VYPR

CVEs

100,075 total · page 1672 of 2,002

  • CVE-2015-4630HigOct 18, 2018
    risk 0.55cvss 8.0epss 0.03

    Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack the authentication of administrators for requests that create a user via a…

  • CVE-2018-12386HigOct 18, 2018
    risk 0.54cvss 8.1epss 0.13

    A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox <…

  • CVE-2018-12385HigOct 18, 2018
    risk 0.46cvss 7.0epss 0.00

    A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local…

  • CVE-2018-12379HigOct 18, 2018
    risk 0.51cvss 7.8epss 0.00

    When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in…

  • CVE-2018-12375HigOct 18, 2018
    risk 0.57cvss 8.8epss 0.02

    Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62.

  • CVE-2018-12370HigOct 18, 2018
    risk 0.57cvss 8.8epss 0.01

    In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox < 61.

  • CVE-2018-12368HigOct 18, 2018
    risk 0.53cvss 8.1epss 0.05

    Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an…

  • CVE-2018-12364HigOct 18, 2018
    risk 0.57cvss 8.8epss 0.02

    NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability…

  • CVE-2018-12363HigOct 18, 2018
    risk 0.57cvss 8.8epss 0.03

    A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This…

  • CVE-2018-12362HigOct 18, 2018
    risk 0.58cvss 8.8epss 0.04

    An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9,…

  • CVE-2018-12361HigOct 18, 2018
    risk 0.57cvss 8.8epss 0.03

    An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird <…

  • CVE-2018-12360HigOct 18, 2018
    risk 0.57cvss 8.8epss 0.03

    A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1,…

  • CVE-2018-12359HigOct 18, 2018
    risk 0.58cvss 8.8epss 0.05

    A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects…

  • CVE-2016-9069HigOct 18, 2018
    risk 0.51cvss 7.8epss 0.01

    A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50.

  • CVE-2018-0443HigOct 17, 2018
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to…

  • CVE-2018-0442HigOct 17, 2018
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential…

  • CVE-2018-0441HigOct 17, 2018
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the 802.11r Fast Transition feature set of Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a corruption of certain timer…

  • CVE-2018-0417HigOct 17, 2018
    risk 0.51cvss 7.8epss 0.03

    A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. The vulnerability is due to incorrect…

  • CVE-2018-0378HigOct 17, 2018
    risk 0.56cvss 8.6epss 0.04

    A vulnerability in the Precision Time Protocol (PTP) feature of Cisco Nexus 5500, 5600, and 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is…

  • CVE-2018-0456HigOct 17, 2018
    risk 0.50cvss 7.7epss 0.03

    A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application of an affected device to restart unexpectedly. The vulnerability is due to improper…

  • CVE-2018-18445HigOct 17, 2018
    risk 0.00cvss 7.8epss 0.01

    In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts.

  • CVE-2018-18444HigOct 17, 2018
    risk 0.57cvss 8.8epss 0.03

    makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact.

  • CVE-2018-0395HigOct 17, 2018
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when the device unexpectedly reloads. The vulnerability is…

  • CVE-2018-15976HigOct 17, 2018
    risk 0.51cvss 7.8epss 0.05

    Adobe Technical Communications Suite versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.

  • CVE-2018-15974HigOct 17, 2018
    risk 0.51cvss 7.8epss 0.05

    Adobe Framemaker versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.

  • CVE-2018-12821HigOct 17, 2018
    risk 0.49cvss 7.5epss 0.04

    Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-12820HigOct 17, 2018
    risk 0.49cvss 7.5epss 0.04

    Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-12819HigOct 17, 2018
    risk 0.49cvss 7.5epss 0.04

    Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-12818HigOct 17, 2018
    risk 0.49cvss 7.5epss 0.04

    Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-12816HigOct 17, 2018
    risk 0.49cvss 7.5epss 0.04

    Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-16232HigOct 17, 2018
    risk 0.58cvss 8.8epss 0.08

    An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands.

  • CVE-2018-10823HigOct 17, 2018
    risk 0.66cvss 8.8epss 0.78

    An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the…

  • CVE-2018-10822HigOct 17, 2018
    risk 0.55cvss 7.5epss 0.39

    Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers…

  • CVE-2018-18436HigOct 17, 2018
    risk 0.57cvss 8.8epss 0.01

    JTBC(PHP) 3.0 allows CSRF for creating an account via the console/account/manage.php?type=action&action=add URI.

  • CVE-2018-18434HigOct 17, 2018
    risk 0.00cvss 7.5epss 0.02

    An issue was discovered in litemall 0.9.0. Arbitrary file download is possible via ../ directory traversal in linlinjava/litemall/wx/web/WxStorageController.java in the litemall-wx-api component.

  • CVE-2018-18432HigOct 17, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in DESTOON B2B 7.0. CSRF exists via the admin.php URI in an action=add request.

  • CVE-2018-18426HigOct 17, 2018
    risk 0.57cvss 8.8epss 0.02

    s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter.

  • CVE-2018-18422HigOct 17, 2018
    risk 0.57cvss 8.8epss 0.00

    UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/a_adminx.php?x=a URI.

  • CVE-2018-3955HigOct 17, 2018
    risk 0.47cvss 7.2epss 0.05

    An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). Specially crafted entries to network configuration information can cause execution of arbitrary…

  • CVE-2018-3954HigOct 17, 2018
    risk 0.47cvss 7.2epss 0.03

    Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAMData entered into the…

  • CVE-2018-3953HigOct 17, 2018
    risk 0.51cvss 7.2epss 0.13

    Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the…

  • CVE-2018-17911HigOct 17, 2018
    risk 0.51cvss 7.8epss 0.03

    LAquis SCADA Versions 4.1.0.3870 and prior has several stack-based buffer overflow vulnerabilities, which may allow remote code execution.

  • CVE-2018-17901HigOct 17, 2018
    risk 0.51cvss 7.8epss 0.02

    LAquis SCADA Versions 4.1.0.3870 and prior, when processing project files the application fails to sanitize user input prior to performing write operations on a stack object, which may allow an attacker to execute code under the current process.

  • CVE-2018-17899HigOct 17, 2018
    risk 0.58cvss 8.8epss 0.08

    LAquis SCADA Versions 4.1.0.3870 and prior has a path traversal vulnerability, which may allow remote code execution.

  • CVE-2018-3302HigOct 17, 2018
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP…

  • CVE-2018-3299HigOct 17, 2018
    risk 0.53cvss 8.2epss 0.02

    Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Text.…

  • CVE-2018-3298HigOct 17, 2018
    risk 0.56cvss 8.6epss 0.01

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM…

  • CVE-2018-3297HigOct 17, 2018
    risk 0.56cvss 8.6epss 0.01

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM…

  • CVE-2018-3296HigOct 17, 2018
    risk 0.56cvss 8.6epss 0.01

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM…

  • CVE-2018-3295HigOct 17, 2018
    risk 0.56cvss 8.6epss 0.02

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM…