VYPR

CVEs

101,972 total · page 1831 of 2,040

  • CVE-2017-16550HigJan 16, 2018
    risk 0.51cvss 7.8epss 0.00

    K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.

  • CVE-2017-16549HigJan 16, 2018
    risk 0.51cvss 7.8epss 0.00

    K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls.

  • CVE-2017-11072HigJan 16, 2018
    risk 0.51cvss 7.8epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while calculating CRC for GPT header fields with partition entries greater than 16384 buffer overflow occurs.

  • CVE-2018-5706HigJan 16, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission.

  • CVE-2018-5709HigJan 16, 2018
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this…

  • CVE-2018-5329HigJan 15, 2018
    risk 0.57cvss 8.8epss 0.01

    ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) on /CWEBNET/* authenticated pages. A successful CSRF attack can force the user to modify state: creating users, changing an email address, and so forth. If the victim is an administrative…

  • CVE-2018-5702HigJan 15, 2018
    risk 0.04cvss 8.8epss 0.12

    Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in…

  • CVE-2018-5700HigJan 14, 2018
    risk 0.57cvss 8.8epss 0.03

    Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copy_folder_file call (in inc/class.ftpfolder.php) to move a .php file from the FTP folder into a web folder.

  • CVE-2017-15126HigJan 14, 2018
    risk 0.00cvss 8.1epss 0.04

    A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already…

  • CVE-2018-5698HigJan 14, 2018
    risk 0.51cvss 7.8epss 0.01

    libreadstat.a in WizardMac ReadStat 0.1.1 has a heap-based buffer over-read via an unterminated string.

  • CVE-2018-5697HigJan 14, 2018
    risk 0.47cvss 7.2epss 0.01

    Icy Phoenix 2.2.0.105 allows SQL injection via an unapprove request to admin_kb_art.php or the order parameter to admin_jr_admin.php, related to functions_kb.php.

  • CVE-2018-5695HigJan 14, 2018
    risk 0.47cvss 7.2epss 0.01

    The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the order or sort parameter to the wpjb-job or wpjb-alerts module, with a request to wp-admin/admin.php.

  • CVE-2018-5694HigJan 14, 2018
    risk 0.57cvss 8.8epss 0.02

    The callforward module in User Control Panel (UCP) in Nicolas Gudino (aka Asternic) Flash Operator Panel (FOP) 2.31.03 allows remote authenticated users to execute arbitrary commands via the command parameter.

  • CVE-2018-5684HigJan 14, 2018
    risk 0.57cvss 8.8epss 0.01

    In Libav through 12.2, there is an invalid memcpy call in the ff_mov_read_stsd_entries function of libavformat/mov.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) and program failure with a crafted avi file.

  • CVE-2018-5360HigJan 14, 2018
    risk 0.57cvss 8.8epss 0.02

    LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.

  • CVE-2018-5673HigJan 13, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin/admin.php.

  • CVE-2018-5669HigJan 13, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in the read-and-understood plugin 2.1 for WordPress. CSRF exists via wp-admin/options-general.php.

  • CVE-2018-5658HigJan 13, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. CSRF exists via wp-admin/admin.php.

  • CVE-2018-5656HigJan 13, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. CSRF exists via wp-admin/admin-ajax.php.

  • CVE-2017-13226HigJan 12, 2018
    risk 0.51cvss 7.8epss 0.00

    An elevation of privilege vulnerability in the MediaTek mtk. Product: Android. Versions: Android kernel. Android ID: A-32591194. References: M-ALPS03149184.

  • CVE-2017-13225HigJan 12, 2018
    risk 0.51cvss 7.8epss 0.01

    In libMtkOmxVdec.so there is a possible heap buffer overflow. This could lead to a remote elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…

  • CVE-2017-13222HigJan 12, 2018
    risk 0.49cvss 7.5epss 0.01

    An information disclosure vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-38159576.

  • CVE-2017-13221HigJan 12, 2018
    risk 0.51cvss 7.8epss 0.00

    An elevation of privilege vulnerability in the Upstream kernel wifi driver. Product: Android. Versions: Android kernel. Android ID: A-64709938.

  • CVE-2017-13220HigJan 12, 2018
    risk 0.00cvss 7.8epss 0.00

    An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053.

  • CVE-2017-13219HigJan 12, 2018
    risk 0.49cvss 7.5epss 0.01

    A denial of service vulnerability in the Upstream kernel synaptics touchscreen controller. Product: Android. Versions: Android kernel. Android ID: A-62800865.

