VYPR

CVEs

100,082 total · page 1630 of 2,002

  • CVE-2019-8267HigMar 8, 2019
    risk 0.49cvss 7.5epss 0.02

    UltraVNC revision 1207 has out-of-bounds read vulnerability in VNC client code inside TextChat module, which results in a denial of service (DoS) condition. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1208.

  • CVE-2019-1003039HigMar 8, 2019
    risk 0.57cvss 8.8epss 0.01

    An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain passwords configured in jobs to…

  • CVE-2019-1003038HigMar 8, 2019
    risk 0.51cvss 7.8epss 0.00

    An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java,…

  • CVE-2019-1003033HigMar 8, 2019
    risk 0.50cvss 8.8epss 0.03

    A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM.

  • CVE-2017-3164HigMar 8, 2019
    risk 0.50cvss 7.5epss 0.19

    Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.

  • CVE-2019-5015HigMar 8, 2019
    risk 0.51cvss 7.8epss 0.01

    A local privilege escalation vulnerability exists in the Mac OS X version of Pixar Renderman 22.3.0's Install Helper helper tool. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine for a…

  • CVE-2019-1606HigMar 8, 2019
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI…

  • CVE-2019-1605HigMar 8, 2019
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to incorrect input validation in the NX-API feature. An attacker could exploit this vulnerability by sending a…

  • CVE-2018-4054HigMar 8, 2019
    risk 0.51cvss 7.8epss 0.01

    A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine…

  • CVE-2019-9627HigMar 8, 2019
    risk 0.46cvss 7.0epss 0.00

    A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path.

  • CVE-2019-1604HigMar 8, 2019
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the user account management interface of Cisco NX-OS Software could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to an incorrect authorization check of user accounts and their associated…

  • CVE-2019-1603HigMar 8, 2019
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to escalate lower-level privileges to the administrator level. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by…

  • CVE-2019-1602HigMar 8, 2019
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive data that could be used to elevate their privileges to administrator. The vulnerability is due to improper implementation of filesystem…

  • CVE-2019-1601HigMar 8, 2019
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted…

  • CVE-2018-20236HigMar 8, 2019
    risk 0.58cvss 8.8epss 0.06

    There was an command injection vulnerability in Sourcetree for Windows from version 0.5a before version 3.0.10 via URI handling. A remote attacker could send a malicious URI to a victim using Sourcetree for Windows to exploit this issue to gain code execution on the system.

  • CVE-2018-20235HigMar 8, 2019
    risk 0.58cvss 8.8epss 0.07

    There was an argument injection vulnerability in Atlassian Sourcetree for Windows from version 0.5a before version 3.0.15 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to…

  • CVE-2018-20234HigMar 8, 2019
    risk 0.58cvss 8.8epss 0.06

    There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit…

  • CVE-2019-3780HigMar 8, 2019
    risk 0.57cvss 8.8epss 0.01

    Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. A malicious user with access to the k8s nodes can obtain IAAS credentials allowing the user to escalate privileges to gain access to the…

  • CVE-2019-3779HigMar 8, 2019
    risk 0.57cvss 8.8epss 0.01

    Cloud Foundry Container Runtime, versions prior to 0.29.0, deploys Kubernetes clusters utilize the same CA (Certificate Authority) to sign and trust certs for ETCD as used by the Kubernetes API. This could allow a user authenticated with a cluster to request a signed certificate…

  • CVE-2019-9634HigMar 8, 2019
    risk 0.51cvss 7.8epss 0.03

    Go through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection.

  • CVE-2019-9632HigMar 8, 2019
    risk 0.52cvss 7.5epss 0.40

    ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request.

  • CVE-2019-9185HigMar 7, 2019
    risk 0.00cvss 8.8epss 0.03

    Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension.

  • CVE-2019-8437HigMar 7, 2019
    risk 0.57cvss 8.8epss 0.01

    njiandan-cms through 2013-05-23 has index.php/admin/user_new CSRF to add an administrator.

