VYPR

CVEs

100,082 total · page 1628 of 2,002

  • CVE-2016-5800HigMar 21, 2019
    risk 0.49cvss 7.5epss 0.02

    A malicious attacker can trigger a remote buffer overflow in the Communication Server in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0.

  • CVE-2018-18205HigMar 15, 2019
    risk 0.49cvss 7.5epss 0.03

    Topvision CC8800 CMTS C-E devices allow remote attackers to obtain sensitive information via a direct request for /WebContent/startup.tar.gz with userName=admin in a cookie.

  • CVE-2018-17956HigMar 15, 2019
    risk 0.51cvss 7.8epss 0.00

    In yast2-samba-provision up to and including version 1.0.1 the password for samba shares was provided on the command line to tools used by yast2-samba-provision, allowing local attackers to read them in the process list

  • CVE-2018-17882HigMar 15, 2019
    risk 0.49cvss 7.5epss 0.01

    An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.

  • CVE-2018-20178HigMar 15, 2019
    risk 0.00cvss 7.5epss 0.04

    rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault).

  • CVE-2018-20176HigMar 15, 2019
    risk 0.00cvss 7.5epss 0.04

    rdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault).

  • CVE-2018-20175HigMar 15, 2019
    risk 0.00cvss 7.5epss 0.04

    rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault).

  • CVE-2018-20174HigMar 15, 2019
    risk 0.00cvss 7.5epss 0.04

    rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak.

  • CVE-2019-9833HigMar 15, 2019
    risk 0.52cvss 7.5epss 0.09

    The Screen Stream application through 3.0.15 for Android allows remote attackers to cause a denial of service via many simultaneous /start-stop requests.

  • CVE-2019-9832HigMar 15, 2019
    risk 0.52cvss 7.5epss 0.08

    The AirDrop application through 2.0 for Android allows remote attackers to cause a denial of service via a client that makes many socket connections through a configured port.

  • CVE-2019-9831HigMar 15, 2019
    risk 0.52cvss 7.5epss 0.09

    The AirMore application through 1.6.1 for Android allows remote attackers to cause a denial of service (system hang) via many simultaneous /?Key=PhoneRequestAuthorization requests.

  • CVE-2018-19393HigMar 15, 2019
    risk 0.49cvss 7.5epss 0.02

    Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system's configuration file. This was exploitable via multiple attack vectors depending on the device's configuration. Further analysis also indicated this…

  • CVE-2018-18256HigMar 15, 2019
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in CapMon Access Manager 5.4.1.1005. A regular user can obtain local administrator privileges if they run any whitelisted application through the Custom App Launcher.

  • CVE-2018-18255HigMar 15, 2019
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in CapMon Access Manager 5.4.1.1005. The client applications of AccessManagerCoreService.exe communicate with this server through named pipes. A user can initiate communication with the server by creating a named pipe and sending commands to achieve…

  • CVE-2018-18254HigMar 15, 2019
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in CapMon Access Manager 5.4.1.1005. An unprivileged user can read the cal_whitelist table in the Custom App Launcher (CAL) database, and potentially gain privileges by placing a Trojan horse program at an app pathname.

  • CVE-2018-18253HigMar 15, 2019
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe attempts to enforce access control by adding an unprivileged user to the local Administrators group for a very short time to execute a single command. However, the user is left in that group if the…

  • CVE-2018-18252HigMar 15, 2019
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe provides "NT AUTHORITY\SYSTEM" access to unprivileged users via the --system option.

  • CVE-2019-9829HigMar 15, 2019
    risk 0.57cvss 8.8epss 0.02

    Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition of .php files as templates.

  • CVE-2019-4034HigMar 14, 2019
    risk 0.57cvss 8.8epss 0.02

    IBM Content Navigator 3.0CD is could allow an attacker to execute arbitrary code on a user's workstation. When editing an executable file in ICN with Edit service, it will be executed on the user's workstation. IBM X-Force ID: 156000.

  • CVE-2019-3833HigMar 14, 2019
    risk 0.50cvss 7.5epss 0.15

    Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to…

  • CVE-2019-3816HigMar 14, 2019
    risk 0.50cvss 7.5epss 0.15

    Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request…

  • CVE-2019-0135HigMar 14, 2019
    risk 0.51cvss 7.8epss 0.00

    Improper permissions in the installer for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an authenticated user to potentially enable escalation of privilege via local access. L-SA-00206

  • CVE-2019-0129HigMar 14, 2019
    risk 0.51cvss 7.8epss 0.00

    Improper permissions for Intel(R) USB 3.0 Creator Utility all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2019-0122HigMar 14, 2019
    risk 0.46cvss 7.1epss 0.00

    Double free in Intel(R) SGX SDK for Linux before version 2.2 and Intel(R) SGX SDK for Windows before version 2.1 may allow an authenticated user to potentially enable information disclosure or denial of service via local access.

