VYPR

CVEs

100,082 total · page 1660 of 2,002

  • CVE-2018-12122HigNov 28, 2018
    risk 0.52cvss 7.5epss 0.41

    Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.

  • CVE-2018-12121HigNov 28, 2018
    risk 0.50cvss 7.5epss 0.10

    Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible…

  • CVE-2018-12120HigNov 28, 2018
    risk 0.53cvss 8.1epss 0.04

    Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug…

  • CVE-2018-12116HigNov 28, 2018
    risk 0.49cvss 7.5epss 0.05

    Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and…

  • CVE-2018-14748HigNov 28, 2018
    risk 0.49cvss 7.5epss 0.01

    Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to power off the NAS.

  • CVE-2018-14747HigNov 28, 2018
    risk 0.49cvss 7.5epss 0.01

    NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to crash the NAS media server.

  • CVE-2018-5918HigNov 28, 2018
    risk 0.51cvss 7.8epss 0.00

    Possible buffer overflow in DRM Trusted application due to lack of check function return values in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD…

  • CVE-2018-5917HigNov 28, 2018
    risk 0.51cvss 7.8epss 0.00

    Possible buffer overflow in OEM crypto function due to improper input validation in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130.

  • CVE-2018-5912HigNov 28, 2018
    risk 0.51cvss 7.8epss 0.00

    Potential buffer overflow in Video due to lack of input validation in input and output values in Snapdragon Automobile, Snapdragon Mobile in MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660

  • CVE-2018-5877HigNov 28, 2018
    risk 0.51cvss 7.8epss 0.00

    In the device programmer target-side code for firehose, a string may not be properly NULL terminated can lead to a incorrect buffer size in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU,…

  • CVE-2018-5870HigNov 28, 2018
    risk 0.51cvss 7.8epss 0.00

    While loading a service image, an untrusted pointer dereference can occur in Snapdragon Mobile in versions SD 835, SDA660, SDX24.

  • CVE-2018-11996HigNov 28, 2018
    risk 0.51cvss 7.8epss 0.00

    When a malformed command is sent to the device programmer, an out-of-bounds access can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD…

  • CVE-2018-11994HigNov 28, 2018
    risk 0.51cvss 7.8epss 0.00

    SMMU secure camera logic allows secure camera controllers to access HLOS memory during session in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A,…

  • CVE-2018-11921HigNov 28, 2018
    risk 0.51cvss 7.8epss 0.00

    Failure condition is not handled properly and the correct error code is not returned. It could cause unintended SUI behavior and create unintended SUI display in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD…

  • CVE-2018-11264HigNov 28, 2018
    risk 0.51cvss 7.8epss 0.00

    Possible buffer overflow in Ontario fingerprint code due to lack of input validation for the parameters coming into TZ from HLOS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD…

  • CVE-2017-18317HigNov 28, 2018
    risk 0.51cvss 7.8epss 0.00

    Restrictions related to the modem (sim lock, sim kill) can be bypassed by manipulating the system to issue a deactivation flow sequence in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU,SD 410/12,SD 820,SD 820A.

  • CVE-2017-18316HigNov 28, 2018
    risk 0.51cvss 7.8epss 0.00

    Secure application can access QSEE kernel memory through Ontario kernel driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845,…

  • CVE-2017-18315HigNov 28, 2018
    risk 0.51cvss 7.8epss 0.00

    Buffer over-read vulnerabilities in an older version of ASN.1 parser in Snapdragon Mobile in versions SD 600.

  • CVE-2018-16857HigNov 28, 2018
    risk 0.48cvss 7.4epss 0.02

    Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to…

  • CVE-2018-16853HigNov 28, 2018
    risk 0.49cvss 7.5epss 0.03

    Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered…

  • CVE-2018-0721HigNov 27, 2018
    risk 0.50cvss 7.7epss 0.02

    Buffer Overflow vulnerability in NAS devices. QTS allows attackers to run arbitrary code. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build…

  • CVE-2018-7977HigNov 27, 2018
    risk 0.49cvss 7.5epss 0.01

    There is an information leakage vulnerability on several Huawei products. Due to insufficient communication protection for specific services, a remote, unauthorized attacker can exploit this vulnerability to connect to specific services to obtain additional information.…

  • CVE-2018-7960HigNov 27, 2018
    risk 0.48cvss 7.4epss 0.01

    There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information,…

  • CVE-2018-7958HigNov 27, 2018
    risk 0.48cvss 7.4epss 0.01

    There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication,…

  • CVE-2018-13418HigNov 27, 2018
    risk 0.58cvss 8.8epss 0.05

    System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter.