  • CVE-2017-13217HigJan 12, 2018
    risk 0.51cvss 7.8epss 0.00

    In DisplayFtmItem in the bootloader, there is an out-of-bounds write due to reading a string without verifying that it's null-terminated. This could lead to a secure boot bypass and a local elevation of privilege enabling code execution as a privileged process with no additional…

  • CVE-2017-13216HigJan 12, 2018
    risk 0.54cvss 7.8epss 0.01

    In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not…

  • CVE-2017-13215HigJan 12, 2018
    risk 0.51cvss 7.8epss 0.00

    A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel.

  • CVE-2017-13214HigJan 12, 2018
    risk 0.49cvss 7.5epss 0.02

    In the hardware HEVC decoder, some media files could cause a page fault. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:…

  • CVE-2017-13213HigJan 12, 2018
    risk 0.51cvss 7.8epss 0.00

    An elevation of privilege vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-63374465. References: B-V2017081501.

  • CVE-2017-13212HigJan 12, 2018
    risk 0.51cvss 7.8epss 0.00

    An elevation of privilege vulnerability in the Android system (systemui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187985.

  • CVE-2017-13211HigJan 12, 2018
    risk 0.49cvss 7.5epss 0.02

    In bta_scan_results_cb_impl of btif_ble_scanner.cc, there is possible resource exhaustion if a large number of repeated BLE scan results are received. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User…

  • CVE-2017-13210HigJan 12, 2018
    risk 0.51cvss 7.8epss 0.00

    In CameraDeviceClient::submitRequestList of CameraDeviceClient.cpp, there is an out-of-bounds write if metadataSize is too small. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed.…

  • CVE-2017-13209HigJan 12, 2018
    risk 0.54cvss 7.8epss 0.01

    In the ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller which could allow an application or service to replace a HAL service with its own service. This could lead to a local elevation of privilege…

  • CVE-2017-13207HigJan 12, 2018
    risk 0.49cvss 7.5epss 0.01

    An information disclosure vulnerability in the Android media framework (stagefright mpeg4writer). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37564426.

  • CVE-2017-13206HigJan 12, 2018
    risk 0.49cvss 7.5epss 0.01

    An information disclosure vulnerability in the Android media framework (aacdec). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65025048.

  • CVE-2017-13202HigJan 12, 2018
    risk 0.49cvss 7.5epss 0.01

    An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67647856.

  • CVE-2017-13201HigJan 12, 2018
    risk 0.49cvss 7.5epss 0.01

    An information disclosure vulnerability in the Android media framework (mediadrm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63982768.

  • CVE-2017-13200HigJan 12, 2018
    risk 0.49cvss 7.5epss 0.00

    An information disclosure vulnerability in the Android media framework (av) related to id3 unsynchronization. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63100526.

  • CVE-2017-13199HigJan 12, 2018
    risk 0.49cvss 7.5epss 0.02

    In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception is not thrown leading to a java.io.IOException later on. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not…

  • CVE-2017-13198HigJan 12, 2018
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the Android media framework (ex) related to composition of frames lacking a color map. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399117.

  • CVE-2017-13197HigJan 12, 2018
    risk 0.49cvss 7.5epss 0.02

    In the ihevcd_parse_slice.c function, slave threads are not joined if there is an error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.…

  • CVE-2017-13196HigJan 12, 2018
    risk 0.49cvss 7.5epss 0.02

    In several places in ihevcd_decode.c, a dead loop could occur due to incomplete frames which could lead to memory leaks. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2017-13195HigJan 12, 2018
    risk 0.49cvss 7.5epss 0.02

    In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several parameter values could be negative which could lead to negative indexes which could lead to an infinite loop. This could lead to a remote denial of service of a critical system process with no additional…

  • CVE-2017-13194HigJan 12, 2018
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201.

  • CVE-2017-13193HigJan 12, 2018
    risk 0.49cvss 7.5epss 0.02

    In ihevcd_decode.c there is a possible infinite loop due to bytes for an sps of unsupported resolution resulting in the same sps being fed in over and over. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed.…

  • CVE-2017-13192HigJan 12, 2018
    risk 0.49cvss 7.5epss 0.02

    In the ihevcd_parse_slice_header function of ihevcd_parse_slice_header.c a slice address of zero after the first slice could result in an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed.…

  • CVE-2017-13191HigJan 12, 2018
    risk 0.49cvss 7.5epss 0.02

    In the ihevcd_decode function of ihevcd_decode.c, there is an infinite loop due to an incomplete frame error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2017-13190HigJan 12, 2018
    risk 0.49cvss 7.5epss 0.00

    A vulnerability in the Android media framework (libhevc) related to handling ps_codec_obj memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68299873.

  • CVE-2017-13189HigJan 12, 2018
    risk 0.49cvss 7.5epss 0.00

    A vulnerability in the Android media framework (libavc) related to handling dec_hdl memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68300072.