  • CVE-2016-10746HigApr 18, 2019
    risk 0.42cvss 7.5epss 0.02

    libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.

  • CVE-2019-1840HigApr 18, 2019
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to restart the server and cause a denial of service (DoS) condition on the affected system. The vulnerability is due to incomplete user-supplied…

  • CVE-2019-1834HigApr 18, 2019
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the internal packet processing of Cisco Aironet Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected AP if the switch interface where the AP is connected has port security…

  • CVE-2019-1797HigApr 18, 2019
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web-based management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on the device with the privileges of the…

  • CVE-2019-1718HigApr 17, 2019
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the web interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of Secure Sockets Layer (SSL)…

  • CVE-2019-1686HigApr 17, 2019
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the TCP flags inspection feature for access control lists (ACLs) on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. The vulnerability is…

  • CVE-2019-1654HigApr 17, 2019
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the development shell (devshell) authentication for Cisco Aironet Series Access Points (APs) running the Cisco AP-COS operating system could allow an authenticated, local attacker to access the development shell without proper authentication, which allows for…

  • CVE-2019-10642HigApr 17, 2019
    risk 0.50cvss 8.8epss 0.01

    Contao 4.7 allows CSRF.

  • CVE-2019-0163HigApr 17, 2019
    risk 0.53cvss 8.2epss 0.00

    Insufficient input validation in system firmware for Intel(R) Broadwell U i5 vPro before version MYBDWi5v.86A may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access.

  • CVE-2019-0158HigApr 17, 2019
    risk 0.51cvss 7.8epss 0.00

    Insufficient path checking in the installation package for Intel(R) Graphics Performance Analyzer for Linux version 18.4 and before may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2018-18094HigApr 17, 2019
    risk 0.51cvss 7.8epss 0.00

    Improper directory permissions in installer for Intel(R) Media SDK before 2018 R2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2019-9223HigApr 17, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure.

  • CVE-2019-9222HigApr 17, 2019
    risk 0.53cvss 8.1epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.

  • CVE-2019-9220HigApr 17, 2019
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Uncontrolled Resource Consumption.

  • CVE-2019-8455HigApr 17, 2019
    risk 0.46cvss 7.1epss 0.00

    A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.

  • CVE-2019-10953HigApr 17, 2019
    risk 0.49cvss 7.5epss 0.04

    ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.

  • CVE-2019-10951HigApr 17, 2019
    risk 0.51cvss 7.8epss 0.03

    Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of…

  • CVE-2019-10947HigApr 17, 2019
    risk 0.51cvss 7.8epss 0.04

    Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur…

  • CVE-2018-7340HigApr 17, 2019
    risk 0.49cvss 7.5epss 0.01

    Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially…

  • CVE-2018-4007HigApr 17, 2019
    risk 0.46cvss 7.1epss 0.00

    An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality. The program is able to delete any protected file on the system. An attacker would need local access to the machine to successfully exploit the bug.

  • CVE-2018-4006HigApr 17, 2019
    risk 0.51cvss 7.8epss 0.01

    An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality. A non-root user is able to write a file anywhere on the system. A user with local access can use this vulnerability to raise their privileges to…

  • CVE-2018-4005HigApr 17, 2019
    risk 0.51cvss 7.8epss 0.01

    An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the configureRoutingWithCommand function. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine…

  • CVE-2018-13378HigApr 17, 2019
    risk 0.47cvss 7.2epss 0.01

    An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code.

  • CVE-2018-10959HigApr 17, 2019
    risk 0.49cvss 7.5epss 0.02

    Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an attacker's process launch.

  • CVE-2019-9499HigApr 17, 2019
    risk 0.53cvss 8.1epss 0.02

    The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of…

  • CVE-2019-9498HigApr 17, 2019
    risk 0.53cvss 8.1epss 0.02

    The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete…

  • CVE-2019-9497HigApr 17, 2019
    risk 0.53cvss 8.1epss 0.05

    The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto…

  • CVE-2019-9496HigApr 17, 2019
    risk 0.49cvss 7.5epss 0.05

    An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd…

  • CVE-2019-6575HigApr 17, 2019
    risk 0.49cvss 7.5epss 0.02

    A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC…

  • CVE-2019-6570HigApr 17, 2019
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to…

  • CVE-2019-6568HigApr 17, 2019
    risk 0.49cvss 7.5epss 0.01

    The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited…

  • CVE-2019-3883HigApr 17, 2019
    risk 0.49cvss 7.5epss 0.08

    In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into…

  • CVE-2019-3709HigApr 17, 2019
    risk 0.54cvss 8.3epss 0.02

    IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering vCenter servers. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user.

  • CVE-2019-3708HigApr 17, 2019
    risk 0.54cvss 8.3epss 0.02

    IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an OVA file. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user.

  • CVE-2018-16561HigApr 17, 2019
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in SIMATIC S7-300 CPUs (All versions < V3.X.16). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart. Successful…

  • CVE-2018-16559HigApr 17, 2019
    risk 0.49cvss 7.5epss 0.02

    A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a…

  • CVE-2018-16558HigApr 17, 2019
    risk 0.49cvss 7.5epss 0.02

    A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a…

  • CVE-2017-11430HigApr 17, 2019
    risk 0.50cvss 7.7epss 0.02

    OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to…

  • CVE-2017-11429HigApr 17, 2019
    risk 0.50cvss 7.7epss 0.02

    Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass…

  • CVE-2017-11428HigApr 17, 2019
    risk 0.50cvss 7.7epss 0.03

    OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially…

  • CVE-2017-11427HigApr 17, 2019
    risk 0.43cvss 7.7epss 0.05

    OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially…

  • CVE-2018-16966HigApr 15, 2019
    risk 0.57cvss 8.8epss 0.01

    There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.

  • CVE-2018-4009HigApr 15, 2019
    risk 0.51cvss 7.8epss 0.00

    An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to…

  • CVE-2018-4008HigApr 15, 2019
    risk 0.51cvss 7.8epss 0.00

    An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their…

  • CVE-2018-17584HigApr 15, 2019
    risk 0.57cvss 8.8epss 0.01

    The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page.