  • CVE-2018-13359HigNov 27, 2018
    risk 0.59cvss 8.8epss 0.20

    Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter.

  • CVE-2018-13358HigNov 27, 2018
    risk 0.59cvss 8.8epss 0.25

    System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter.

  • CVE-2018-13356HigNov 27, 2018
    risk 0.57cvss 8.8epss 0.02

    Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions.

  • CVE-2018-13353HigNov 27, 2018
    risk 0.58cvss 8.8epss 0.06

    System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter.

  • CVE-2018-13352HigNov 27, 2018
    risk 0.49cvss 7.5epss 0.02

    Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory.

  • CVE-2018-13332HigNov 27, 2018
    risk 0.49cvss 7.5epss 0.02

    Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the "path" URL parameter.

  • CVE-2018-13330HigNov 27, 2018
    risk 0.47cvss 7.2epss 0.08

    System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter.

  • CVE-2018-18982HigNov 27, 2018
    risk 0.65cvss 8.8epss 0.61

    NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution.

  • CVE-2018-16130HigNov 27, 2018
    risk 0.59cvss 8.8epss 0.24

    System command injection in request_mitv in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary system commands via the "payload" URL parameter.

  • CVE-2018-14893HigNov 27, 2018
    risk 0.57cvss 8.8epss 0.03

    A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API.

  • CVE-2018-14892HigNov 27, 2018
    risk 0.57cvss 8.8epss 0.01

    Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms.

  • CVE-2018-13023HigNov 27, 2018
    risk 0.59cvss 8.8epss 0.24

    System command injection vulnerability in wifi_access in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter.

  • CVE-2018-10142HigNov 27, 2018
    risk 0.49cvss 7.5epss 0.02

    The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system.

  • CVE-2018-6265HigNov 27, 2018
    risk 0.51cvss 7.8epss 0.00

    NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser.

  • CVE-2018-6263HigNov 27, 2018
    risk 0.51cvss 7.8epss 0.00

    NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges.

  • CVE-2018-6983HigNov 27, 2018
    risk 0.57cvss 8.8epss 0.00

    VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and Fusion (11.x before 11.0.2 and 10.x before 10.1.5) contain an integer overflow vulnerability in the virtual network devices. This issue may allow a guest to execute code on the host.

  • CVE-2018-5919HigNov 27, 2018
    risk 0.51cvss 7.8epss 0.00

    In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a use after free issue in WLAN host driver can lead to device reboot.

  • CVE-2018-5910HigNov 27, 2018
    risk 0.51cvss 7.8epss 0.00

    In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a memory corruption can occur in kernel due to improper check in callers count parameter in display handlers.

  • CVE-2018-5909HigNov 27, 2018
    risk 0.51cvss 7.8epss 0.00

    In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow occur may occur in display handlers due to lack of checking in buffer size before copying into it and will lead to memory corruption.

  • CVE-2018-5908HigNov 27, 2018
    risk 0.51cvss 7.8epss 0.00

    In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible buffer overflow in display function due to lack of buffer length validation before copying.

  • CVE-2018-5906HigNov 27, 2018
    risk 0.51cvss 7.8epss 0.00

    In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible buffer overflow in debugfs module due to lack of check in size of input before copying into buffer.

  • CVE-2018-5904HigNov 27, 2018
    risk 0.51cvss 7.8epss 0.00

    In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while list traversal in LPM status driver for clean up, use after free vulnerability may occur.

  • CVE-2018-5861HigNov 27, 2018
    risk 0.51cvss 7.8epss 0.00

    In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, existing checks in place on partition size are incomplete and can lead to heap overwrite vulnerabilities while loading a secure application from the boot loader.

  • CVE-2018-5856HigNov 27, 2018
    risk 0.51cvss 7.8epss 0.00

    In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, due to a race condition, a Use After Free condition can occur in Audio.

  • CVE-2018-11995HigNov 27, 2018
    risk 0.51cvss 7.8epss 0.00

    In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a partition name-check variable is not reset for every iteration which may cause improper termination in the META image.