VYPR

CVEs

100,082 total · page 1652 of 2,002

  • CVE-2018-20483HigDec 26, 2018
    risk 0.51cvss 7.8epss 0.01

    set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by…

  • CVE-2018-20478HigDec 26, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in S-CMS 1.0. It allows reading certain files, such as PHP source code, via the admin/download.php DownName parameter with a mixed-case extension, as demonstrated by a DownName=download.Php value.

  • CVE-2018-20465HigDec 25, 2018
    risk 0.47cvss 7.2epss 0.01

    Craft CMS through 3.0.34 allows remote authenticated administrators to read sensitive information via server-side template injection, as demonstrated by a {% string for craft.app.config.DB.user and craft.app.config.DB.password in the URI Format of the Site Settings, which causes…

  • CVE-2018-20463HigDec 25, 2018
    risk 0.50cvss 7.5epss 0.13

    An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. There is an arbitrary file read vulnerability via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. This can also be used for SSRF.

  • CVE-2018-20452HigDec 25, 2018
    risk 0.57cvss 8.8epss 0.02

    The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid free that allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, because of inconsistent memory management (new versus free) in…

  • CVE-2018-20437HigDec 25, 2018
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in the fileDownload function in the CommonController class in FEBS-Shiro before 2018-11-05. An attacker can download a file via a request of the form /common/download?filename=1.jsp&delete=false. NOTE: the software maintainer disputes the significance of…

  • CVE-2018-20436HigDec 24, 2018
    risk 0.53cvss 8.1epss 0.02

    The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. There are also GET requests to other URLs on the same web server. This also…

  • CVE-2018-20249HigDec 24, 2018
    risk 0.57cvss 8.8epss 0.01

    In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref entries using the DAOpenFile or DAOpenFileReadOnly functions may result in an access violation caused by out of bounds memory access.

  • CVE-2018-20247HigDec 24, 2018
    risk 0.55cvss 7.8epss 0.54

    In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing a recursive page tree structure using the LoadFromFile, LoadFromString or LoadFromStream functions results in a stack overflow.

  • CVE-2018-19232HigDec 24, 2018
    risk 0.49cvss 7.5epss 0.01

    The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to cause a denial of service via a FIRMWAREUPDATE GET request, as demonstrated by the /DOWN/FIRMWAREUPDATE/ROM1 URI.

  • CVE-2018-18959HigDec 24, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. On the 'Air Print Setting' web page, if the data for 'Bonjour Service Location' at /PRESENTATION/BONJOUR is more than 251 bytes when sending data for Air Print Setting, then…

  • CVE-2018-7837HigDec 24, 2018
    risk 0.49cvss 7.5epss 0.01

    An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect…

  • CVE-2018-7835HigDec 24, 2018
    risk 0.49cvss 7.5epss 0.02

    An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user.

  • CVE-2018-7832HigDec 24, 2018
    risk 0.57cvss 8.8epss 0.02

    An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched.

  • CVE-2018-7802HigDec 24, 2018
    risk 0.57cvss 8.8epss 0.02

    A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give access to the web interface with full privileges.

  • CVE-2018-7801HigDec 24, 2018
    risk 0.58cvss 8.8epss 0.06

    A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable access with maximum privileges when a remote code execution is performed.

  • CVE-2018-7793HigDec 24, 2018
    risk 0.57cvss 8.7epss 0.00

    A Credential Management vulnerability exists in FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.) which could cause unauthorized disclosure, modification, or disruption in service…

  • CVE-2018-8920HigDec 24, 2018
    risk 0.47cvss 7.2epss 0.01

    Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format.

  • CVE-2018-8919HigDec 24, 2018
    risk 0.54cvss 8.3epss 0.01

    Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors.

  • CVE-2018-15465HigDec 24, 2018
    risk 0.53cvss 8.1epss 0.02

    A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to…

  • CVE-2018-19357HigDec 24, 2018
    risk 0.51cvss 7.8epss 0.03

    XMPlay 3.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted http:// URL in a .m3u file.

  • CVE-2018-20429HigDec 24, 2018
    risk 0.57cvss 8.8epss 0.01

    libming 0.4.8 has a NULL pointer dereference in the getName function of the decompile.c file, a different vulnerability than CVE-2018-7872 and CVE-2018-9165.

  • CVE-2018-20428HigDec 24, 2018
    risk 0.57cvss 8.8epss 0.01

    libming 0.4.8 has a NULL pointer dereference in the strlenext function of the decompile.c file, a different vulnerability than CVE-2018-7874.

  • CVE-2018-20427HigDec 24, 2018
    risk 0.57cvss 8.8epss 0.01

    libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file, a different vulnerability than CVE-2018-9132.