  • CVE-2019-0121HigMar 14, 2019
    risk 0.51cvss 7.8epss 0.00

    Improper permissions in Intel(R) Matrix Storage Manager 8.9.0.1023 and before may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2018-12221HigMar 14, 2019
    risk 0.51cvss 7.8epss 0.00

    Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables…

  • CVE-2018-12220HigMar 14, 2019
    risk 0.53cvss 8.2epss 0.00

    Logic bug in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a…

  • CVE-2018-12216HigMar 14, 2019
    risk 0.53cvss 8.2epss 0.00

    Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a…

  • CVE-2018-12214HigMar 14, 2019
    risk 0.53cvss 8.2epss 0.00

    Potential memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a…

  • CVE-2018-12208HigMar 14, 2019
    risk 0.49cvss 7.6epss 0.01

    Buffer overflow in HECI subsystem in Intel(R) CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel(R) TXE version before 3.1.60 or 4.0.10, or Intel(R) Server Platform Services before version 5.00.04.012 may allow an unauthenticated user to potentially execute…

  • CVE-2018-12191HigMar 14, 2019
    risk 0.49cvss 7.6epss 0.00

    Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before versions 4.00.04.383 or SPS 4.01.02.174, or Intel(R) TXE before versions 3.1.60 or 4.0.10 may allow an unauthenticated user to…

  • CVE-2018-12187HigMar 14, 2019
    risk 0.49cvss 7.5epss 0.01

    Insufficient input validation in Intel(R) Active Management Technology (Intel(R) AMT) before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially cause a denial of service via network access.

  • CVE-2019-9787HigMar 14, 2019
    risk 0.54cvss 8.8epss 0.44

    WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed…

  • CVE-2018-20801HigMar 14, 2019
    risk 0.42cvss 7.5epss 0.03

    In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of backtracking regular expressions permitted an attacker to conduct a denial of service attack against the SVGRenderer component, aka ReDoS.

  • CVE-2019-9785HigMar 14, 2019
    risk 0.51cvss 7.8epss 0.04

    gitnote 3.1.0 allows remote attackers to execute arbitrary code via a crafted Markdown file, as demonstrated by a javascript:window.parent.top.require('child_process').execFile substring in the onerror attribute of an IMG element.

  • CVE-2019-9779HigMar 14, 2019
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (earlier than CVE-2019-9776).

  • CVE-2019-9778HigMar 14, 2019
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dwg_dxf_LTYPE at dwg.spec.

  • CVE-2019-9777HigMar 14, 2019
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dxf_header_write at header_variables_dxf.spec.

  • CVE-2019-9776HigMar 14, 2019
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (later than CVE-2019-9779).

  • CVE-2019-9773HigMar 14, 2019
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the z dimension.

  • CVE-2019-9772HigMar 14, 2019
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LEADER at dwg.spec.

  • CVE-2019-9771HigMar 14, 2019
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function bit_convert_TU at bits.c.

  • CVE-2019-9770HigMar 14, 2019
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the y dimension.

  • CVE-2019-9769HigMar 14, 2019
    risk 0.60cvss 8.8epss 0.02

    PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator.

  • CVE-2019-9768HigMar 14, 2019
    risk 0.53cvss 7.5epss 0.12

    Thinkst Canarytokens through commit hash 4e89ee0 (2019-03-01) relies on limited variation in size, metadata, and timestamp, which makes it easier for attackers to estimate whether a Word document contains a token.

  • CVE-2019-9767HigMar 14, 2019
    risk 0.54cvss 7.8epss 0.08

    Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wma file.

  • CVE-2019-9766HigMar 14, 2019
    risk 0.54cvss 7.8epss 0.08

    Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .mp3 file.

  • CVE-2019-9761HigMar 14, 2019
    risk 0.49cvss 7.5epss 0.02

    An XXE issue was discovered in PHPSHE 1.7, which can be used to read any file in the system or scan the internal network without authentication. This occurs because of the call to wechat_getxml in include/plugin/payment/wechat/notify_url.php.

  • CVE-2019-6597HigMar 13, 2019
    risk 0.47cvss 7.2epss 0.01

    In BIG-IP 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on…

  • CVE-2019-6596HigMar 13, 2019
    risk 0.49cvss 7.5epss 0.01

    In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, 12.1.0-12.1.3.6, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when processing fragmented ClientHello messages in a DTLS session TMM may corrupt memory eventually leading to a crash. Only systems offering DTLS connections via APM are impacted.