VYPR

CVEs

100,075 total · page 1637 of 2,002

  • CVE-2018-16190HigFeb 13, 2019
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in UNARJ32.DLL for Win32, LHMelting for Win32, and LMLzh32.DLL (UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier, LHMelting for Win32 Ver 1.65.3.6 and earlier, LMLzh32.DLL Ver 2.67.1.2 and earlier) allows an attacker to gain privileges via a…

  • CVE-2018-16189HigFeb 13, 2019
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in Self-Extracting Archives created by UNLHA32.DLL prior to Ver 3.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2018-0696HigFeb 13, 2019
    risk 0.49cvss 7.5epss 0.01

    OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors.

  • CVE-2019-3782HigFeb 13, 2019
    risk 0.51cvss 7.8epss 0.00

    Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to…

  • CVE-2018-15781HigFeb 13, 2019
    risk 0.51cvss 7.9epss 0.01

    The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded…

  • CVE-2019-8319HigFeb 13, 2019
    risk 0.58cvss 8.8epss 0.08

    An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted…

  • CVE-2019-8318HigFeb 13, 2019
    risk 0.58cvss 8.8epss 0.06

    An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted…

  • CVE-2019-8317HigFeb 13, 2019
    risk 0.58cvss 8.8epss 0.06

    An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted…

  • CVE-2019-8316HigFeb 13, 2019
    risk 0.58cvss 8.8epss 0.07

    An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted…

  • CVE-2019-8315HigFeb 13, 2019
    risk 0.58cvss 8.8epss 0.06

    An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted…

  • CVE-2019-8314HigFeb 13, 2019
    risk 0.58cvss 8.8epss 0.06

    An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted…

  • CVE-2019-8313HigFeb 13, 2019
    risk 0.58cvss 8.8epss 0.06

    An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted…

  • CVE-2019-8312HigFeb 13, 2019
    risk 0.58cvss 8.8epss 0.07

    An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted…

  • CVE-2019-6545HigFeb 13, 2019
    risk 0.53cvss 7.5epss 0.14

    AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary…

  • CVE-2018-20253HigFeb 13, 2019
    risk 0.51cvss 7.8epss 0.04

    In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZH archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • CVE-2019-6541HigFeb 13, 2019
    risk 0.51cvss 7.8epss 0.02

    A memory corruption vulnerability has been identified in WECON LeviStudioU version 1.8.56 and prior, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.

  • CVE-2019-6539HigFeb 13, 2019
    risk 0.51cvss 7.8epss 0.02

    Several heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior have been identified, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these…

  • CVE-2019-6537HigFeb 13, 2019
    risk 0.51cvss 7.8epss 0.02

    Multiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior may be exploited when parsing strings within project files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length…

  • CVE-2019-8308HigFeb 12, 2019
    risk 0.46cvss 8.2epss 0.00

    Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.

  • CVE-2018-19018HigFeb 12, 2019
    risk 0.48cvss 7.3epss 0.01

    An access of uninitialized pointer vulnerability in CX-Supervisor (Versions 3.42 and prior) could lead to type confusion when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.

  • CVE-2017-0938HigFeb 12, 2019
    risk 0.50cvss 7.5epss 0.21

    Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.

  • CVE-2018-5499HigFeb 12, 2019
    risk 0.49cvss 7.5epss 0.01

    ATTO FibreBridge 7500N firmware version 2.95 is susceptible to a vulnerability which allows attackers to cause a Denial of Service (DoS).

  • CVE-2019-1688HigFeb 12, 2019
    risk 0.46cvss 7.1epss 0.00

    A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password…

  • CVE-2019-6549HigFeb 12, 2019
    risk 0.47cvss 7.2epss 0.01

    An attacker could retrieve plain-text credentials stored in a XML file on PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) through FTP.

  • CVE-2018-20781HigFeb 12, 2019
    risk 0.54cvss 7.8epss 0.01

    In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.

