VYPR

CVEs

100,075 total · page 1643 of 2,002

  • CVE-2019-1636HigJan 23, 2019
    risk 0.54cvss 7.8epss 0.47

    A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark, could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows operating systems. An…

  • CVE-2019-6708HigJan 23, 2019
    risk 0.47cvss 7.2epss 0.01

    PHPSHE 1.7 has SQL injection via the admin.php?mod=order state parameter.

  • CVE-2019-6707HigJan 23, 2019
    risk 0.47cvss 7.2epss 0.01

    PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state product_id[] parameter.

  • CVE-2019-6706HigJan 23, 2019
    risk 0.46cvss 7.5epss 0.17

    Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.

  • CVE-2018-20245HigJan 23, 2019
    risk 0.42cvss 7.5epss 0.01

    The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking.

  • CVE-2017-17835HigJan 23, 2019
    risk 0.50cvss 8.8epss 0.01

    In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.

  • CVE-2017-15720HigJan 23, 2019
    risk 0.50cvss 8.8epss 0.02

    In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object.

  • CVE-2019-3587HigJan 23, 2019
    risk 0.47cvss 7.2epss 0.01

    DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.18 allows local users to execute arbitrary code via execution from a compromised folder.

  • CVE-2019-3584HigJan 23, 2019
    risk 0.48cvss 7.4epss 0.00

    Exploitation of Authentication vulnerability in MVision Endpoint in McAfee MVision Endpoint Prior to 1811 Update 1 (18.11.31.62) allows authenticated administrator users --> administrators to Remove MVision Endpoint via unspecified vectors.

  • CVE-2019-6691HigJan 23, 2019
    risk 0.47cvss 7.2epss 0.01

    phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb[] parameter, related to the "--backup database" option.

  • CVE-2018-19019HigJan 22, 2019
    risk 0.48cvss 7.3epss 0.01

    A type confusion vulnerability exists when processing project files in CX-Supervisor (Versions 3.42 and prior). An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.

  • CVE-2018-19017HigJan 22, 2019
    risk 0.57cvss 8.8epss 0.02

    Several use after free vulnerabilities have been identified in CX-Supervisor (Versions 3.42 and prior). When processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute…

  • CVE-2018-19011HigJan 22, 2019
    risk 0.57cvss 8.8epss 0.02

    CX-Supervisor (Versions 3.42 and prior) can execute code that has been injected into a project file. An attacker could exploit this to execute code under the privileges of the application.

  • CVE-2018-6445HigJan 22, 2019
    risk 0.49cvss 7.5epss 0.02

    A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted (not hashed) password of the systems. The attacker could gain access to the Brocade Network Advisor…

  • CVE-2018-6443HigJan 22, 2019
    risk 0.56cvss 8.1epss 0.07

    A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote…

  • CVE-2019-6510HigJan 22, 2019
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in creditease-sec insight through 2018-09-11. user_delete in srcpm/app/admin/views.py allows CSRF.

  • CVE-2019-6509HigJan 22, 2019
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in creditease-sec insight through 2018-09-11. depart_delete in srcpm/app/admin/views.py allows CSRF.

  • CVE-2019-6508HigJan 22, 2019
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in creditease-sec insight through 2018-09-11. role_perm_delete in srcpm/app/admin/views.py allows CSRF.

  • CVE-2019-6507HigJan 22, 2019
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in creditease-sec insight through 2018-09-11. login_user_delete in srcpm/app/admin/views.py allows CSRF.

  • CVE-2018-19634HigJan 22, 2019
    risk 0.49cvss 7.5epss 0.01

    CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information.

  • CVE-2019-6338HigJan 22, 2019
    risk 0.45cvss 8.0epss 0.02

    In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details

  • CVE-2019-1003004HigJan 22, 2019
    risk 0.47cvss 7.2epss 0.02

    An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user…

  • CVE-2019-1003003HigJan 22, 2019
    risk 0.40cvss 7.2epss 0.02

    An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never…

  • CVE-2019-1003002HigJan 22, 2019
    risk 0.03cvss 8.8epss 0.82

    A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline…

  • CVE-2019-1003001HigJan 22, 2019
    risk 0.03cvss 8.8epss 0.86

    A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read…

  • CVE-2019-1003000HigJan 22, 2019
    risk 0.04cvss 8.8epss 0.98

    A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins…

  • CVE-2019-6502HigJan 22, 2019
    risk 0.49cvss 7.5epss 0.02

    sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv.

