VYPR

CVEs

100,075 total · page 1640 of 2,002

  • CVE-2019-7350HigFeb 4, 2019
    risk 0.48cvss 7.3epss 0.01

    Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. This occurs because a set of multiple cookies (between 3 and 5) is being generated when a user successfully…

  • CVE-2019-7347HigFeb 4, 2019
    risk 0.49cvss 7.5epss 0.01

    A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and modify records (add/delete Monitors, Users, etc.).

  • CVE-2019-7346HigFeb 4, 2019
    risk 0.57cvss 8.8epss 0.01

    A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful.

  • CVE-2018-20751HigFeb 4, 2019
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this…

  • CVE-2019-3813HigFeb 4, 2019
    risk 0.49cvss 7.5epss 0.01

    Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.

  • CVE-2019-3461HigFeb 4, 2019
    risk 0.46cvss 7.0epss 0.00

    Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a (bind) mount via rename() which could result in local privilege escalation. Mounting via rename() could potentially lead to a file being placed elsewhereon the filesystem hierarchy (e.g. /etc/cron.d/) if the…

  • CVE-2019-7323HigFeb 4, 2019
    risk 0.49cvss 7.5epss 0.01

    GUP (generic update process) in LightySoft LogMX before 7.4.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update. The update process relies on cleartext HTTP. The attacker could…

  • CVE-2019-7310HigFeb 3, 2019
    risk 0.51cvss 7.8epss 0.02

    In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as…

  • CVE-2018-16493HigFeb 1, 2019
    risk 0.49cvss 7.5epss 0.02

    A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL.

  • CVE-2018-16490HigFeb 1, 2019
    risk 0.49cvss 7.5epss 0.01

    A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype.

  • CVE-2018-16483HigFeb 1, 2019
    risk 0.57cvss 8.8epss 0.01

    A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.

  • CVE-2018-16482HigFeb 1, 2019
    risk 0.49cvss 7.5epss 0.02

    A server directory traversal vulnerability was found on node module mcstatic <=0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL path.

  • CVE-2018-16479HigFeb 1, 2019
    risk 0.49cvss 7.5epss 0.02

    Path traversal vulnerability in http-live-simulator <1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL.

  • CVE-2018-0722HigFeb 1, 2019
    risk 0.49cvss 7.5epss 0.02

    Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device.

  • CVE-2018-18988HigFeb 1, 2019
    risk 0.57cvss 8.8epss 0.03

    LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash.

  • CVE-2019-7301HigFeb 1, 2019
    risk 0.47cvss 7.2epss 0.03

    Zen Load Balancer 3.10.1 allows remote authenticated admin users to execute arbitrary commands as root via shell metacharacters in the index.cgi?action=View_Cert certname parameter.

  • CVE-2019-7300HigFeb 1, 2019
    risk 0.47cvss 7.2epss 0.03

    Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field.

  • CVE-2017-18361HigFeb 1, 2019
    risk 0.42cvss 7.5epss 0.02

    In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis.

  • CVE-2019-7298HigFeb 1, 2019
    risk 0.53cvss 8.1epss 0.10

    An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with…

  • CVE-2018-6241HigJan 31, 2019
    risk 0.51cvss 7.8epss 0.00

    NVIDIA Tegra Gralloc module contains a vulnerability in driver in which it does not validate input parameter of the registerbuffer API, which may lead to arbitrary code execution, denial of service, or escalation of privileges. Android ID: A-62540032 Severity Rating: High…

  • CVE-2018-15517HigJan 31, 2019
    risk 0.59cvss 8.6epss 0.44

    The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/…

  • CVE-2018-15515HigJan 31, 2019
    risk 0.51cvss 7.8epss 0.02

    The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges.

  • CVE-2019-7283HigJan 31, 2019
    risk 0.48cvss 7.4epss 0.02

    An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle…

  • CVE-2018-11790HigJan 31, 2019
    risk 0.51cvss 7.8epss 0.01

    When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation.

  • CVE-2019-7216HigJan 31, 2019
    risk 0.51cvss 7.8epss 0.02

    An issue was discovered in FileChucker 4.99e-free-e02. filechucker.cgi has a filter bypass that allows a malicious user to upload any type of file by using % characters within the extension, e.g., file.%ph%p becomes file.php.

