VYPR

CVEs

100,082 total · page 1632 of 2,002

  • CVE-2019-0634HigMar 5, 2019
    risk 0.50cvss 7.5epss 0.10

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0645, CVE-2019-0650.

  • CVE-2019-0633HigMar 5, 2019
    risk 0.58cvss 8.8epss 0.13

    A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0630.

  • CVE-2019-0632HigMar 5, 2019
    risk 0.51cvss 7.8epss 0.01

    A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Windows Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0627, CVE-2019-0631.

  • CVE-2019-0631HigMar 5, 2019
    risk 0.51cvss 7.8epss 0.01

    A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Windows Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0627, CVE-2019-0632.

  • CVE-2019-0630HigMar 5, 2019
    risk 0.59cvss 8.8epss 0.18

    A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0633.

  • CVE-2019-0627HigMar 5, 2019
    risk 0.51cvss 7.8epss 0.01

    A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Windows Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0631, CVE-2019-0632.

  • CVE-2019-0625HigMar 5, 2019
    risk 0.52cvss 7.8epss 0.16

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0598,…

  • CVE-2019-0623HigMar 5, 2019
    risk 0.51cvss 7.8epss 0.06

    An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

  • CVE-2019-0618HigMar 5, 2019
    risk 0.63cvss 8.8epss 0.67

    A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0662.

  • CVE-2019-0613HigMar 5, 2019
    risk 0.58cvss 8.8epss 0.15

    A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET…

  • CVE-2019-0610HigMar 5, 2019
    risk 0.50cvss 7.5epss 0.11

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605,…

  • CVE-2019-0607HigMar 5, 2019
    risk 0.50cvss 7.5epss 0.11

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605,…

  • CVE-2019-0606HigMar 5, 2019
    risk 0.50cvss 7.5epss 0.11

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.

  • CVE-2019-0605HigMar 5, 2019
    risk 0.50cvss 7.5epss 0.12

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0607,…

  • CVE-2019-0599HigMar 5, 2019
    risk 0.52cvss 7.8epss 0.20

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0598,…

  • CVE-2019-0598HigMar 5, 2019
    risk 0.52cvss 7.8epss 0.20

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0599,…

  • CVE-2019-0597HigMar 5, 2019
    risk 0.52cvss 7.8epss 0.16

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0596, CVE-2019-0598, CVE-2019-0599,…

  • CVE-2019-0596HigMar 5, 2019
    risk 0.52cvss 7.8epss 0.16

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0595, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599,…

  • CVE-2019-0595HigMar 5, 2019
    risk 0.52cvss 7.8epss 0.19

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599,…

  • CVE-2019-0594HigMar 5, 2019
    risk 0.58cvss 8.8epss 0.12

    A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0604.

  • CVE-2019-0593HigMar 5, 2019
    risk 0.50cvss 7.5epss 0.20

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0605, CVE-2019-0607,…

  • CVE-2019-0591HigMar 5, 2019
    risk 0.50cvss 7.5epss 0.11

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607,…

  • CVE-2019-0590HigMar 5, 2019
    risk 0.50cvss 7.5epss 0.11

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607,…

  • CVE-2019-9574HigMar 5, 2019
    risk 0.49cvss 7.5epss 0.02

    The WP Human Resource Management plugin before 2.2.6 for WordPress does not ensure that a leave modification occurs in the context of the Administrator or HR Manager role.

  • CVE-2019-9573HigMar 5, 2019
    risk 0.49cvss 7.5epss 0.02

    The WP Human Resource Management plugin before 2.2.6 for WordPress mishandles leave applications.

  • CVE-2019-3921HigMar 5, 2019
    risk 0.62cvss 8.8epss 0.18

    The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usb_Form?script/. An attacker can leverage this vulnerability to potentially…

  • CVE-2019-3920HigMar 5, 2019
    risk 0.58cvss 8.8epss 0.04

    The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/device_Form?script/.

  • CVE-2019-3919HigMar 5, 2019
    risk 0.58cvss 8.8epss 0.04

    The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/usb_restore_Form?script/.

  • CVE-2019-3917HigMar 5, 2019
    risk 0.49cvss 7.5epss 0.02

    The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 allows a remote, unauthenticated attacker to enable telnetd on the router via a crafted HTTP request.

  • CVE-2018-11793HigMar 5, 2019
    risk 0.49cvss 7.5epss 0.05

    When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service…

  • CVE-2019-6561HigMar 5, 2019
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device.

  • CVE-2019-6528HigMar 5, 2019
    risk 0.57cvss 8.8epss 0.03

    PSI GridConnect GmbH Telecontrol Gateway and Smart Telecontrol Unit family, IEC104 Security Proxy versions Telecontrol Gateway 3G Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Telecontrol Gateway XS-MU Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Telecontrol…

  • CVE-2019-6520HigMar 5, 2019
    risk 0.49cvss 7.5epss 0.02

    Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes.

  • CVE-2019-6518HigMar 5, 2019
    risk 0.49cvss 7.5epss 0.01

    Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device.

  • CVE-2018-1875HigMar 5, 2019
    risk 0.48cvss 7.4epss 0.01

    IBM InfoSphere Information Governance Catalog 11.3, 11.5, and 11.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof…

  • CVE-2019-6234HigMar 5, 2019
    risk 0.57cvss 8.8epss 0.02

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2019-6233HigMar 5, 2019
    risk 0.57cvss 8.8epss 0.02

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2019-6230HigMar 5, 2019
    risk 0.56cvss 8.6epss 0.01

    A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3,macOS Mojave 10.14.3,tvOS 12.1.2,watchOS 5.1.3. A malicious application may be able to break out of its sandbox.

  • CVE-2019-6227HigMar 5, 2019
    risk 0.57cvss 8.8epss 0.02

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code…

  • CVE-2019-6226HigMar 5, 2019
    risk 0.57cvss 8.8epss 0.02

    Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code…

  • CVE-2019-6225HigMar 5, 2019
    risk 0.56cvss 7.8epss 0.29

    A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to elevate privileges.

  • CVE-2019-6224HigMar 5, 2019
    risk 0.61cvss 8.8epss 0.09

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution.

  • CVE-2019-6223HigKEVMar 5, 2019
    risk 0.61cvss 7.5epss 0.03

    A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. The initiator of a Group FaceTime call may be able to cause the recipient to answer.

  • CVE-2019-6221HigMar 5, 2019
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, iTunes 12.9.3 for Windows. A malicious application may be able to elevate privileges.

  • CVE-2019-6219HigMar 5, 2019
    risk 0.49cvss 7.5epss 0.02

    A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. Processing a maliciously crafted message may lead to a denial of service.

  • CVE-2019-6218HigMar 5, 2019
    risk 0.54cvss 7.8epss 0.06

    A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to execute arbitrary code with kernel privileges.

  • CVE-2019-6217HigMar 5, 2019
    risk 0.57cvss 8.8epss 0.02

    Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code…

  • CVE-2019-6216HigMar 5, 2019
    risk 0.57cvss 8.8epss 0.02

    Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code…

  • CVE-2019-6215HigMar 5, 2019
    risk 0.61cvss 8.8epss 0.10

    A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2019-6214HigMar 5, 2019
    risk 0.59cvss 8.6epss 0.04

    A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to break out of its sandbox.