VYPR

CVEs

101,972 total · page 1835 of 2,040

  • CVE-2013-4364HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    (1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp.

  • CVE-2018-5283HigJan 8, 2018
    risk 0.49cvss 7.5epss 0.02

    The Photos in Wifi application 1.0.1 for iOS has directory traversal via the ext parameter to assets-library://asset/asset.php.

  • CVE-2018-5282HigJan 8, 2018
    risk 0.54cvss 7.8epss 0.02

    Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. NOTE: the vendor disputes this issue because neither a buffer overflow nor a crash can be reproduced; also, reading XML…

  • CVE-2018-5259HigJan 8, 2018
    risk 0.57cvss 8.8epss 0.02

    Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter.

  • CVE-2018-5298HigJan 8, 2018
    risk 0.49cvss 7.5epss 0.00

    In the Procter & Gamble "Oral-B App" (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES encryption with static parameters is used to secure the locally stored shared preferences. An attacker can gain access to locally stored user data more easily by leveraging access…

  • CVE-2018-5291HigJan 8, 2018
    risk 0.49cvss 7.5epss 0.04

    The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-tools page.

  • CVE-2018-5290HigJan 8, 2018
    risk 0.49cvss 7.5epss 0.04

    The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page.

  • CVE-2018-5289HigJan 8, 2018
    risk 0.49cvss 7.5epss 0.04

    The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-information page.

  • CVE-2018-5287HigJan 8, 2018
    risk 0.49cvss 7.5epss 0.04

    The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page.

  • CVE-2018-5285HigJan 8, 2018
    risk 0.57cvss 8.8epss 0.01

    The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php.

  • CVE-2018-5279HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e02c. NOTE: the vendor reported that they "have not been able…

  • CVE-2018-5277HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e000. NOTE: the vendor reported that they "have not been able…

  • CVE-2018-5276HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e018. NOTE: the vendor reported that they "have not been able…

  • CVE-2018-5275HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E020. NOTE: the vendor reported that they "have not been able…

  • CVE-2018-5274HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E024. NOTE: the vendor reported that they "have not been able…

  • CVE-2018-5273HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e014. NOTE: the vendor reported that they "have not been able…

  • CVE-2018-5272HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e004. NOTE: the vendor reported that they "have not been able…

  • CVE-2018-5271HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e008. NOTE: the vendor reported that they "have not been able…

  • CVE-2018-5270HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e010. NOTE: the vendor reported that they "have not been able…

  • CVE-2018-5266HigJan 8, 2018
    risk 0.49cvss 7.5epss 0.02

    Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the js/userLogin.js URI. NOTE: default passwords for the standard usernames are listed in the product's…

  • CVE-2017-15913HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.01

    The Installer in Whale allows DLL hijacking.

  • CVE-2014-10069HigJan 7, 2018
    risk 0.49cvss 7.5epss 0.04

    Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a backup configuration file, as demonstrated by a password hash in the…

  • CVE-2018-5207HigJan 6, 2018
    risk 0.49cvss 7.5epss 0.02

    When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string.

  • CVE-2018-5205HigJan 6, 2018
    risk 0.49cvss 7.5epss 0.02

    When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string.

  • CVE-2018-5253HigJan 5, 2018
    risk 0.51cvss 7.8epss 0.01

    The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted MP4 file that triggers size mishandling.

  • CVE-2018-5248HigJan 5, 2018
    risk 0.57cvss 8.8epss 0.04

    In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function.

  • CVE-2017-15550HigJan 5, 2018
    risk 0.58cvss 8.8epss 0.08

    An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on…

  • CVE-2017-15549HigJan 5, 2018
    risk 0.58cvss 8.8epss 0.06

    An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary…

  • CVE-2017-16666HigJan 5, 2018
    risk 0.67cvss 8.8epss 0.80

    Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. NOTE: this issue can be exploited without authentication by leveraging the user registration feature.

  • CVE-2014-8335HigJan 5, 2018
    risk 0.44cvss 7.8epss 0.01

    (1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.

  • CVE-2017-4948HigJan 5, 2018
    risk 0.46cvss 7.1epss 0.00

    VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a…

  • CVE-2017-4946HigJan 5, 2018
    risk 0.51cvss 7.8epss 0.01

    The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM.

  • CVE-2017-16905HigJan 5, 2018
    risk 0.53cvss 8.1epss 0.03

    The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack.

  • CVE-2017-16753HigJan 5, 2018
    risk 0.49cvss 7.5epss 0.02

    An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash.

  • CVE-2017-16728HigJan 5, 2018
    risk 0.49cvss 7.5epss 0.02

    An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash.

  • CVE-2018-5220HigJan 4, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002610.

  • CVE-2018-5219HigJan 4, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002168.

  • CVE-2018-5218HigJan 4, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x950025b0.

  • CVE-2018-5217HigJan 4, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002578.

  • CVE-2017-17867HigJan 4, 2018
    risk 0.61cvss 8.8epss 0.11

    Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed…

  • CVE-2017-1672HigJan 4, 2018
    risk 0.57cvss 8.8epss 0.01

    IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133639.

  • CVE-2017-14960HigJan 4, 2018
    risk 0.52cvss 7.5epss 0.04

    xDashboard in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 has SQL Injection.

  • CVE-2018-0788HigJan 4, 2018
    risk 0.46cvss 7.0epss 0.01

    The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 and R2 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "OpenType Font…

  • CVE-2018-0781HigJan 4, 2018
    risk 0.50cvss 7.5epss 0.11

    Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".…

  • CVE-2018-0778HigJan 4, 2018
    risk 0.49cvss 7.5epss 0.09

    Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758,…

  • CVE-2018-0777HigJan 4, 2018
    risk 0.58cvss 7.5epss 0.78

    Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".…

  • CVE-2018-0776HigJan 4, 2018
    risk 0.58cvss 7.5epss 0.78

    Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".…

  • CVE-2018-0775HigJan 4, 2018
    risk 0.57cvss 7.5epss 0.68

    Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758,…

  • CVE-2018-0774HigJan 4, 2018
    risk 0.57cvss 7.5epss 0.68

    Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758,…

  • CVE-2018-0773HigJan 4, 2018
    risk 0.49cvss 7.5epss 0.09

    Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758,…