VYPR

CVEs

100,082 total · page 1635 of 2,002

  • CVE-2019-9038HigFeb 23, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds read problem with a SEGV in the function ReadNextCell() in mat5.c.

  • CVE-2019-9036HigFeb 23, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow in the function ReadNextFunctionHandle() in mat5.c.

  • CVE-2019-9032HigFeb 23, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds write problem causing a SEGV in the function Mat_VarFree() in mat.c.

  • CVE-2019-9031HigFeb 23, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a NULL pointer dereference in the function Mat_VarFree() in mat.c.

  • CVE-2019-9029HigFeb 23, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds read with a SEGV in the function Mat_VarReadNextInfo5() in mat5.c.

  • CVE-2019-9027HigFeb 23, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow problem in the function ReadNextCell() in mat5.c.

  • CVE-2019-9026HigFeb 23, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow in the function InflateVarName() in inflate.c when called from ReadNextCell in mat5.c.

  • CVE-2019-9024HigFeb 22, 2019
    risk 0.49cvss 7.5epss 0.07

    An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.

  • CVE-2019-9022HigFeb 22, 2019
    risk 0.49cvss 7.5epss 0.04

    An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data.…

  • CVE-2019-9004HigFeb 22, 2019
    risk 0.49cvss 7.5epss 0.02

    In Eclipse Wakaama (formerly liblwm2m) 1.0, core/er-coap-13/er-coap-13.c in lwm2mserver in the LWM2M server mishandles invalid options, leading to a memory leak. Processing of a single crafted packet leads to leaking (wasting) 24 bytes of memory. This can lead to termination of…

  • CVE-2019-9003HigFeb 22, 2019
    risk 0.00cvss 7.5epss 0.05

    In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop.

  • CVE-2019-7728HigFeb 22, 2019
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to improperly implemented TLS certificate checks, a malicious actor could potentially succeed in executing a man-in-the-middle attack for some connections. (The Bosch Smart Home App is not…

  • CVE-2019-8955HigFeb 21, 2019
    risk 0.49cvss 7.5epss 0.05

    In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler.

  • CVE-2019-6340HigKEVFeb 21, 2019
    risk 0.68cvss 8.1epss 0.92

    Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has…

  • CVE-2019-1681HigFeb 21, 2019
    risk 0.49cvss 7.5epss 0.06

    A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote attacker to retrieve arbitrary files from the targeted device, possibly resulting in information disclosure. The vulnerability is due to improper…

  • CVE-2019-1664HigFeb 21, 2019
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by…

  • CVE-2018-20783HigFeb 21, 2019
    risk 0.49cvss 7.5epss 0.06

    In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to…

  • CVE-2019-1662HigFeb 21, 2019
    risk 0.53cvss 8.2epss 0.02

    A vulnerability in the Quality of Voice Reporting (QOVR) service of Cisco Prime Collaboration Assurance (PCA) Software could allow an unauthenticated, remote attacker to access the system as a valid user. The vulnerability is due to insufficient authentication controls. An…

  • CVE-2019-1659HigFeb 21, 2019
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel established between ISE and PI. The…

  • CVE-2019-8980HigFeb 21, 2019
    risk 0.49cvss 7.5epss 0.06

    A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.

  • CVE-2018-20146HigFeb 21, 2019
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell.

  • CVE-2013-7469HigFeb 21, 2019
    risk 0.49cvss 7.5epss 0.01

    Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.

  • CVE-2018-15380HigFeb 20, 2019
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by…

  • CVE-2019-3475HigFeb 20, 2019
    risk 0.54cvss 7.8epss 0.01

    A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.

  • CVE-2019-1003025HigFeb 20, 2019
    risk 0.50cvss 8.8epss 0.01

    A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and earlier in AbstractCloudFoundryPushDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs…

  • CVE-2019-1003024HigFeb 20, 2019
    risk 0.50cvss 8.8epss 0.03

    A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the…

  • CVE-2019-3924HigFeb 20, 2019
    risk 0.53cvss 7.5epss 0.16

    MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the…

  • CVE-2018-5819HigFeb 20, 2019
    risk 0.49cvss 7.5epss 0.03

    An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.

  • CVE-2018-5818HigFeb 20, 2019
    risk 0.49cvss 7.5epss 0.02

    An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.

  • CVE-2018-5817HigFeb 20, 2019
    risk 0.49cvss 7.5epss 0.03

    A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop.

  • CVE-2019-8954HigFeb 20, 2019
    risk 0.57cvss 8.8epss 0.03

    In Indexhibit 2.1.5, remote attackers can execute arbitrary code via the v parameter (in conjunction with the id parameter) in a upd_jxcode=true action to the ndxzstudio/?a=system URI.

  • CVE-2018-20030HigFeb 20, 2019
    risk 0.00cvss 7.5epss 0.04

    An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources.

  • CVE-2019-8942HigFeb 20, 2019
    risk 0.60cvss 8.8epss 0.83

    WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by…

  • CVE-2018-20026HigFeb 19, 2019
    risk 0.49cvss 7.5epss 0.03

    Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.

  • CVE-2018-20025HigFeb 19, 2019
    risk 0.49cvss 7.5epss 0.03

    Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.

  • CVE-2019-5783HigFeb 19, 2019
    risk 0.57cvss 8.8epss 0.01

    Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page.

  • CVE-2019-5782HigFeb 19, 2019
    risk 0.58cvss 8.8epss 0.13

    Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2019-5780HigFeb 19, 2019
    risk 0.51cvss 7.8epss 0.00

    Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.

  • CVE-2019-5774HigFeb 19, 2019
    risk 0.57cvss 8.8epss 0.02

    Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file.

  • CVE-2019-5772HigFeb 19, 2019
    risk 0.57cvss 8.8epss 0.02

    Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2019-5771HigFeb 19, 2019
    risk 0.57cvss 8.8epss 0.03

    An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

  • CVE-2019-5770HigFeb 19, 2019
    risk 0.57cvss 8.8epss 0.03

    Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2019-5769HigFeb 19, 2019
    risk 0.57cvss 8.8epss 0.02

    Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-5764HigFeb 19, 2019
    risk 0.57cvss 8.8epss 0.01

    Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-5763HigFeb 19, 2019
    risk 0.57cvss 8.8epss 0.02

    Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-5762HigFeb 19, 2019
    risk 0.57cvss 8.8epss 0.03

    Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.

  • CVE-2019-5761HigFeb 19, 2019
    risk 0.57cvss 8.8epss 0.02

    Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-5760HigFeb 19, 2019
    risk 0.57cvss 8.8epss 0.01

    Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-5758HigFeb 19, 2019
    risk 0.57cvss 8.8epss 0.02

    Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-5757HigFeb 19, 2019
    risk 0.57cvss 8.8epss 0.02

    An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.