  • CVE-2019-6500HigJan 21, 2019
    risk 0.49cvss 7.5epss 0.04

    In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring.

  • CVE-2019-6499HigJan 21, 2019
    risk 0.53cvss 8.1epss 0.01

    Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account (in viewpoint-portal\conf\server.xml) that could potentially be exploited by malicious users to compromise the affected system.

  • CVE-2019-6498HigJan 21, 2019
    risk 0.61cvss 8.8epss 0.05

    GattLib 0.2 has a stack-based buffer over-read in gattlib_connect in dbus/gattlib.c because strncpy is misused.

  • CVE-2019-6496HigJan 20, 2019
    risk 0.58cvss 8.8epss 0.07

    The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of…

  • CVE-2018-5881HigJan 18, 2019
    risk 0.57cvss 8.8epss 0.00

    Improper validation of buffer length checks in the lwm2m device management protocol can leads to a buffer overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660,…

  • CVE-2018-5880HigJan 18, 2019
    risk 0.51cvss 7.8epss 0.00

    Improper data length check while processing an event report indication can lead to a buffer overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660

  • CVE-2018-5879HigJan 18, 2019
    risk 0.57cvss 8.8epss 0.00

    Improper length check while processing an MQTT message can lead to heap overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660

  • CVE-2018-5869HigJan 18, 2019
    risk 0.51cvss 7.8epss 0.00

    Improper input validation in the QTEE keymaster app can lead to invalid memory access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 800, SD 810

  • CVE-2018-5868HigJan 18, 2019
    risk 0.51cvss 7.8epss 0.00

    Lack of checking input size can lead to buffer overflow In WideVine in snapdragon automobile and snapdragon mobile in versions MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX24, SXR1130

  • CVE-2018-5867HigJan 18, 2019
    risk 0.51cvss 7.8epss 0.00

    Lack of checking input size can lead to buffer overflow In WideVine in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD…

  • CVE-2018-15784HigJan 18, 2019
    risk 0.48cvss 7.4epss 0.01

    Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the server's certificate authority during TLS handshake. Use of an invalid or malicious certificate could potentially allow an attacker to spoof a…

  • CVE-2018-11998HigJan 18, 2019
    risk 0.49cvss 7.5epss 0.00

    While processing a packet decode request in MQTT, Race condition can occur leading to an out-of-bounds access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 427, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660,…

  • CVE-2018-11993HigJan 18, 2019
    risk 0.57cvss 8.8epss 0.00

    Improper check while accessing the local memory stack on MQTT connection request can lead to buffer overflow in snapdragon wear in versions MDM9206, MDM9607

  • CVE-2018-11288HigJan 18, 2019
    risk 0.51cvss 7.8epss 0.00

    Possible undefined behavior due to lack of size check in function for parameter segment_idx can lead to a read outside of the intended region in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD…

  • CVE-2018-11279HigJan 18, 2019
    risk 0.57cvss 8.8epss 0.01

    Lack of check of input size can make device memory get corrupted because of buffer overflow in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD…

  • CVE-2017-8276HigJan 18, 2019
    risk 0.51cvss 7.8epss 0.00

    Improper authorization involving a fuse in TrustZone in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD…

  • CVE-2017-18331HigJan 18, 2019
    risk 0.51cvss 7.8epss 0.00

    Improper access control on secure display buffers in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660

  • CVE-2019-6488HigJan 18, 2019
    risk 0.51cvss 7.8epss 0.00

    The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as…

  • CVE-2019-3908HigJan 18, 2019
    risk 0.49cvss 7.5epss 0.02

    Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.

  • CVE-2019-3907HigJan 18, 2019
    risk 0.49cvss 7.5epss 0.01

    Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).

  • CVE-2019-3906HigJan 18, 2019
    risk 0.57cvss 8.8epss 0.03

    Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.

  • CVE-2018-19722HigJan 18, 2019
    risk 0.49cvss 7.5epss 0.03

    Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-19720HigJan 18, 2019
    risk 0.58cvss 8.8epss 0.06

    Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an untrusted pointer…