VYPR

CVEs

101,972 total · page 1834 of 2,040

  • CVE-2014-4998HigJan 10, 2018
    risk 0.51cvss 7.8epss 0.01

    test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.

  • CVE-2014-4997HigJan 10, 2018
    risk 0.51cvss 7.8epss 0.01

    lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.

  • CVE-2014-4995HigJan 10, 2018
    risk 0.46cvss 7.0epss 0.00

    Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed.

  • CVE-2014-4993HigJan 10, 2018
    risk 0.51cvss 7.8epss 0.01

    (1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing the process.

  • CVE-2014-4992HigJan 10, 2018
    risk 0.51cvss 7.8epss 0.01

    lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process.

  • CVE-2014-4991HigJan 10, 2018
    risk 0.51cvss 7.8epss 0.01

    (1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.

  • CVE-2017-7536HigJan 10, 2018
    risk 0.39cvss 7.0epss 0.00

    In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By…

  • CVE-2017-12169HigJan 10, 2018
    risk 0.49cvss 7.5epss 0.02

    It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does…

  • CVE-2017-18026HigJan 10, 2018
    risk 0.00cvss 8.8epss 0.03

    Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name…

  • CVE-2017-9795HigJan 10, 2018
    risk 0.49cvss 7.5epss 0.04

    When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods…

  • CVE-2017-12622HigJan 10, 2018
    risk 0.46cvss 7.1epss 0.02

    When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges.

  • CVE-2018-0818HigJan 10, 2018
    risk 0.00cvss 7.5epss 0.04

    Microsoft ChakraCore allows an attacker to bypass Control Flow Guard (CFG) in conjunction with another vulnerability to run arbitrary code on a target system, due to how the Chakra scripting engine handles accessing memory, aka "Scripting Engine Security Feature Bypass".

  • CVE-2018-0812HigJan 10, 2018
    risk 0.53cvss 7.8epss 0.24

    Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Memory Corruption…

  • CVE-2018-0807HigJan 10, 2018
    risk 0.59cvss 8.8epss 0.24

    Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution…

  • CVE-2018-0806HigJan 10, 2018
    risk 0.59cvss 8.8epss 0.25

    Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution…

  • CVE-2018-0805HigJan 10, 2018
    risk 0.59cvss 8.8epss 0.24

    Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution…

  • CVE-2018-0804HigJan 10, 2018
    risk 0.59cvss 8.8epss 0.24

    Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution…

  • CVE-2018-0802HigKEVJan 10, 2018
    risk 0.70cvss 7.8epss 0.93

    Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique…

  • CVE-2018-0801HigJan 10, 2018
    risk 0.59cvss 8.8epss 0.24

    Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability".

  • CVE-2018-0798HigKEVJan 10, 2018
    risk 0.77cvss 8.8epss 0.95

    Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".

  • CVE-2018-0797HigJan 10, 2018
    risk 0.53cvss 7.8epss 0.25

    Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulnerability".

  • CVE-2018-0796HigJan 10, 2018
    risk 0.59cvss 8.8epss 0.23

    Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability".

  • CVE-2018-0795HigJan 10, 2018
    risk 0.59cvss 8.8epss 0.19

    Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability".

  • CVE-2018-0794HigJan 10, 2018
    risk 0.59cvss 8.8epss 0.20

    Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is…

  • CVE-2018-0793HigJan 10, 2018
    risk 0.52cvss 7.8epss 0.21

    Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0791.

  • CVE-2018-0792HigJan 10, 2018
    risk 0.59cvss 8.8epss 0.27

    Microsoft Word 2016 in Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0794.

  • CVE-2018-0791HigJan 10, 2018
    risk 0.52cvss 7.8epss 0.21

    Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from…

  • CVE-2018-0790HigJan 10, 2018
    risk 0.58cvss 8.8epss 0.05

    Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique…

  • CVE-2018-0789HigJan 10, 2018
    risk 0.58cvss 8.8epss 0.06

    Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique…

  • CVE-2018-0786HigJan 10, 2018
    risk 0.49cvss 7.5epss 0.04

    Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."

  • CVE-2018-0784HigJan 10, 2018
    risk 0.58cvss 8.8epss 0.07

    ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0808.

  • CVE-2018-0764HigJan 10, 2018
    risk 0.49cvss 7.5epss 0.09

    Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This…

  • CVE-2018-4871HigJan 9, 2018
    risk 0.49cvss 7.5epss 0.06

    An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data…

  • CVE-2017-9663HigJan 9, 2018
    risk 0.49cvss 7.5epss 0.01

    An Cleartext Storage of Sensitive Information issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow a remote attacker to access an encryption key that is stored in cleartext in memory.

  • CVE-2017-15131HigJan 9, 2018
    risk 0.51cvss 7.8epss 0.00

    It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.

  • CVE-2017-15124HigJan 9, 2018
    risk 0.49cvss 7.5epss 0.03

    VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing…

  • CVE-2017-12695HigJan 9, 2018
    risk 0.57cvss 8.8epss 0.02

    An Improper Authentication issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to subvert security mechanisms and reset a user account password.

  • CVE-2017-1671HigJan 9, 2018
    risk 0.49cvss 7.5epss 0.03

    IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 133638.

  • CVE-2017-1666HigJan 9, 2018
    risk 0.53cvss 8.1epss 0.02

    IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 133540.

  • CVE-2017-1612HigJan 9, 2018
    risk 0.51cvss 7.8epss 0.00

    IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID: 132953.

  • CVE-2018-5221HigJan 9, 2018
    risk 0.58cvss 8.8epss 0.04

    Multiple buffer overflows in BarCodeWiz BarCode before 6.7 ActiveX control (BarcodeWiz.DLL) allow remote attackers to execute arbitrary code via a long argument to the (1) BottomText or (2) TopText property.

  • CVE-2015-1290HigJan 9, 2018
    risk 0.57cvss 8.8epss 0.03

    The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.

  • CVE-2018-2363HigJan 9, 2018
    risk 0.57cvss 8.8epss 0.02

    SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially…

  • CVE-2018-2361HigJan 9, 2018
    risk 0.57cvss 8.8epss 0.01

    In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for configuring the BPO tools.

  • CVE-2018-2360HigJan 9, 2018
    risk 0.49cvss 7.5epss 0.03

    SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage.

  • CVE-2018-5308HigJan 9, 2018
    risk 0.51cvss 7.8epss 0.01

    PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.

  • CVE-2012-3353HigJan 9, 2018
    risk 0.49cvss 7.5epss 0.03

    The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR…

  • CVE-2015-2319HigJan 8, 2018
    risk 0.42cvss 7.5epss 0.03

    The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.

  • CVE-2015-2318HigJan 8, 2018
    risk 0.46cvss 8.1epss 0.02

    The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue.

  • CVE-2014-2071HigJan 8, 2018
    risk 0.46cvss 7.1epss 0.01

    Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner…