VYPR

CVEs

100,082 total · page 1617 of 2,002

  • CVE-2019-0730HigApr 9, 2019
    risk 0.54cvss 7.8epss 0.04

    An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841.

  • CVE-2019-0688HigApr 9, 2019
    risk 0.49cvss 7.5epss 0.08

    An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'.

  • CVE-2019-0685HigApr 9, 2019
    risk 0.51cvss 7.8epss 0.02

    An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0803, CVE-2019-0859.

  • CVE-2019-7361HigApr 9, 2019
    risk 0.51cvss 7.8epss 0.01

    An attacker may convince a victim to open a malicious action micro (.actm) file that has serialized data, which may trigger a code execution in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk…

  • CVE-2019-7360HigApr 9, 2019
    risk 0.51cvss 7.8epss 0.02

    An exploitable use-after-free vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk…

  • CVE-2019-7359HigApr 9, 2019
    risk 0.51cvss 7.8epss 0.02

    An exploitable heap overflow vulnerability in the AcCellMargin handling code in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk…

  • CVE-2019-7358HigApr 9, 2019
    risk 0.51cvss 7.8epss 0.02

    An exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk…

  • CVE-2019-5512HigApr 9, 2019
    risk 0.60cvss 8.8epss 0.01

    VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle COM classes appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege.

  • CVE-2019-5511HigApr 9, 2019
    risk 0.57cvss 8.8epss 0.00

    VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle paths appropriately. Successful exploitation of this issue may allow the path to the VMX executable, on a Windows host, to be hijacked by a non-administrator leading to elevation of…

  • CVE-2018-18365HigApr 9, 2019
    risk 0.49cvss 7.5epss 0.01

    Norton Password Manager may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic.

  • CVE-2018-7118HigApr 9, 2019
    risk 0.51cvss 7.8epss 0.01

    A local access restriction bypass vulnerability was identified in HPE Service Pack for ProLiant (SPP) Bundled Software earlier than version 2018.09.0.

  • CVE-2019-8990HigApr 9, 2019
    risk 0.53cvss 8.1epss 0.03

    The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is…

  • CVE-2018-14894HigApr 9, 2019
    risk 0.54cvss 7.8epss 0.02

    CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file) to bypass intended access restrictions and execute blocked applications.

  • CVE-2017-3139HigApr 9, 2019
    risk 0.49cvss 7.5epss 0.02

    A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.

  • CVE-2017-17023HigApr 9, 2019
    risk 0.53cvss 8.1epss 0.01

    The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure Entry Client" 10.11 r32792. A vulnerability in the software update feature of…

  • CVE-2019-3941HigApr 9, 2019
    risk 0.49cvss 7.5epss 0.02

    Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC.

  • CVE-2019-10244HigApr 9, 2019
    risk 0.49cvss 7.5epss 0.02

    In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an improper factory and parser…

  • CVE-2018-15640HigApr 9, 2019
    risk 0.58cvss 8.8epss 0.08

    Improper access control in the Helpdesk App of Odoo Enterprise 10.0 through 12.0 allows remote authenticated attackers to obtain elevated privileges via a crafted request.

  • CVE-2017-17544HigApr 9, 2019
    risk 0.47cvss 7.2epss 0.02

    A privilege escalation vulnerability in Fortinet FortiOS 6.0.0 to 6.0.6, 5.6.0 to 5.6.10, 5.4 and below allows admin users to elevate their profile to super_admin via restoring modified configurations.

  • CVE-2019-11028HigApr 9, 2019
    risk 0.57cvss 8.8epss 0.03

    GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing authenticated attackers to upload any file type to the server via the "Documents" area. This vulnerability is related to "uploadDocFile.aspx".

  • CVE-2019-10633HigApr 9, 2019
    risk 0.57cvss 8.8epss 0.03

    An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs.

  • CVE-2019-10631HigApr 9, 2019
    risk 0.57cvss 8.8epss 0.02

    Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests.

  • CVE-2019-10630HigApr 9, 2019
    risk 0.57cvss 8.8epss 0.01

    A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated privileged user to get the admin password of the device.

  • CVE-2019-10903HigApr 9, 2019
    risk 0.49cvss 7.5epss 0.06

    In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.

  • CVE-2019-10902HigApr 9, 2019
    risk 0.49cvss 7.5epss 0.05

    In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely.

  • CVE-2019-10901HigApr 9, 2019
    risk 0.49cvss 7.5epss 0.06

    In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly.

  • CVE-2019-10900HigApr 9, 2019
    risk 0.49cvss 7.5epss 0.05

    In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely.

  • CVE-2019-10899HigApr 9, 2019
    risk 0.49cvss 7.5epss 0.06

    In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read.

  • CVE-2019-10898HigApr 9, 2019
    risk 0.49cvss 7.5epss 0.05

    In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length.

  • CVE-2019-10897HigApr 9, 2019
    risk 0.49cvss 7.5epss 0.05

    In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance.

  • CVE-2019-10896HigApr 9, 2019
    risk 0.49cvss 7.5epss 0.06

    In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes.

  • CVE-2019-10895HigApr 9, 2019
    risk 0.49cvss 7.5epss 0.06

    In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation.

  • CVE-2019-10894HigApr 9, 2019
    risk 0.49cvss 7.5epss 0.06

    In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.

  • CVE-2019-0809HigApr 9, 2019
    risk 0.52cvss 7.8epss 0.11

    A remote code execution vulnerability exists when the Visual Studio C++ Redistributable Installer improperly validates input before loading dynamic link library (DLL) files, aka 'Visual Studio Remote Code Execution Vulnerability'.

  • CVE-2019-0808HigKEVApr 9, 2019
    risk 0.70cvss 7.8epss 0.53

    An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0797.

  • CVE-2019-0797HigKEVApr 9, 2019
    risk 0.63cvss 7.8epss 0.02

    An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0808.

  • CVE-2019-0784HigApr 9, 2019
    risk 0.49cvss 7.5epss 0.08

    A remote code execution vulnerability exists in the way that the ActiveX Data objects (ADO) handles objects in memory, aka 'Windows ActiveX Remote Code Execution Vulnerability'.

  • CVE-2019-0783HigApr 9, 2019
    risk 0.49cvss 7.5epss 0.08

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769,…

  • CVE-2019-0780HigApr 9, 2019
    risk 0.49cvss 7.5epss 0.08

    A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.

  • CVE-2019-0779HigApr 9, 2019
    risk 0.49cvss 7.5epss 0.08

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'.

  • CVE-2019-0773HigApr 9, 2019
    risk 0.50cvss 7.5epss 0.10

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769,…

  • CVE-2019-0772HigApr 9, 2019
    risk 0.58cvss 8.8epss 0.13

    A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0667.

  • CVE-2019-0771HigApr 9, 2019
    risk 0.50cvss 7.5epss 0.10

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769,…

  • CVE-2019-0770HigApr 9, 2019
    risk 0.49cvss 7.5epss 0.08

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769,…

  • CVE-2019-0769HigApr 9, 2019
    risk 0.50cvss 7.5epss 0.10

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0770,…

  • CVE-2019-0766HigApr 9, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'.

  • CVE-2019-0765HigApr 9, 2019
    risk 0.58cvss 8.8epss 0.14

    A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory, aka 'Comctl32 Remote Code Execution Vulnerability'.

  • CVE-2019-0763HigApr 9, 2019
    risk 0.49cvss 7.5epss 0.08

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.

  • CVE-2019-0756HigApr 9, 2019
    risk 0.58cvss 8.8epss 0.13

    A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'.

  • CVE-2019-0748HigApr 9, 2019
    risk 0.52cvss 7.8epss 0.14

    A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'.