VYPR

CVEs

100,082 total · page 1659 of 2,002

  • CVE-2018-14696HigDec 3, 2018
    risk 0.49cvss 7.5epss 0.01

    Incorrect access control in the /mysql/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information.

  • CVE-2018-14695HigDec 3, 2018
    risk 0.49cvss 7.5epss 0.01

    Incorrect access control in the /mysql/api/diags.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve diagnostic information via the "name" URL parameter.

  • CVE-2018-6439HigDec 3, 2018
    risk 0.51cvss 7.8epss 0.00

    A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access.

  • CVE-2018-19827HigDec 3, 2018
    risk 0.57cvss 8.8epss 0.02

    In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.

  • CVE-2018-19824HigDec 3, 2018
    risk 0.00cvss 7.8epss 0.01

    In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.

  • CVE-2018-16863HigDec 3, 2018
    risk 0.48cvss 7.3epss 0.01

    It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects…

  • CVE-2018-1002000HigDec 3, 2018
    risk 0.50cvss 7.2epss 0.04

    There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.

  • CVE-2018-7116HigDec 3, 2018
    risk 0.50cvss 7.5epss 0.10

    HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote denial of service via dbman Opcode 10003 'Filename'. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.

  • CVE-2018-16855HigDec 3, 2018
    risk 0.54cvss 7.5epss 0.59

    An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.

  • CVE-2018-19793HigDec 3, 2018
    risk 0.47cvss 7.2epss 0.02

    jiacrontab 1.4.5 allows remote attackers to execute arbitrary commands via the crontab/task/edit?addr=localhost%3a20001 command and args parameters, as demonstrated by command=cat&args=/etc/passwd in the POST data.

  • CVE-2018-19788HigDec 3, 2018
    risk 0.58cvss 8.8epss 0.11

    A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.

  • CVE-2018-4040HigDec 1, 2018
    risk 0.51cvss 7.8epss 0.01

    An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. A specially crafted document can cause certain RTF tokens to dereference a pointer that has been uninitialized and then write to it. An attacker…

  • CVE-2018-4039HigDec 1, 2018
    risk 0.51cvss 7.8epss 0.01

    An exploitable out-of-bounds write vulnerability exists in the PNG implementation of Atlantis Word Processor, version 3.2.7.2. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a…

  • CVE-2018-4038HigDec 1, 2018
    risk 0.51cvss 7.8epss 0.01

    An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an attacker to pass an untrusted value as a length to a…

  • CVE-2018-3951HigDec 1, 2018
    risk 0.47cvss 7.2epss 0.04

    An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. A specially crafted HTTP request can cause a buffer overflow, resulting in remote code execution on the device. An attacker can send an…

  • CVE-2018-3950HigDec 1, 2018
    risk 0.57cvss 8.8epss 0.03

    An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 http server. A specially crafted IP address can cause a stack overflow, resulting in remote code execution. An attacker can…

  • CVE-2018-3949HigDec 1, 2018
    risk 0.53cvss 7.5epss 0.53

    An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated…

  • CVE-2018-19784HigDec 1, 2018
    risk 0.49cvss 7.5epss 0.01

    The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion.

  • CVE-2018-15716HigNov 30, 2018
    risk 0.62cvss 8.8epss 0.18

    NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root.

  • CVE-2018-7831HigNov 30, 2018
    risk 0.57cvss 8.8epss 0.01

    An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web…

  • CVE-2018-7830HigNov 30, 2018
    risk 0.49cvss 7.5epss 0.02

    Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP…

  • CVE-2018-7807HigNov 30, 2018
    risk 0.57cvss 8.8epss 0.01

    Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As…

  • CVE-2018-7806HigNov 30, 2018
    risk 0.57cvss 8.8epss 0.01

    Data Center Operation allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for…

  • CVE-2018-16476HigNov 30, 2018
    risk 0.42cvss 7.5epss 0.03

    A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions…

  • CVE-2018-18987HigNov 30, 2018
    risk 0.57cvss 8.8epss 0.03

    VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied input via a file without first checking for validity, allowing attacker supplied input to be written to known memory locations. This may cause the program to crash or allow remote…

  • CVE-2018-18983HigNov 30, 2018
    risk 0.57cvss 8.8epss 0.03

    VT-Designer Version 2.1.7.31 is vulnerable by the program reading the contents of a file (which is already in memory) into another heap-based buffer, which may cause the program to crash or allow remote code execution.

