VYPR

CVEs

100,075 total · page 1674 of 2,002

  • CVE-2018-3151HigOct 17, 2018
    risk 0.49cvss 7.5epss 0.03

    Vulnerability in the Oracle iProcurement component of Oracle E-Business Suite (subcomponent: E-Content Manager Catalog). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows…

  • CVE-2018-3149HigOct 17, 2018
    risk 0.55cvss 8.3epss 0.07

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows…

  • CVE-2018-3146HigOct 17, 2018
    risk 0.53cvss 8.2epss 0.02

    Vulnerability in the Oracle iLearning component of Oracle iLearning (subcomponent: Learner Administration). Supported versions that are affected are 6.1 and 6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle…

  • CVE-2018-3142HigOct 17, 2018
    risk 0.50cvss 7.7epss 0.02

    Vulnerability in the Hyperion Essbase Administration Services component of Oracle Hyperion (subcomponent: EAS Console). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise…

  • CVE-2018-3138HigOct 17, 2018
    risk 0.53cvss 8.2epss 0.02

    Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows…

  • CVE-2018-3128HigOct 17, 2018
    risk 0.53cvss 8.1epss 0.02

    Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.0. Easily exploitable vulnerability allows low privileged attacker having Report privilege with network access via HTTP…

  • CVE-2018-3115HigOct 17, 2018
    risk 0.50cvss 7.7epss 0.01

    Vulnerability in the Oracle Retail Sales Audit component of Oracle Retail Applications (subcomponent: Operational Insights). Supported versions that are affected are 15.0 and 16.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to…

  • CVE-2018-3011HigOct 17, 2018
    risk 0.53cvss 8.2epss 0.02

    Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated…

  • CVE-2018-2914HigOct 17, 2018
    risk 0.49cvss 7.5epss 0.04

    Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager). Supported versions that are affected are 12.1.2.1.0, 12.2.0.2.0 and 12.3.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to…

  • CVE-2018-2912HigOct 17, 2018
    risk 0.49cvss 7.5epss 0.04

    Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager). Supported versions that are affected are 12.1.2.1.0, 12.2.0.2.0 and 12.3.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to…

  • CVE-2018-2911HigOct 17, 2018
    risk 0.54cvss 8.3epss 0.02

    Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…

  • CVE-2018-2909HigOct 17, 2018
    risk 0.56cvss 8.6epss 0.01

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM…

  • CVE-2018-2889HigOct 17, 2018
    risk 0.49cvss 7.5epss 0.02

    Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Internal Operations). The supported version that is affected is 12.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS…

  • CVE-2018-14772HigOct 16, 2018
    risk 0.47cvss 7.2epss 0.07

    Pydio 4.2.1 through 8.2.1 has an authenticated remote code execution vulnerability in which an attacker with administrator access to the web application can execute arbitrary code on the underlying system via Command Injection.

  • CVE-2018-11025HigOct 16, 2018
    risk 0.49cvss 7.5epss 0.03

    kernel/omap/drivers/mfd/twl6030-gpadc.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/twl6030-gpadc with the command 24832 and cause a kernel crash.

  • CVE-2018-11024HigOct 16, 2018
    risk 0.49cvss 7.5epss 0.03

    kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 1077435789 and cause a kernel crash.

  • CVE-2018-11023HigOct 16, 2018
    risk 0.49cvss 7.5epss 0.03

    kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3222560159 and cause a kernel crash.

  • CVE-2018-11022HigOct 16, 2018
    risk 0.49cvss 7.5epss 0.03

    kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3224132973 and cause a kernel crash.

  • CVE-2018-11021HigOct 16, 2018
    risk 0.49cvss 7.5epss 0.03

    kernel/omap/drivers/video/omap2/dsscomp/device.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/dsscomp with the command 1118064517 and cause a kernel crash.

  • CVE-2018-11019HigOct 16, 2018
    risk 0.49cvss 7.5epss 0.03

    kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3221773726 and cause a kernel crash.