  • CVE-2018-20426HigDec 24, 2018
    risk 0.57cvss 8.8epss 0.01

    libming 0.4.8 has a NULL pointer dereference in the newVar3 function of the decompile.c file, a different vulnerability than CVE-2018-7866.

  • CVE-2018-20425HigDec 24, 2018
    risk 0.57cvss 8.8epss 0.01

    libming 0.4.8 has a NULL pointer dereference in the pushdup function of the decompile.c file.

  • CVE-2018-20423HigDec 24, 2018
    risk 0.53cvss 8.1epss 0.01

    Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string.

  • CVE-2018-20422HigDec 24, 2018
    risk 0.53cvss 8.1epss 0.01

    Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which…

  • CVE-2018-20421HigDec 24, 2018
    risk 0.49cvss 7.5epss 0.01

    Go Ethereum (aka geth) 1.8.19 allows attackers to cause a denial of service (memory consumption) by rewriting the length of a dynamic array in memory, and then writing data to a single memory location with a large index number, as demonstrated by use of "assembly { mstore }"…

  • CVE-2018-20419HigDec 24, 2018
    risk 0.57cvss 8.8epss 0.00

    DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account.

  • CVE-2018-20410HigDec 24, 2018
    risk 0.49cvss 7.5epss 0.02

    WellinTech KingSCADA before 3.7.0.0.1 contains a stack-based buffer overflow. The vulnerability is triggered when sending a specially crafted packet to the AlarmServer (AEserver.exe) service listening on TCP port 12401.

  • CVE-2018-20406HigDec 23, 2018
    risk 0.00cvss 7.5epss 0.06

    Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or…

  • CVE-2018-20402HigDec 23, 2018
    risk 0.57cvss 8.8epss 0.01

    Safe Software FME Server through 2018.1 creates and enables three additional accounts in addition to the initial administrator account. The passwords to the three accounts are the same as the usernames, which are guest, user, and author. Logging in with these accounts will grant…

  • CVE-2018-20331HigDec 23, 2018
    risk 0.51cvss 7.8epss 0.01

    Local attackers can trigger a Kernel Pool Buffer Overflow in Antiy AVL ATool v1.0.0.22. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL…

  • CVE-2018-20226HigDec 21, 2018
    risk 0.00cvss 7.2epss 0.02

    An organization administrator can add a super administrator in THEHIVE PROJECT Cortex before 2.1.3 due to the lack of overriding the Role.toString method.

  • CVE-2018-20193HigDec 21, 2018
    risk 0.57cvss 8.8epss 0.01

    Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (build 7631). This occurs…

  • CVE-2018-19322HigKEVDec 21, 2018
    risk 0.69cvss 7.8epss 0.02

    The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to…

  • CVE-2018-19321HigKEVDec 21, 2018
    risk 0.69cvss 7.8epss 0.04

    The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local…

  • CVE-2018-19320HigKEVDec 21, 2018
    risk 0.69cvss 7.8epss 0.04

    The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected…

  • CVE-2018-20346HigDec 21, 2018
    risk 0.53cvss 8.1epss 0.10

    SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run…

  • CVE-2018-5202HigDec 21, 2018
    risk 0.51cvss 7.8epss 0.02

    SKCertService 2.5.5 and earlier contains a vulnerability that could allow remote attacker to execute arbitrary code. This vulnerability exists due to the way .dll files are loaded by SKCertService. It allows an attacker to load a .dll of the attacker's choosing that could…

  • CVE-2018-5196HigDec 21, 2018
    risk 0.57cvss 8.8epss 0.01

    Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execute arbitrary code execution.

  • CVE-2018-18332HigDec 21, 2018
    risk 0.49cvss 7.5epss 0.01

    A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations.

  • CVE-2018-18331HigDec 21, 2018
    risk 0.49cvss 7.5epss 0.01

    A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerable installations.

  • CVE-2018-20337HigDec 21, 2018
    risk 0.57cvss 8.8epss 0.02

    There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.

  • CVE-2018-20332HigDec 21, 2018
    risk 0.00cvss 7.5epss 0.02

    An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download&file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=download&dir=…

  • CVE-2018-20330HigDec 21, 2018
    risk 0.57cvss 8.8epss 0.02

    The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench.

  • CVE-2018-20329HigDec 21, 2018
    risk 0.00cvss 8.1epss 0.01

    Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection, allowing users with access to the sessions catalogue (which may optionally be made public) to extract and/or modify database information.

  • CVE-2018-20191HigDec 20, 2018
    risk 0.49cvss 7.5epss 0.04

    hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference).

  • CVE-2018-19242HigDec 20, 2018
    risk 0.57cvss 8.8epss 0.03

    Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (with authentication).