  • CVE-2018-18860HigNov 30, 2018
    risk 0.54cvss 7.8epss 0.01

    A local privilege escalation vulnerability has been identified in the SwitchVPN client 2.1012.03 for macOS. Due to over-permissive configuration settings and a SUID binary, an attacker is able to execute arbitrary binaries as root.

  • CVE-2018-15835HigNov 30, 2018
    risk 0.49cvss 7.5epss 0.02

    Android 1.0 through 9.0 has Insecure Permissions. The Android bug ID is 77286983.

  • CVE-2018-3948HigNov 30, 2018
    risk 0.51cvss 7.5epss 0.23

    An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either…

  • CVE-2018-15767HigNov 30, 2018
    risk 0.61cvss 8.8epss 0.12

    The Dell OpenManage Network Manager virtual appliance versions prior to 6.5.3 contain an improper authorization vulnerability caused by a misconfiguration in the /etc/sudoers file.

  • CVE-2018-1897HigNov 30, 2018
    risk 0.55cvss 8.4epss 0.01

    IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 152462.

  • CVE-2018-19762HigNov 30, 2018
    risk 0.51cvss 7.8epss 0.01

    There is a heap-based buffer overflow at fromsixel.c (function: image_buffer_resize) in libsixel 1.8.2 that will cause a denial of service or possibly unspecified other impact.

  • CVE-2018-19760HigNov 30, 2018
    risk 0.57cvss 8.8epss 0.01

    cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak.

  • CVE-2018-19748HigNov 29, 2018
    risk 0.49cvss 7.5epss 0.02

    app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded (note that base64 encoding, instead of URL encoding, is…

  • CVE-2018-19120HigNov 29, 2018
    risk 0.49cvss 7.5epss 0.01

    The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address.

  • CVE-2018-15537HigNov 29, 2018
    risk 0.58cvss 8.8epss 0.05

    Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests.

  • CVE-2018-15980HigNov 29, 2018
    risk 0.49cvss 7.5epss 0.08

    Adobe Photoshop CC versions 19.1.6 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-15979HigNov 29, 2018
    risk 0.50cvss 7.5epss 0.10

    Adobe Acrobat and Reader versions 2019.008.20080 and earlier, 2017.011.30105 and earlier, and 2015.006.30456 and earlier have a ntlm sso hash theft vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-15978HigNov 29, 2018
    risk 0.49cvss 7.5epss 0.07

    Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-8789HigNov 29, 2018
    risk 0.00cvss 7.5epss 0.05

    FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault).

  • CVE-2018-12245HigNov 29, 2018
    risk 0.51cvss 7.8epss 0.01

    Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker. Note that this particular type of…

  • CVE-2018-12238HigNov 29, 2018
    risk 0.51cvss 7.8epss 0.00

    Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be…

  • CVE-2018-19666HigNov 29, 2018
    risk 0.51cvss 7.8epss 0.01

    The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server.

  • CVE-2018-19662HigNov 29, 2018
    risk 0.53cvss 8.1epss 0.02

    An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service.

  • CVE-2018-19655HigNov 29, 2018
    risk 0.57cvss 8.8epss 0.03

    A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.

  • CVE-2018-19654HigNov 29, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new…

  • CVE-2018-19628HigNov 29, 2018
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error.

  • CVE-2018-19627HigNov 29, 2018
    risk 0.53cvss 7.5epss 0.18

    In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary.

  • CVE-2018-19623HigNov 29, 2018
    risk 0.49cvss 7.5epss 0.04

    In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain…

  • CVE-2018-19622HigNov 29, 2018
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows.