VYPR

CVEs

100,082 total · page 1623 of 2,002

  • CVE-2019-6481HigMar 29, 2019
    risk 0.49cvss 7.5epss 0.02

    Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor Auth Bypass" attacks by using the "Perform a right-click operation to access a forgotten dev menu to insert user passwords that otherwise would require the user to accept a second-factor request in a mobile…

  • CVE-2019-10477HigMar 29, 2019
    risk 0.00cvss 7.5epss 0.02

    The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 for GLPI 9.4.x mishandles sendXML actions.

  • CVE-2017-18111HigMar 29, 2019
    risk 0.57cvss 8.7epss 0.02

    The OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before version 5.1.3, and from version 5.2.0 before version 5.2.6 used an XML document builder that was vulnerable to XXE when consuming a client OAuth request. This allowed malicious oauth…

  • CVE-2017-18108HigMar 29, 2019
    risk 0.47cvss 7.2epss 0.02

    The administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights to execute arbitrary code via a JNDI injection.

  • CVE-2017-18106HigMar 29, 2019
    risk 0.49cvss 7.5epss 0.01

    The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in a different directory, this allows remote attackers who can authenticate to Crowd or an application using Crowd for…

  • CVE-2017-18105HigMar 29, 2019
    risk 0.53cvss 8.1epss 0.01

    The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via…

  • CVE-2019-0225HigMar 28, 2019
    risk 0.50cvss 7.5epss 0.10

    A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details.

  • CVE-2019-0222HigMar 28, 2019
    risk 0.43cvss 7.5epss 0.12

    In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.

  • CVE-2019-0212HigMar 28, 2019
    risk 0.49cvss 7.5epss 0.04

    In all previously released Apache HBase 2.x versions (2.0.0-2.0.4, 2.1.0-2.1.3), authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions…

  • CVE-2019-6605HigMar 28, 2019
    risk 0.49cvss 7.5epss 0.02

    On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, and 12.0.x, an undisclosed sequence of packets received by an SSL virtual server and processed by an associated Client SSL or Server SSL profile may cause a denial of service.

  • CVE-2019-6603HigMar 28, 2019
    risk 0.49cvss 7.5epss 0.02

    In BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0.1, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual…

  • CVE-2019-6602HigMar 28, 2019
    risk 0.49cvss 7.5epss 0.02

    In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility login page may not follow best security practices when handling a malicious request.

  • CVE-2019-9166HigMar 28, 2019
    risk 0.51cvss 7.8epss 0.01

    Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php.

  • CVE-2019-9202HigMar 28, 2019
    risk 0.59cvss 8.8epss 0.24

    Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated users to execute arbitrary code via API key issues.

  • CVE-2019-3710HigMar 28, 2019
    risk 0.53cvss 8.1epss 0.01

    Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthenticated remote attacker with the knowledge of the default keys may potentially…

  • CVE-2019-1003048HigMar 28, 2019
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration.

  • CVE-2019-1003044HigMar 28, 2019
    risk 0.39cvss 7.1epss 0.01

    A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

  • CVE-2019-1003043HigMar 28, 2019
    risk 0.42cvss 7.5epss 0.01

    A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in…

  • CVE-2019-9164HigMar 28, 2019
    risk 0.61cvss 8.8epss 0.46

    Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job.

  • CVE-2019-5739HigMar 28, 2019
    risk 0.49cvss 7.5epss 0.05

    Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of…

  • CVE-2019-5737HigMar 28, 2019
    risk 0.50cvss 7.5epss 0.16

    In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection…

  • CVE-2018-19879HigMar 28, 2019
    risk 0.46cvss 7.1epss 0.01

    An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to…

  • CVE-2018-6330HigMar 28, 2019
    risk 0.57cvss 8.8epss 0.02

    Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters.

  • CVE-2018-20678HigMar 28, 2019
    risk 0.50cvss 8.8epss 0.01

    LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search.

