VYPR

CVEs

100,082 total · page 1634 of 2,002

  • CVE-2019-5665HigFeb 27, 2019
    risk 0.51cvss 7.8epss 0.01

    NVIDIA Windows GPU Display driver contains a vulnerability in the 3D vision component in which the stereo service software, when opening a file, does not check for hard links. This behavior may lead to code execution, denial of service or escalation of privileges.

  • CVE-2019-5491HigFeb 27, 2019
    risk 0.49cvss 7.5epss 0.02

    Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 are susceptible to a vulnerability which discloses sensitive information to an unauthenticated user.

  • CVE-2019-9210HigFeb 27, 2019
    risk 0.51cvss 7.8epss 0.01

    In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.)

  • CVE-2019-9200HigFeb 26, 2019
    risk 0.57cvss 8.8epss 0.03

    A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly…

  • CVE-2019-9199HigFeb 26, 2019
    risk 0.00cvss 8.8epss 0.03

    PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or…

  • CVE-2019-9192HigFeb 26, 2019
    risk 0.49cvss 7.5epss 0.02

    In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a…

  • CVE-2019-9182HigFeb 26, 2019
    risk 0.57cvss 8.8epss 0.01

    There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the filetext parameter.

  • CVE-2019-9181HigFeb 26, 2019
    risk 0.47cvss 7.2epss 0.02

    SchoolCMS version 2.3.1 allows file upload via the logo upload feature at admin.php?m=admin&c=site&a=save by using the .jpg extension, changing the Content-Type to image/php, and placing PHP code after the JPEG data. This ultimately allows execution of arbitrary PHP code.

  • CVE-2018-20796HigFeb 26, 2019
    risk 0.49cvss 7.5epss 0.06

    In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.

  • CVE-2009-5155HigFeb 26, 2019
    risk 0.42cvss 7.5epss 0.04

    In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.

  • CVE-2019-9162HigFeb 25, 2019
    risk 0.03cvss 7.8epss 0.01

    In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This…

  • CVE-2019-6265HigFeb 25, 2019
    risk 0.51cvss 7.8epss 0.01

    The Scripting and AutoUpdate functionality in Cordaware bestinformed Microsoft Windows client versions before 6.2.1.0 are affected by insecure implementations which allow remote attackers to execute arbitrary commands and escalate privileges.

  • CVE-2018-20063HigFeb 25, 2019
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in Gurock TestRail 5.6.0.3853. An "Unrestricted Upload of File" vulnerability exists in the image-upload form (available in the description editor), allowing remote authenticated users to execute arbitrary code by uploading an image file with an…

  • CVE-2018-5839HigFeb 25, 2019
    risk 0.46cvss 7.1epss 0.00

    Improperly configured memory protection allows read/write access to modem image from HLOS kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions MDM9150, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650,…

  • CVE-2018-13914HigFeb 25, 2019
    risk 0.51cvss 7.8epss 0.00

    Lack of input validation for data received from user space can lead to an out of bound array issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in version MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU,…

  • CVE-2018-13913HigFeb 25, 2019
    risk 0.51cvss 7.8epss 0.00

    Improper validation of array index can lead to unauthorized access while processing debugFS in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in version MDM9150, MDM9206,…

  • CVE-2018-13905HigFeb 25, 2019
    risk 0.51cvss 7.8epss 0.00

    KGSL syncsource lock not handled properly during syncsource cleanup can lead to use after free issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, SD 210/SD 212/SD…

  • CVE-2018-13900HigFeb 25, 2019
    risk 0.51cvss 7.8epss 0.00

    Use-after-free vulnerability will occur as there is no protection for the route table`s rule in IPA driver in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in versions MDM9150, MDM9206,…

  • CVE-2018-11938HigFeb 25, 2019
    risk 0.51cvss 7.8epss 0.00

    Improper input validation for argument received from HLOS can lead to buffer overflows and unexpected behavior in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,…

  • CVE-2018-11931HigFeb 25, 2019
    risk 0.51cvss 7.8epss 0.00

    Improper access to HLOS is possible while transferring memory to CPZ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in…

  • CVE-2018-11289HigFeb 25, 2019
    risk 0.51cvss 7.8epss 0.00

    Data truncation during higher to lower type conversion which causes less memory allocation than desired can lead to a buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,…

  • CVE-2019-9152HigFeb 25, 2019
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5MM_xstrdup in H5MM.c when called from H5O_dtype_decode_helper in H5Odtype.c.

  • CVE-2019-9151HigFeb 25, 2019
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5VM_memcpyvv in H5VM.c when called from H5D__compact_readvv in H5Dcompact.c.