  • CVE-2018-6974HigOct 16, 2018
    risk 0.57cvss 8.8epss 0.00

    VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to…

  • CVE-2018-18385HigOct 16, 2018
    risk 0.49cvss 7.5epss 0.02

    Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service (infinite loop). The loop was caused by the fact that Parser.next_block was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular…

  • CVE-2018-13399HigOct 16, 2018
    risk 0.51cvss 7.8epss 0.00

    The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.

  • CVE-2018-18382HigOct 16, 2018
    risk 0.57cvss 8.8epss 0.03

    Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.

  • CVE-2018-18377HigOct 16, 2018
    risk 0.49cvss 7.5epss 0.01

    goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials.

  • CVE-2018-18376HigOct 16, 2018
    risk 0.49cvss 7.5epss 0.02

    goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter.

  • CVE-2018-17980HigOct 15, 2018
    risk 0.54cvss 7.8epss 0.05

    NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file, as demonstrated by a scenario where the .nxs file and the DLL are in the current working directory, and the Trojan…

  • CVE-2018-15539HigOct 15, 2018
    risk 0.57cvss 8.8epss 0.01

    Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc.

  • CVE-2018-17961HigOct 15, 2018
    risk 0.60cvss 8.6epss 0.10

    Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.

  • CVE-2018-15593HigOct 15, 2018
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or relay server password by leveraging an unspecified attack vector.

  • CVE-2018-15592HigOct 15, 2018
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can execute processes with elevated privileges via an unspecified attack vector.

  • CVE-2018-15591HigOct 15, 2018
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by leveraging multiple unspecified attack vectors.

  • CVE-2018-1747HigOct 15, 2018
    risk 0.46cvss 7.1epss 0.02

    IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID:…

  • CVE-2018-1744HigOct 15, 2018
    risk 0.50cvss 7.7epss 0.03

    IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID:…

  • CVE-2018-18323HigOct 15, 2018
    risk 0.57cvss 7.5epss 0.71

    CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?module=file_editor&file=/../ URI.

  • CVE-2018-18318HigOct 15, 2018
    risk 0.49cvss 7.5epss 0.01

    The /dev/block/mmcblk0rpmb driver kernel module on Qiku 360 Phone N6 Pro 1801-A01 devices allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted 0xc0d8b300 ioctl call.

  • CVE-2018-18317HigOct 15, 2018
    risk 0.57cvss 8.8epss 0.00

    DESHANG DSCMS 1.1 has CSRF via the public/index.php/admin/admin/add.html URI.

  • CVE-2018-18316HigOct 15, 2018
    risk 0.57cvss 8.8epss 0.01

    emlog v6.0.0 has CSRF via the admin/user.php?action=new URI.

  • CVE-2018-18315HigOct 15, 2018
    risk 0.49cvss 7.5epss 0.01

    com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because the copyMultipartFileToFile method in CdnUtils only checks for a ../ substring, and does not validate the file type and spaceName parameter.

  • CVE-2018-18289HigOct 14, 2018
    risk 0.49cvss 7.5epss 0.01

    The MESILAT Zabbix plugin before 1.1.15 for Atlassian Confluence allows attackers to read arbitrary files.

  • CVE-2018-18274HigOct 12, 2018
    risk 0.51cvss 7.8epss 0.01

    A issue was found in pdfalto 0.2. There is a heap-based buffer overflow in the TextPage::addAttributsNode function in XmlAltoOutputDev.cc.

  • CVE-2018-15966HigOct 12, 2018
    risk 0.51cvss 7.8epss 0.04

    Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation.

  • CVE-2018-15955HigOct 12, 2018
    risk 0.52cvss 7.8epss 0.19

    Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2018-15954HigOct 12, 2018
    risk 0.52cvss 7.8epss 0.19

    Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2018-15952HigOct 12, 2018
    risk 0.52cvss 7.8epss 0.15

    Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2018-15951HigOct 12, 2018
    risk 0.51cvss 7.8epss 0.04

    Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2018-15945HigOct 12, 2018
    risk 0.51cvss 7.8epss 0.06

    Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2018-15944HigOct 12, 2018
    risk 0.51cvss 7.8epss 0.06

    Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2018-15941HigOct 12, 2018
    risk 0.51cvss 7.8epss 0.06

    Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2018-15940HigOct 12, 2018
    risk 0.51cvss 7.8epss 0.06

    Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.