VYPR

CVEs

101,972 total · page 1829 of 2,040

  • CVE-2017-7325HigJan 19, 2018
    risk 0.49cvss 7.5epss 0.01

    Yandex Browser before 16.9.0 allows remote attackers to spoof the address bar via window.open.

  • CVE-2015-6926HigJan 19, 2018
    risk 0.49cvss 7.5epss 0.01

    The OpenID Single Sign-On authentication functionality in OXID eShop before 4.5.0 allows remote attackers to impersonate users via the email address in a crafted authentication token.

  • CVE-2016-10707HigJan 18, 2018
    risk 0.42cvss 7.5epss 0.03

    jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.

  • CVE-2017-3158HigJan 18, 2018
    risk 0.53cvss 8.1epss 0.01

    A race condition in Guacamole's terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being…

  • CVE-2017-5170HigJan 18, 2018
    risk 0.47cvss 7.2epss 0.01

    An Uncontrolled Search Path Element issue was discovered in Moxa SoftNVR-IA Live Viewer, Version 3.30.3122 and prior versions. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a…

  • CVE-2018-5766HigJan 18, 2018
    risk 0.57cvss 8.8epss 0.02

    In Libav through 12.2, there is an invalid memcpy in the av_packet_ref function of libavcodec/avpacket.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted avi file.

  • CVE-2018-0110HigJan 18, 2018
    risk 0.53cvss 8.1epss 0.01

    A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access the remote support account even after it has been disabled via the web application. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server, which would not…

  • CVE-2018-0107HigJan 18, 2018
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit…

  • CVE-2018-0102HigJan 18, 2018
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software attempts to free the same…

  • CVE-2018-0099HigJan 18, 2018
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the web management GUI of the Cisco D9800 Network Transport Receiver could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of GUI command arguments. An attacker could…

  • CVE-2018-0095HigJan 18, 2018
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the administrative shell of Cisco AsyncOS on Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) could allow an authenticated, local attacker to escalate their privilege level and gain root access. The attacker has to have a…

  • CVE-2018-0094HigJan 18, 2018
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high CPU utilization on the targeted device. The vulnerability is due to insufficient rate…

  • CVE-2018-0092HigJan 18, 2018
    risk 0.46cvss 7.1epss 0.00

    A vulnerability in the network-operator user role implementation for Cisco NX-OS System Software could allow an authenticated, local attacker to improperly delete valid user accounts. The network-operator role should not be able to delete other configured users on the device.…

  • CVE-2018-0090HigJan 18, 2018
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in management interface access control list (ACL) configuration of Cisco NX-OS System Software could allow an unauthenticated, remote attacker to bypass configured ACLs on the management interface. This could allow traffic to be forwarded to the NX-OS CPU for…

  • CVE-2018-0089HigJan 18, 2018
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The attacker would…

  • CVE-2018-0086HigJan 18, 2018
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to malformed SIP INVITE traffic received on…

  • CVE-2018-2733HigJan 18, 2018
    risk 0.50cvss 7.6epss 0.01

    Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion (subcomponent: Security). The supported version that is affected is 11.1.2.4.007. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle…

  • CVE-2018-2729HigJan 18, 2018
    risk 0.53cvss 8.1epss 0.02

    Vulnerability in the Oracle Financial Services Funds Transfer Pricing component of Oracle Financial Services Applications (subcomponent: User Interface). Supported versions that are affected are 6.1.x and 8.0.x. Easily exploitable vulnerability allows low privileged attacker…

  • CVE-2018-2727HigJan 18, 2018
    risk 0.53cvss 8.1epss 0.01

    Vulnerability in the Oracle Financial Services Market Risk Measurement and Management component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows low privileged…

  • CVE-2018-2726HigJan 18, 2018
    risk 0.53cvss 8.1epss 0.01

    Vulnerability in the Oracle Financial Services Market Risk component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via…

  • CVE-2018-2725HigJan 18, 2018
    risk 0.53cvss 8.1epss 0.02

    Vulnerability in the Oracle Financial Services Hedge Management and IFRS Valuations component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows low privileged…

  • CVE-2018-2724HigJan 18, 2018
    risk 0.53cvss 8.1epss 0.01

    Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows low privileged…

  • CVE-2018-2723HigJan 18, 2018
    risk 0.53cvss 8.1epss 0.02

    Vulnerability in the Oracle Financial Services Asset Liability Management component of Oracle Financial Services Applications (subcomponent: User Interface). Supported versions that are affected are 6.1.x and 8.0.x. Easily exploitable vulnerability allows low privileged attacker…

  • CVE-2018-2721HigJan 18, 2018
    risk 0.53cvss 8.1epss 0.02

    Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows low privileged attacker with…

  • CVE-2018-2720HigJan 18, 2018
    risk 0.53cvss 8.1epss 0.02

    Vulnerability in the Oracle Financial Services Liquidity Risk Management component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows low privileged attacker with…

  • CVE-2018-2713HigJan 18, 2018
    risk 0.53cvss 8.2epss 0.02

    Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: WebCenter Spaces Application). Supported versions that are affected are 11.1.1.9.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with…

  • CVE-2018-2711HigJan 18, 2018
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Security Framework). Supported versions that are affected are 11.1.1.2.4, 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated…

  • CVE-2018-2710HigJan 18, 2018
    risk 0.49cvss 7.5epss 0.02

    Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 10. Easily exploitable vulnerability allows unauthenticated attacker with network access via ICMP to compromise Solaris. Successful…

  • CVE-2018-2707HigJan 18, 2018
    risk 0.53cvss 8.1epss 0.02

    Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access…

  • CVE-2018-2706HigJan 18, 2018
    risk 0.57cvss 8.8epss 0.02

    Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access…

  • CVE-2018-2705HigJan 18, 2018
    risk 0.57cvss 8.8epss 0.02

    Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via…

  • CVE-2018-2704HigJan 18, 2018
    risk 0.53cvss 8.1epss 0.02

    Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via…

  • CVE-2018-2701HigJan 18, 2018
    risk 0.49cvss 7.6epss 0.01

    Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System). The supported version that is affected is 9.0.4.0. Easily exploitable vulnerability allows low privileged attacker with network…

  • CVE-2018-2700HigJan 18, 2018
    risk 0.49cvss 7.5epss 0.02

    Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System). The supported version that is affected is 9.0.4.0. Easily exploitable vulnerability allows unauthenticated attacker with…

  • CVE-2018-2698HigJan 18, 2018
    risk 0.60cvss 8.8epss 0.02

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where…

  • CVE-2018-2696HigJan 18, 2018
    risk 0.49cvss 7.5epss 0.05

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2018-2694HigJan 18, 2018
    risk 0.57cvss 8.8epss 0.00

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where…

  • CVE-2018-2693HigJan 18, 2018
    risk 0.53cvss 8.2epss 0.00

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Guest Additions). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the…

  • CVE-2018-2690HigJan 18, 2018
    risk 0.56cvss 8.6epss 0.01

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where…

  • CVE-2018-2689HigJan 18, 2018
    risk 0.56cvss 8.6epss 0.01

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where…

  • CVE-2018-2688HigJan 18, 2018
    risk 0.56cvss 8.6epss 0.01

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where…

  • CVE-2018-2687HigJan 18, 2018
    risk 0.56cvss 8.6epss 0.01

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where…

  • CVE-2018-2686HigJan 18, 2018
    risk 0.56cvss 8.6epss 0.01

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where…

  • CVE-2018-2685HigJan 18, 2018
    risk 0.56cvss 8.6epss 0.01

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where…

  • CVE-2018-2683HigJan 18, 2018
    risk 0.49cvss 7.5epss 0.01

    Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: POS). Supported versions that are affected are 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to…

  • CVE-2018-2680HigJan 18, 2018
    risk 0.54cvss 8.3epss 0.02

    Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM.…

  • CVE-2018-2679HigJan 18, 2018
    risk 0.53cvss 8.1epss 0.02

    Vulnerability in the Oracle Financial Services Profitability Management component of Oracle Financial Services Applications (subcomponent: User Interface). Supported versions that are affected are 6.1.x and 8.0.x. Easily exploitable vulnerability allows low privileged attacker…

  • CVE-2018-2676HigJan 18, 2018
    risk 0.53cvss 8.2epss 0.00

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where…

  • CVE-2018-2672HigJan 18, 2018
    risk 0.49cvss 7.5epss 0.02

    Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: POS). Supported versions that are affected are 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to…

  • CVE-2018-2666HigJan 18, 2018
    risk 0.53cvss 8.1epss 0.01

    Vulnerability in the Oracle Hospitality Labor Management component of Oracle Hospitality Applications (subcomponent: Webservice Endpoint). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network…