  • CVE-2019-9146HigFeb 25, 2019
    risk 0.49cvss 7.5epss 0.01

    Jamf Self Service 10.9.0 allows man-in-the-middle attackers to obtain a root shell by leveraging the "publish Bash shell scripts" feature to insert "/Applications/Utilities/Terminal app/Contents/MacOS/Terminal" into the TCP data stream.

  • CVE-2019-1689HigFeb 25, 2019
    risk 0.48cvss 7.3epss 0.02

    A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. The vulnerability is due to improper input validation in the client application. An attacker…

  • CVE-2019-1683HigFeb 25, 2019
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP)…

  • CVE-2019-9144HigFeb 25, 2019
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

  • CVE-2019-9143HigFeb 25, 2019
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

  • CVE-2019-9116HigFeb 25, 2019
    risk 0.51cvss 7.8epss 0.01

    DLL hijacking is possible in Sublime Text 3 version 3.1.1 build 3176 on 32-bit Windows platforms because a Trojan horse api-ms-win-core-fibers-l1-1-1.dll or api-ms-win-core-localization-l1-2-1.dll file may be loaded if a victim uses sublime_text.exe to open a .txt file within an…

  • CVE-2018-20795HigFeb 25, 2019
    risk 0.49cvss 7.5epss 0.03

    tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copy_cut action in ajax_calls.php and the paste_clipboard action in execute.php.

  • CVE-2018-20794HigFeb 25, 2019
    risk 0.49cvss 7.5epss 0.04

    tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (jpg/jpeg/png) via path traversal with the path parameter, through the save_img action in ajax_calls.php.

  • CVE-2018-20793HigFeb 25, 2019
    risk 0.49cvss 7.5epss 0.05

    tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass, through the create_file action in execute.php.

  • CVE-2018-20792HigFeb 25, 2019
    risk 0.49cvss 7.5epss 0.03

    tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the get_file action in ajax_calls.php.

  • CVE-2018-20790HigFeb 25, 2019
    risk 0.49cvss 7.5epss 0.04

    tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass through the delete_file action in execute.php.

  • CVE-2018-20789HigFeb 25, 2019
    risk 0.49cvss 7.5epss 0.04

    tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths[0] path traversal mitigation bypass through the delete_folder action in execute.php.

  • CVE-2019-9126HigFeb 25, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is an information disclosure vulnerability via requests for the router_info.xml document. This will reveal the PIN code, MAC address, routing table, firmware version, update time, QOS information, LAN…

  • CVE-2019-9122HigFeb 25, 2019
    risk 0.59cvss 8.8epss 0.24

    An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the ntp_server parameter in an ntp_sync.cgi POST request.

  • CVE-2019-9114HigFeb 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Ming (aka libming) 0.4.8 has an out of bounds write vulnerability in the function strcpyext() in the decompile.c file in libutil.a.

  • CVE-2019-9113HigFeb 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Ming (aka libming) 0.4.8 has a NULL pointer dereference in the function getString() in the decompile.c file in libutil.a.

  • CVE-2019-9082HigKEVFeb 24, 2019
    risk 0.73cvss 8.8epss 0.97

    ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.

  • CVE-2018-20786HigFeb 24, 2019
    risk 0.00cvss 7.5epss 0.03

    libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application crash), related to screen.c, state.c, and vterm.c.

  • CVE-2019-9077HigFeb 24, 2019
    risk 0.51cvss 7.8epss 0.02

    An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.

  • CVE-2019-9075HigFeb 24, 2019
    risk 0.51cvss 7.8epss 0.02

    An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.

  • CVE-2019-9070HigFeb 24, 2019
    risk 0.51cvss 7.8epss 0.02

    An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.

  • CVE-2019-9062HigFeb 23, 2019
    risk 0.52cvss 8.0epss 0.01

    PHP Scripts Mall Online Food Ordering Script 1.0 has Cross-Site Request Forgery (CSRF) in my-account.php.

  • CVE-2019-9050HigFeb 23, 2019
    risk 0.47cvss 7.2epss 0.02

    An issue was discovered in Pluck 4.7.9-dev1. It allows administrators to execute arbitrary code by using action=installmodule to upload a ZIP archive, which is then extracted and executed.

  • CVE-2019-9042HigFeb 23, 2019
    risk 0.47cvss 7.2epss 0.02

    An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI, the user can upload a .php file to execute arbitrary code, as demonstrated by 404.php. This can only occur if the administrator neglects to set FileExtensionFilter and there are untrusted user…

  • CVE-2019-9041HigFeb 23, 2019
    risk 0.52cvss 7.2epss 0.31

    An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring.

  • CVE-2019-9040HigFeb 23, 2019
    risk 0.57cvss 8.8epss 0.01

    S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332.

  • CVE-2018-20785HigFeb 23, 2019
    risk 0.48cvss 7.4epss 0.00

    Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be bypassed by starting with certain commands to the USB serial port. Although a power…