  • CVE-2019-5674HigMar 28, 2019
    risk 0.46cvss 7.0epss 0.01

    NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of…

  • CVE-2018-20144HigMar 28, 2019
    risk 0.49cvss 7.5epss 0.02

    GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x before 11.4.11, and 11.5.x before 11.5.4 has Incorrect Access Control.

  • CVE-2019-7524HigMar 28, 2019
    risk 0.50cvss 8.8epss 0.01

    In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.

  • CVE-2019-6542HigMar 28, 2019
    risk 0.49cvss 7.5epss 0.02

    ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior to (70044,70050,70060)_update_05032019-482 allows an unauthenticated user to initiate a remote reboot, which may be used to cause a denial of service condition.

  • CVE-2019-3869HigMar 28, 2019
    risk 0.00cvss 7.2epss 0.01

    When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges.

  • CVE-2019-1756HigMar 28, 2019
    risk 0.47cvss 7.2epss 0.04

    A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input.…

  • CVE-2019-1754HigMar 28, 2019
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the authorization subsystem of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to improper validation of user privileges of web UI…

  • CVE-2019-1753HigMar 28, 2019
    risk 0.58cvss 8.8epss 0.04

    A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to a failure to validate and sanitize input in Web Services…

  • CVE-2019-1752HigMar 28, 2019
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of specific values in the Q.931 information elements. An attacker…

  • CVE-2019-1751HigMar 28, 2019
    risk 0.56cvss 8.6epss 0.03

    A vulnerability in the Network Address Translation 64 (NAT64) functions of Cisco IOS Software could allow an unauthenticated, remote attacker to cause either an interface queue wedge or a device reload. The vulnerability is due to the incorrect handling of certain IPv4 packet…

  • CVE-2019-1750HigMar 28, 2019
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the Easy Virtual Switching System (VSS) of Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an unauthenticated, adjacent attacker to cause the switches to reload. The vulnerability is due to incomplete error handling when processing Cisco…

  • CVE-2019-1749HigMar 28, 2019
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the ingress traffic validation of Cisco IOS XE Software for Cisco Aggregation Services Router (ASR) 900 Route Switch Processor 3 (RSP3) could allow an unauthenticated, adjacent attacker to trigger a reload of an affected device, resulting in a denial of…

  • CVE-2019-1748HigMar 28, 2019
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently…

  • CVE-2019-1747HigMar 28, 2019
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the implementation of the Short Message Service (SMS) handling functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability…

  • CVE-2019-1746HigMar 28, 2019
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the Cluster Management Protocol (CMP) processing code in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to…

  • CVE-2019-1745HigMar 28, 2019
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit…

  • CVE-2019-1743HigMar 28, 2019
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem of the affected device. The vulnerability is due to improper input validation. An attacker could exploit this…

  • CVE-2019-1741HigMar 28, 2019
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a logic error that exists when handling a malformed incoming…

  • CVE-2019-1740HigMar 28, 2019
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability are due to a parsing issue on DNS packets. An…

  • CVE-2019-1739HigMar 28, 2019
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An…

  • CVE-2019-1738HigMar 28, 2019
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An…

  • CVE-2019-1737HigMar 27, 2019
    risk 0.56cvss 8.6epss 0.03

    A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The…

  • CVE-2018-19648HigMar 27, 2019
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in ADTRAN PMAA 1.6.2-1, 1.6.3, and 1.6.4. NETCONF Access Management (NACM) allows unprivileged users to create privileged users and execute arbitrary commands via the use of the diagnostic-profile over RESTCONF.

  • CVE-2018-3613HigMar 27, 2019
    risk 0.51cvss 7.8epss 0.00

    Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

  • CVE-2018-12545HigMar 27, 2019
    risk 0.49cvss 7.5epss 0.05

    In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory…

  • CVE-2018-12180HigMar 27, 2019
    risk 0.57cvss 8.8epss 0.02

    Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.