  • CVE-2019-5596HigFeb 12, 2019
    risk 0.60cvss 8.8epss 0.01

    In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a…

  • CVE-2018-9592HigFeb 11, 2019
    risk 0.49cvss 7.5epss 0.01

    In mca_ccb_hdl_rsp of mca_cact.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges…

  • CVE-2018-9591HigFeb 11, 2019
    risk 0.49cvss 7.5epss 0.01

    In bta_hh_ctrl_dat_act of bta_hh_act.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution…

  • CVE-2018-9590HigFeb 11, 2019
    risk 0.49cvss 7.5epss 0.01

    In add_attr of sdp_discovery.c in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges…

  • CVE-2018-9587HigFeb 11, 2019
    risk 0.47cvss 7.3epss 0.00

    In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is possible unauthorized access to files within the contact app due to a confused deputy scenario. This could lead to local escalation…

  • CVE-2018-9586HigFeb 11, 2019
    risk 0.46cvss 7.0epss 0.00

    In run of InstallPackageTask.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, it is possible that package verification is turned off and remains off due to a race condition. This could lead to local escalation of privilege with no…

  • CVE-2018-9585HigFeb 11, 2019
    risk 0.51cvss 7.8epss 0.00

    In nfc_ncif_proc_get_routing of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution…

  • CVE-2018-9584HigFeb 11, 2019
    risk 0.51cvss 7.8epss 0.00

    In nfc_ncif_set_config_status of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution…

  • CVE-2018-9582HigFeb 11, 2019
    risk 0.51cvss 7.8epss 0.00

    In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the unknown source warning due to a confused deputy scenario. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not…

  • CVE-2019-7737HigFeb 11, 2019
    risk 0.57cvss 8.8epss 0.01

    A CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit.

  • CVE-2018-18569HigFeb 11, 2019
    risk 0.56cvss 8.6epss 0.01

    The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary requests (with certain restrictions) that will be executed on behalf of the attacker, via the viewUrl parameter of the "export the dashboard as…

  • CVE-2019-5736HigFeb 11, 2019
    risk 0.60cvss 8.6epss 0.99

    runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new…

  • CVE-2019-7733HigFeb 11, 2019
    risk 0.49cvss 7.5epss 0.02

    In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove.

  • CVE-2019-7732HigFeb 11, 2019
    risk 0.49cvss 7.5epss 0.01

    In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.

  • CVE-2018-15588HigFeb 11, 2019
    risk 0.49cvss 7.5epss 0.02

    MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email.

  • CVE-2018-13893HigFeb 11, 2019
    risk 0.51cvss 7.8epss 0.00

    In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Out of bound mask range access caused by using possible old value of msg mask table count while copying masks to userspace.

  • CVE-2018-13889HigFeb 11, 2019
    risk 0.51cvss 7.8epss 0.00

    In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Heap memory was accessed after it was freed

  • CVE-2018-13888HigFeb 11, 2019
    risk 0.51cvss 7.8epss 0.00

    There is potential for memory corruption in the RIL daemon due to de reference of memory outside the allocated array length in RIL in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in versions MDM9206, MDM9607,…

  • CVE-2018-12014HigFeb 11, 2019
    risk 0.51cvss 7.8epss 0.00

    In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Null pointer dereference vulnerability may occur due to missing NULL assignment in NAT module of freed pointer.

  • CVE-2018-12010HigFeb 11, 2019
    risk 0.51cvss 7.8epss 0.00

    In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Absence of length sanity check may lead to possible stack overflow resulting in memory corruption in trustzone region.

  • CVE-2018-11962HigFeb 11, 2019
    risk 0.51cvss 7.8epss 0.00

    In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Use-after-free issue in heap while loading audio effects config in audio effects factory.

  • CVE-2018-11899HigFeb 11, 2019
    risk 0.51cvss 7.8epss 0.00

    While processing radio connection status change events, Radio index is not properly validated in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music in versions MDM9206, MDM9607, MDM9640,…

  • CVE-2018-11888HigFeb 11, 2019
    risk 0.51cvss 7.8epss 0.00

    Unauthorized access may be allowed by the SCP11 Crypto Services TA will processing commands from other TA in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon…

  • CVE-2018-11855HigFeb 11, 2019
    risk 0.51cvss 7.8epss 0.00

    If an end user makes use of SCP11 sample OCE code without modification it could lead to a buffer overflow when transmitting a CAPDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon…

  • CVE-2018-11847HigFeb 11, 2019
    risk 0.51cvss 7.8epss 0.00

    Malicious TA can tag QSEE kernel memory and map to EL0, there by corrupting the physical memory as well it can be used to corrupt the QSEE kernel and compromise the whole TEE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics…