VYPR

CVEs

100,082 total · page 1626 of 2,002

  • CVE-2015-6457HigMar 21, 2019
    risk 0.57cvss 8.8epss 0.03

    Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.

  • CVE-2018-13798HigMar 21, 2019
    risk 0.49cvss 7.5epss 0.02

    A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V14), SICAM A8000 CP-802X (All versions < V14), SICAM A8000 CP-8050 (All versions < V2.00). Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker…

  • CVE-2018-3968HigMar 21, 2019
    risk 0.46cvss 7.0epss 0.00

    An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel,…

  • CVE-2017-16255HigMar 21, 2019
    risk 0.53cvss 8.1epss 0.01

    An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an…

  • CVE-2017-16254HigMar 21, 2019
    risk 0.53cvss 8.1epss 0.01

    An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an…

  • CVE-2017-16253HigMar 21, 2019
    risk 0.53cvss 8.1epss 0.01

    An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012 for the cc channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based…

  • CVE-2019-6491HigMar 21, 2019
    risk 0.57cvss 8.8epss 0.01

    RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection.

  • CVE-2018-4030HigMar 21, 2019
    risk 0.49cvss 7.5epss 0.01

    An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall, version 7003. The bug lies in the way the safe browsing function parses HTTP requests. The "Host" header is incorrectly extracted from captured HTTP requests, which would allow an attacker…

  • CVE-2018-4011HigMar 21, 2019
    risk 0.49cvss 7.5epss 0.01

    An exploitable integer underflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall, version 7003. When parsing SRV records in an mDNS packet, the "RDLENGTH" value is handled incorrectly, leading to an out-of-bounds access that crashes the mdnscap process. An…

  • CVE-2018-3969HigMar 21, 2019
    risk 0.51cvss 7.8epss 0.01

    An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots and firmware updates, and thus allow for executing unverified commands. To trigger…

  • CVE-2018-3963HigMar 21, 2019
    risk 0.52cvss 8.0epss 0.03

    An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall. When adding a new static DHCP address, its corresponding hostname is inserted into the dhcpd.conf file without prior sanitization, allowing for arbitrary execution…

  • CVE-2019-9897HigMar 21, 2019
    risk 0.49cvss 7.5epss 0.03

    Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.

  • CVE-2019-9896HigMar 21, 2019
    risk 0.51cvss 7.8epss 0.01

    In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.

  • CVE-2019-9894HigMar 21, 2019
    risk 0.49cvss 7.5epss 0.02

    A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.

  • CVE-2019-9878HigMar 21, 2019
    risk 0.51cvss 7.8epss 0.01

    There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of…

  • CVE-2019-9877HigMar 21, 2019
    risk 0.51cvss 7.8epss 0.01

    There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation…

  • CVE-2019-9868HigMar 21, 2019
    risk 0.47cvss 7.2epss 0.01

    An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator.

  • CVE-2019-9867HigMar 21, 2019
    risk 0.47cvss 7.2epss 0.01

    An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator.

  • CVE-2019-7433HigMar 21, 2019
    risk 0.57cvss 8.8epss 0.01

    PHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.

  • CVE-2019-7391HigMar 21, 2019
    risk 0.61cvss 8.8epss 0.14

    ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF.

  • CVE-2019-7385HigMar 21, 2019
    risk 0.55cvss 7.8epss 0.12

    An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below, The values of the newpass and confpass parameters in…

  • CVE-2019-7384HigMar 21, 2019
    risk 0.51cvss 7.8epss 0.04

    An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below. The value of the fmgpon_loid parameter is used in a system…

  • CVE-2019-7383HigMar 21, 2019
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered on Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W devices with firmware V1.1-R2.1_TRUNK-20181105.bin. A shell command injection occurs by editing the description of an ISP file. The file network/isp/isp_update_edit.php does not properly validate user…

  • CVE-2019-7221HigMar 21, 2019
    risk 0.44cvss 7.8epss 0.01

    The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.

  • CVE-2019-7161HigMar 21, 2019
    risk 0.49cvss 7.5epss 0.06

    An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704. It uses fixed ciphering keys to protect information, giving the capacity for an attacker to decipher any protected data.

  • CVE-2019-6973HigMar 21, 2019
    risk 0.53cvss 7.5epss 0.14

    Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) with a timeout of several seconds.

  • CVE-2019-6970HigMar 21, 2019
    risk 0.42cvss 7.5epss 0.01

    Moodle 3.5.x before 3.5.4 allows SSRF.

  • CVE-2019-6967HigMar 21, 2019
    risk 0.61cvss 8.8epss 0.14

    AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF.

  • CVE-2019-6778HigMar 21, 2019
    risk 0.51cvss 7.8epss 0.01

    In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.

  • CVE-2019-6731HigMar 21, 2019
    risk 0.57cvss 8.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists…

  • CVE-2019-6730HigMar 21, 2019
    risk 0.58cvss 8.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within…

  • CVE-2019-6729HigMar 21, 2019
    risk 0.57cvss 8.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within…

  • CVE-2019-6727HigMar 21, 2019
    risk 0.58cvss 8.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within…

  • CVE-2019-6724HigMar 21, 2019
    risk 0.51cvss 7.8epss 0.01

    The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root.

  • CVE-2019-6690HigMar 21, 2019
    risk 0.49cvss 7.5epss 0.09

    python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input…

  • CVE-2019-6282HigMar 21, 2019
    risk 0.60cvss 8.8epss 0.03

    ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password.

  • CVE-2019-6279HigMar 21, 2019
    risk 0.61cvss 8.8epss 0.08

    ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have an Incorrect Access Control vulnerability via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password.

  • CVE-2019-6275HigMar 21, 2019
    risk 0.61cvss 8.8epss 0.13

    Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.

  • CVE-2019-6274HigMar 21, 2019
    risk 0.61cvss 8.8epss 0.11

    Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences.

  • CVE-2019-6272HigMar 21, 2019
    risk 0.61cvss 8.8epss 0.13

    Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.

  • CVE-2019-6116HigMar 21, 2019
    risk 0.57cvss 7.8epss 0.44

    In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.

  • CVE-2019-5885HigMar 21, 2019
    risk 0.00cvss 7.5epss 0.02

    Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users.

  • CVE-2019-5729HigMar 21, 2019
    risk 0.53cvss 8.1epss 0.01

    Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS server certificates, which could result in man-in-the-middle attacks.

  • CVE-2019-5417HigMar 21, 2019
    risk 0.49cvss 7.5epss 0.02

    A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server.

  • CVE-2019-5416HigMar 21, 2019
    risk 0.49cvss 7.5epss 0.02

    A path traversal vulnerability in localhost-now npm package version 1.0.2 allows the attackers to read content of arbitrary files on the remote server.

  • CVE-2019-5415HigMar 21, 2019
    risk 0.49cvss 7.5epss 0.02

    A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to.

  • CVE-2019-5414HigMar 21, 2019
    risk 0.53cvss 8.1epss 0.02

    If an attacker can control the port, which in itself is a very sensitive value, they can inject arbitrary OS commands due to the usage of the exec function in a third-party module kill-port < 1.3.2.

  • CVE-2019-4094HigMar 21, 2019
    risk 0.51cvss 7.8epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library. IBM X-Force ID: 158014.

  • CVE-2019-3862HigMar 21, 2019
    risk 0.48cvss 7.3epss 0.08

    An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client…

  • CVE-2019-3497HigMar 21, 2019
    risk 0.58cvss 8.8epss 0.10

    An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. The tools/ping Ping feature of the Diagnostic Tools component is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user…