  • CVE-2019-7175HigMar 7, 2019
    risk 0.42cvss 7.5epss 0.03

    In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.

  • CVE-2019-6710HigMar 7, 2019
    risk 0.60cvss 8.8epss 0.03

    Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF.

  • CVE-2018-18449HigMar 7, 2019
    risk 0.57cvss 8.8epss 0.01

    EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339.

  • CVE-2018-17429HigMar 7, 2019
    risk 0.57cvss 8.8epss 0.01

    /console/account/manage.php?type=action&action=add in JTBC v3.0(C) has CSRF for adding an administrator account.

  • CVE-2018-17420HigMar 7, 2019
    risk 0.47cvss 7.2epss 0.01

    An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter.

  • CVE-2018-17419HigMar 7, 2019
    risk 0.42cvss 7.5epss 0.02

    An issue was discovered in setTA in scan_rr.go in the Miek Gieben DNS library before 1.0.10 for Go. A dns.ParseZone() parsing error causes a segmentation violation, leading to denial of service.

  • CVE-2018-17418HigMar 7, 2019
    risk 0.47cvss 7.2epss 0.03

    Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbidden_types variable.

  • CVE-2018-17416HigMar 7, 2019
    risk 0.47cvss 7.2epss 0.01

    A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter.

  • CVE-2018-17415HigMar 7, 2019
    risk 0.57cvss 8.8epss 0.01

    zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter.

  • CVE-2018-17414HigMar 7, 2019
    risk 0.57cvss 8.8epss 0.01

    zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter.

  • CVE-2017-12447HigMar 7, 2019
    risk 0.51cvss 7.8epss 0.01

    GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder.

  • CVE-2013-7468HigMar 7, 2019
    risk 0.53cvss 8.1epss 0.02

    Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter.

  • CVE-2013-7466HigMar 7, 2019
    risk 0.58cvss 8.8epss 0.04

    Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation.

  • CVE-2019-8986HigMar 7, 2019
    risk 0.50cvss 7.7epss 0.01

    The SOAP API component vulnerability of TIBCO Software Inc.'s TIBCO JasperReports Server, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that may allow a malicious authenticated user to copy text files from the host operating system. Affected…

  • CVE-2018-18816HigMar 7, 2019
    risk 0.52cvss 8.0epss 0.01

    The repository component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS contains a…

  • CVE-2018-18808HigMar 7, 2019
    risk 0.57cvss 8.8epss 0.02

    The domain management component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS…

  • CVE-2019-1599HigMar 7, 2019
    risk 0.57cvss 8.6epss 0.14

    A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to an issue with allocating and freeing memory buffers in the network stack.…

  • CVE-2019-1598HigMar 7, 2019
    risk 0.56cvss 8.6epss 0.03

    Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service…

  • CVE-2019-1597HigMar 7, 2019
    risk 0.56cvss 8.6epss 0.03

    Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service…

  • CVE-2019-1596HigMar 7, 2019
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level to root. The attacker must authenticate with valid user credentials. The vulnerability is due to incorrect permissions of a…

  • CVE-2019-3784HigMar 7, 2019
    risk 0.53cvss 8.2epss 0.01

    Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the…

  • CVE-2019-3783HigMar 7, 2019
    risk 0.57cvss 8.8epss 0.01

    Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user.

  • CVE-2019-3781HigMar 7, 2019
    risk 0.57cvss 8.8epss 0.01

    Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a users password.

  • CVE-2019-3777HigMar 7, 2019
    risk 0.52cvss 8.0epss 0.02

    Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL certs. A remote unauthenticated attacker that could hijack the Cloud Controller's…

  • CVE-2019-3776HigMar 7, 2019
    risk 0.47cvss 7.2epss 0.01

    Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user…

  • CVE-2019-3775HigMar 7, 2019
    risk 0.46cvss 7.1epss 0.01

    Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user.

  • CVE-2019-3712HigMar 7, 2019
    risk 0.53cvss 8.2epss 0.01

    Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wyse ThinLinux HAgent versions prior to 5.4.55 00.10 contain a buffer overflow vulnerability. An unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on the system with…