VYPR

CVEs

100,075 total · page 1663 of 2,002

  • CVE-2018-19274HigNov 17, 2018
    risk 0.47cvss 7.2epss 0.05

    Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions.

  • CVE-2018-15769HigNov 16, 2018
    risk 0.49cvss 7.5epss 0.03

    RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very…

  • CVE-2018-18955HigNov 16, 2018
    risk 0.04cvss 7.0epss 0.08

    In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass…

  • CVE-2018-19318HigNov 16, 2018
    risk 0.57cvss 8.8epss 0.00

    SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account.

  • CVE-2018-19312HigNov 16, 2018
    risk 0.00cvss 8.8epss 0.02

    Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI.

  • CVE-2018-18799HigNov 16, 2018
    risk 0.60cvss 8.8epss 0.02

    School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos.

  • CVE-2018-18797HigNov 16, 2018
    risk 0.60cvss 8.8epss 0.02

    School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php.

  • CVE-2018-18794HigNov 16, 2018
    risk 0.60cvss 8.8epss 0.02

    School Event Management System 1.0 allows CSRF via user/controller.php?action=edit.

  • CVE-2018-18759HigNov 16, 2018
    risk 0.52cvss 7.5epss 0.09

    Modbus Slave 7.0.0 in modbus tools has a Buffer Overflow.

  • CVE-2018-18756HigNov 16, 2018
    risk 0.49cvss 7.5epss 0.02

    Local Server 1.0.9 has a Buffer Overflow via crafted data on Port 4008.

  • CVE-2018-16396HigNov 16, 2018
    risk 0.53cvss 8.1epss 0.08

    An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.

  • CVE-2018-7362HigNov 16, 2018
    risk 0.49cvss 7.5epss 0.01

    All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper access control vulnerability, which may allows an unauthorized user to perform unauthorized operations on the router.

  • CVE-2018-9086HigNov 16, 2018
    risk 0.47cvss 7.2epss 0.02

    In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users.

  • CVE-2018-19296HigNov 16, 2018
    risk 0.57cvss 8.8epss 0.02

    PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.

  • CVE-2018-16621HigNov 15, 2018
    risk 0.47cvss 7.2epss 0.02

    Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.

  • CVE-2018-16620HigNov 15, 2018
    risk 0.49cvss 7.5epss 0.01

    Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control.

  • CVE-2018-16162HigNov 15, 2018
    risk 0.57cvss 8.8epss 0.01

    OpenDolphin 2.7.0 and earlier allows authenticated attackers to obtain other users credentials such as a user ID and/or its password via unspecified vectors.

  • CVE-2018-16161HigNov 15, 2018
    risk 0.57cvss 8.8epss 0.01

    OpenDolphin 2.7.0 and earlier allows authenticated users to gain administrative privileges and perform unintended operations.

  • CVE-2018-16160HigNov 15, 2018
    risk 0.51cvss 7.8epss 0.00

    SecureCore Standard Edition Version 2.x allows an attacker to bypass the product 's authentication to log in to a Windows PC.

  • CVE-2018-12543HigNov 15, 2018
    risk 0.52cvss 7.5epss 0.36

    In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. $test/test, then an assert is triggered that should otherwise not be reachable and Mosquitto will exit.

  • CVE-2018-0701HigNov 15, 2018
    risk 0.57cvss 8.8epss 0.01

    BlueStacks App Player (BlueStacks App Player for Windows 3.0.0 to 4.31.55, BlueStacks App Player for macOS 2.0.0 and later) allows an attacker on the same network segment to bypass access restriction to gain unauthorized access.

  • CVE-2018-0700HigNov 15, 2018
    risk 0.49cvss 7.5epss 0.01

    YukiWiki 2.1.3 and earlier does not process a particular request properly that may allow consumption of large amounts of CPU and memory resources and may result in causing a denial of service condition.

  • CVE-2018-0693HigNov 15, 2018
    risk 0.49cvss 7.5epss 0.02

    Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows remote attackers to upload an arbitrary file in the specific directory in FileZen via unspecified vectors.