  • CVE-2019-0190HigJan 30, 2019
    risk 0.54cvss 7.5epss 0.60

    A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using…

  • CVE-2018-3956HigJan 30, 2019
    risk 0.50cvss 7.1epss 0.50

    An exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger an out-of-bounds read, which can disclose sensitive memory content and aid in…

  • CVE-2018-17199HigJan 30, 2019
    risk 0.50cvss 7.5epss 0.20

    In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.

  • CVE-2019-7237HigJan 30, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory Traversal.

  • CVE-2019-7236HigJan 30, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admincp.php allows admincp.php?app=editor&do=fileManager dir=../ Directory Traversal.

  • CVE-2019-7235HigJan 30, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This directory can then be deleted via an admincp.php?app=apps&do=uninstall request.

  • CVE-2019-7233HigJan 30, 2019
    risk 0.57cvss 8.8epss 0.01

    In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL pointer dereference.

  • CVE-2018-19027HigJan 30, 2019
    risk 0.51cvss 7.8epss 0.01

    Three type confusion vulnerabilities exist in CX-One Versions 4.50 and prior and CX-Protocol Versions 2.0 and prior when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.

  • CVE-2018-19858HigJan 30, 2019
    risk 0.56cvss 8.6epss 0.03

    PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file (e.g., in an IFRAME element), PrinceXML will fetch the XML and parse it, thus giving an attacker file-read access…

  • CVE-2019-3806HigJan 29, 2019
    risk 0.53cvss 8.1epss 0.01

    An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.

  • CVE-2018-16880HigJan 29, 2019
    risk 0.46cvss 7.0epss 0.01

    A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic.…

  • CVE-2018-19723HigJan 28, 2019
    risk 0.49cvss 7.5epss 0.04

    Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Note: A different vulnerability than CVE-2018-19721.

  • CVE-2019-3462HigJan 28, 2019
    risk 0.54cvss 8.1epss 0.15

    Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.

  • CVE-2018-19012HigJan 28, 2019
    risk 0.51cvss 7.8epss 0.00

    Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Via a specific dialog it is possible to break out of the kiosk mode and reach the underlying operating system. By breaking out of the kiosk…

  • CVE-2018-19015HigJan 28, 2019
    risk 0.48cvss 7.3epss 0.01

    An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application.

  • CVE-2019-3593HigJan 28, 2019
    risk 0.49cvss 7.5epss 0.00

    Exploitation of Privilege/Trust vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.R18 allows local users to bypass product self-protection, tamper with policies and product files, and uninstall McAfee software without permission via…

  • CVE-2019-6986HigJan 28, 2019
    risk 0.42cvss 7.5epss 0.03

    SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request.

  • CVE-2019-6985HigJan 28, 2019
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Out-of-Bounds Read in Indexing or a Heap Overflow and crash during handling of certain PDF files that embed specifically crafted 3D content, due…

  • CVE-2019-6977HigJan 27, 2019
    risk 0.58cvss 8.8epss 0.65

    gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an…

  • CVE-2018-19023HigJan 25, 2019
    risk 0.57cvss 8.8epss 0.01

    Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state.

  • CVE-2018-19009HigJan 25, 2019
    risk 0.51cvss 7.8epss 0.00

    Pilz PNOZmulti Configurator prior to version 10.9 allows an authenticated attacker with local access to the system containing the PNOZmulti Configurator software to view sensitive credential data in clear-text. This sensitive data is applicable to only the PMI m107 diag HMI…

  • CVE-2018-16881HigJan 25, 2019
    risk 0.49cvss 7.5epss 0.02

    A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.

  • CVE-2019-6956HigJan 25, 2019
    risk 0.39cvss 7.1epss 0.01

    An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c.

  • CVE-2018-20743HigJan 25, 2019
    risk 0.00cvss 7.5epss 0.04

    murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood.

  • CVE-2017-18359HigJan 25, 2019
    risk 0.49cvss 7.5epss 0.03

    PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty geometries are mishandled.