VYPR

CVEs

100,082 total · page 1631 of 2,002

  • CVE-2018-11783HigMar 7, 2019
    risk 0.49cvss 7.5epss 0.02

    sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to…

  • CVE-2019-9625HigMar 7, 2019
    risk 0.60cvss 8.8epss 0.02

    JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to create a new admin account.

  • CVE-2019-9624HigMar 7, 2019
    risk 0.56cvss 7.8epss 0.24

    Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI.

  • CVE-2019-9617HigMar 6, 2019
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadFile URI.

  • CVE-2019-9616HigMar 6, 2019
    risk 0.47cvss 7.2epss 0.03

    An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadScrawl URI.

  • CVE-2019-9615HigMar 6, 2019
    risk 0.47cvss 7.2epss 0.01

    An issue was discovered in OFCMS before 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java.

  • CVE-2019-9614HigMar 6, 2019
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in OFCMS before 1.1.3. A command execution vulnerability exists via a template file with '<#assign ex="freemarker.template.utility.Execute"?new()> ${ ex("' followed by the command.

  • CVE-2019-9613HigMar 6, 2019
    risk 0.47cvss 7.2epss 0.03

    An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadVideo URI.

  • CVE-2019-9612HigMar 6, 2019
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/upload URI.

  • CVE-2019-9609HigMar 6, 2019
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/editUploadImage URI.

  • CVE-2019-9608HigMar 6, 2019
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadImage URI.

  • CVE-2019-1595HigMar 6, 2019
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an incorrect allocation of…

  • CVE-2019-1594HigMar 6, 2019
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input validation of Extensible Authentication…

  • CVE-2019-1593HigMar 6, 2019
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to escalate their privilege level by executing commands authorized to other user roles. The attacker must authenticate with valid user credentials. The…

  • CVE-2019-1591HigMar 6, 2019
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in a specific CLI command implementation of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escape a restricted shell on an affected device. The vulnerability is due to insufficient sanitization of user-supplied…

  • CVE-2019-1543HigMar 6, 2019
    risk 0.49cvss 7.4epss 0.06

    ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12…

  • CVE-2019-9601HigMar 6, 2019
    risk 0.52cvss 7.5epss 0.08

    The ApowerManager application through 3.1.7 for Android allows remote attackers to cause a denial of service via many simultaneous /?Key=PhoneRequestAuthorization requests.

  • CVE-2019-9600HigMar 6, 2019
    risk 0.52cvss 7.5epss 0.08

    The Olive Tree FTP Server (aka com.theolivetree.ftpserver) application through 1.32 for Android allows remote attackers to cause a denial of service via a client that makes many connection attempts and drops certain packets.

  • CVE-2019-9599HigMar 6, 2019
    risk 0.53cvss 7.5epss 0.13

    The AirDroid application through 4.2.1.6 for Android allows remote attackers to cause a denial of service (service crash) via many simultaneous sdctl/comm/lite_auth/ requests.

  • CVE-2019-0200HigMar 6, 2019
    risk 0.49cvss 7.5epss 0.04

    A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 (AMQP 0-8, 0-9, 0-91…

  • CVE-2019-9590HigMar 6, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered on TENGCONTROL T-920 PLC v5.5 devices. It allows remote attackers to cause a denial of service (persistent failure mode) by sending a series of \x19\xb2\x00\x00\x00\x06\x43\x01\x00\xac\xff\x00 (aka UID 0x43) requests to TCP port 502.

  • CVE-2019-9589HigMar 6, 2019
    risk 0.51cvss 7.8epss 0.01

    There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault)…

  • CVE-2019-9588HigMar 6, 2019
    risk 0.51cvss 7.8epss 0.01

    There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified…

  • CVE-2019-9587HigMar 6, 2019
    risk 0.51cvss 7.8epss 0.01

    There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other…

  • CVE-2019-9581HigMar 6, 2019
    risk 0.61cvss 8.8epss 0.13

    phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension.

  • CVE-2019-9578HigMar 5, 2019
    risk 0.00cvss 7.5epss 0.02

    In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device.

  • CVE-2019-8336HigMar 5, 2019
    risk 0.46cvss 8.1epss 0.01

    HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "" as its secret is used in unusual…

  • CVE-2019-0741HigMar 5, 2019
    risk 0.49cvss 7.5epss 0.07

    An information disclosure vulnerability exists in the way Azure IoT Java SDK logs sensitive information, aka 'Azure IoT Java SDK Information Disclosure Vulnerability'.

  • CVE-2019-0728HigMar 5, 2019
    risk 0.53cvss 7.8epss 0.28

    A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'.

  • CVE-2019-0724HigMar 5, 2019
    risk 0.58cvss 8.1epss 0.24

    An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0686.

  • CVE-2019-0686HigMar 5, 2019
    risk 0.49cvss 7.4epss 0.05

    An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0724.

  • CVE-2019-0675HigMar 5, 2019
    risk 0.52cvss 7.8epss 0.15

    A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0671, CVE-2019-0672,…

  • CVE-2019-0674HigMar 5, 2019
    risk 0.52cvss 7.8epss 0.18

    A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0671, CVE-2019-0672,…

  • CVE-2019-0673HigMar 5, 2019
    risk 0.52cvss 7.8epss 0.15

    A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0671, CVE-2019-0672,…

  • CVE-2019-0672HigMar 5, 2019
    risk 0.52cvss 7.8epss 0.15

    A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0671, CVE-2019-0673,…

  • CVE-2019-0671HigMar 5, 2019
    risk 0.52cvss 7.8epss 0.15

    A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0672, CVE-2019-0673,…

  • CVE-2019-0668HigMar 5, 2019
    risk 0.58cvss 8.8epss 0.04

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.

  • CVE-2019-0662HigMar 5, 2019
    risk 0.58cvss 8.8epss 0.15

    A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0618.

  • CVE-2019-0659HigMar 5, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'.

  • CVE-2019-0656HigMar 5, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.

  • CVE-2019-0655HigMar 5, 2019
    risk 0.50cvss 7.5epss 0.13

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605,…

  • CVE-2019-0652HigMar 5, 2019
    risk 0.50cvss 7.5epss 0.11

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605,…

  • CVE-2019-0651HigMar 5, 2019
    risk 0.50cvss 7.5epss 0.11

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605,…

  • CVE-2019-0650HigMar 5, 2019
    risk 0.50cvss 7.5epss 0.19

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0634, CVE-2019-0645.

  • CVE-2019-0649HigMar 5, 2019
    risk 0.46cvss 8.1epss 0.04

    A vulnerability exists in Microsoft Chakra JIT server, aka 'Scripting Engine Elevation of Privileged Vulnerability'.

  • CVE-2019-0645HigMar 5, 2019
    risk 0.50cvss 7.5epss 0.10

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0634, CVE-2019-0650.

  • CVE-2019-0644HigMar 5, 2019
    risk 0.50cvss 7.5epss 0.11

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605,…

  • CVE-2019-0642HigMar 5, 2019
    risk 0.50cvss 7.5epss 0.11

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605,…

  • CVE-2019-0640HigMar 5, 2019
    risk 0.50cvss 7.5epss 0.11

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605,…

  • CVE-2019-0637HigMar 5, 2019
    risk 0.49cvss 7.5epss 0.04

    A security feature bypass vulnerability exists when Windows Defender Firewall incorrectly applies firewall profiles to cellular network connections, aka 'Windows Defender Firewall Security Feature Bypass Vulnerability'.