  • CVE-2018-0692HigNov 15, 2018
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2018-0690HigNov 15, 2018
    risk 0.49cvss 7.5epss 0.02

    An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files.

  • CVE-2018-0686HigNov 15, 2018
    risk 0.57cvss 8.8epss 0.01

    Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote authenticated attackers to upload and execute any executable files via unspecified vectors.

  • CVE-2018-0685HigNov 15, 2018
    risk 0.57cvss 8.8epss 0.01

    SQL injection vulnerability in the Denbun POP version V3.3P R4.0 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via HTTP requests for mail search.

  • CVE-2018-0673HigNov 15, 2018
    risk 0.53cvss 8.1epss 0.01

    Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors.

  • CVE-2018-19278HigNov 14, 2018
    risk 0.49cvss 7.5epss 0.04

    Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually…

  • CVE-2018-9545HigNov 14, 2018
    risk 0.51cvss 7.8epss 0.00

    In BTA_HdRegisterApp of bta_hd_api.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.…

  • CVE-2018-9542HigNov 14, 2018
    risk 0.49cvss 7.5epss 0.01

    In avrc_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.…

  • CVE-2018-9541HigNov 14, 2018
    risk 0.49cvss 7.5epss 0.01

    In avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2018-9540HigNov 14, 2018
    risk 0.49cvss 7.5epss 0.01

    In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.…

  • CVE-2018-9539HigNov 14, 2018
    risk 0.46cvss 7.0epss 0.00

    In the ClearKey CAS descrambler, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0…

  • CVE-2018-9537HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.02

    In CAacDecoder_DecodeFrame of aacdecode.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product:…

  • CVE-2018-9536HigNov 14, 2018
    risk 0.51cvss 7.8epss 0.01

    In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9.…

  • CVE-2018-9535HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.01

    In ixheaacd_reset_acelp_data_fix of ixheaacd_lpc.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…

  • CVE-2018-9534HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.01

    In ixheaacd_mps_getstridemap of ixheaacd_mps_parse.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…

  • CVE-2018-9533HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.01

    In ixheaacd_dec_data_init of ixheaacd_create.c there is a possible out of write read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:…

  • CVE-2018-9532HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.01

    In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…

  • CVE-2018-9531HigNov 14, 2018
    risk 0.51cvss 7.8epss 0.01

    In AudioSpecificConfig_Parse of tpdec_asc.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:…

  • CVE-2018-9530HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.01

    In ixheaacd_tns_ar_filter_dec of ixheaacd_aac_tns.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…

  • CVE-2018-9529HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.01

    In ixheaacd_individual_ch_stream of ixheaacd_channel.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…

  • CVE-2018-9528HigNov 14, 2018
    risk 0.57cvss 8.8epss 0.01

    In ixheaacd_over_lap_add1_armv8 of ixheaacd_overlap_add1.s there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product:…

  • CVE-2018-9527HigNov 14, 2018
    risk 0.51cvss 7.8epss 0.01

    In vorbis_book_decodev_set of codebook.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:…

  • CVE-2018-9526HigNov 14, 2018
    risk 0.49cvss 7.5epss 0.01

    In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112159033

  • CVE-2018-9525HigNov 14, 2018
    risk 0.51cvss 7.8epss 0.00

    In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFI_CHANGED, there is a possible permissions bypass due to a confused deputy. This could lead to local escalation of privilege, allowing a local attacker to change…

  • CVE-2018-9524HigNov 14, 2018
    risk 0.51cvss 7.8epss 0.00

    In functionality implemented in System UI, there are insufficient protections implemented around overlay windows. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…

  • CVE-2018-9523HigNov 14, 2018
    risk 0.51cvss 7.8epss 0.00

    In Parcel.writeMapInternal of Parcel.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2018-9522HigNov 14, 2018
    risk 0.51cvss 7.8epss 0.00

    In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused. This could lead to local escalation of privilege in the system process with no additional execution privileges needed. User…