VYPR

CVEs

101,972 total · page 1836 of 2,040

  • CVE-2018-0772HigJan 4, 2018
    risk 0.50cvss 7.5epss 0.12

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute…

  • CVE-2018-0770HigJan 4, 2018
    risk 0.58cvss 7.5epss 0.78

    Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".…

  • CVE-2018-0769HigJan 4, 2018
    risk 0.58cvss 7.5epss 0.79

    Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".…

  • CVE-2018-0768HigJan 4, 2018
    risk 0.49cvss 7.5epss 0.09

    Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758,…

  • CVE-2018-0762HigJan 4, 2018
    risk 0.50cvss 7.5epss 0.12

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute…

  • CVE-2018-0758HigJan 4, 2018
    risk 0.58cvss 7.5epss 0.81

    Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".…

  • CVE-2018-0752HigJan 4, 2018
    risk 0.54cvss 7.8epss 0.03

    The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka…

  • CVE-2018-0751HigJan 4, 2018
    risk 0.49cvss 7.1epss 0.03

    The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka…

  • CVE-2018-0749HigJan 4, 2018
    risk 0.54cvss 7.8epss 0.03

    The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of…

  • CVE-2018-0748HigJan 4, 2018
    risk 0.54cvss 7.8epss 0.03

    The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the…

  • CVE-2018-0744HigJan 4, 2018
    risk 0.50cvss 7.0epss 0.15

    The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows…

  • CVE-2018-0743HigJan 4, 2018
    risk 0.49cvss 7.0epss 0.03

    Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 version 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability".

  • CVE-2018-5210HigJan 4, 2018
    risk 0.53cvss 8.1epss 0.02

    On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet stack overflow attack for arbitrary TEE code execution, in conjunction with a brute-force attack to discover unlock information (PIN, password, or pattern). The Samsung ID is…

  • CVE-2018-0114HigJan 4, 2018
    risk 0.55cvss 7.5epss 0.43

    A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for…

  • CVE-2018-0103HigJan 4, 2018
    risk 0.51cvss 7.8epss 0.02

    A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a local attacker to execute arbitrary code on the system of a user. The attacker could exploit this vulnerability by sending the user a link or email…

  • CVE-2017-18020HigJan 4, 2018
    risk 0.55cvss 8.4epss 0.00

    On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and Exynos chipsets, attackers can execute arbitrary code in the bootloader because S Boot omits a size check during a copy of ramfs data to memory. The Samsung ID is SVE-2017-10598.

  • CVE-2017-18019HigJan 4, 2018
    risk 0.49cvss 7.1epss 0.01

    In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the contents of arbitrary…

  • CVE-2017-18018HigJan 4, 2018
    risk 0.46cvss 7.1epss 0.00

    In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.

  • CVE-2018-5088HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300211C.

  • CVE-2018-5087HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002100.

  • CVE-2018-5086HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215F.

  • CVE-2018-5085HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002124.

  • CVE-2018-5084HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300212C.

  • CVE-2018-5083HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215B.

  • CVE-2018-5082HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002128.

  • CVE-2018-5081HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F0.

  • CVE-2018-5080HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020FC.

  • CVE-2018-5079HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002130.

  • CVE-2017-1000485HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.00

    Nylas Mail Lives 2.2.2 uses 0755 permissions for $HOME/.nylas-mail, which allows local users to obtain sensitive authentication information via standard filesystem operations.

  • CVE-2017-1000473HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.01

    Linux Dash up to version v2 is vulnerable to multiple command injection vulnerabilities in the way module names are parsed and then executed resulting in code execution on the server, potentially as root.

  • CVE-2017-1000470HigJan 3, 2018
    risk 0.49cvss 7.5epss 0.08

    EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service.

  • CVE-2017-1000479HigJan 3, 2018
    risk 0.06cvss 8.8epss 0.33

    pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork…

  • CVE-2017-1000477HigJan 3, 2018
    risk 0.49cvss 7.5epss 0.01

    XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result in denial of service attacks.

  • CVE-2017-1000489HigJan 3, 2018
    risk 0.46cvss 8.1epss 0.01

    Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address

  • CVE-2017-1000499HigJan 3, 2018
    risk 0.61cvss 8.8epss 0.08

    phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.

  • CVE-2017-1000498HigJan 3, 2018
    risk 0.51cvss 7.8epss 0.02

    AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution

  • CVE-2017-1000496HigJan 3, 2018
    risk 0.57cvss 8.8epss 0.02

    Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code.

  • CVE-2017-1000494HigJan 3, 2018
    risk 0.00cvss 7.8epss 0.00

    Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact

  • CVE-2018-4862HigJan 3, 2018
    risk 0.57cvss 8.8epss 0.01

    In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges.

  • CVE-2017-1000438HigJan 2, 2018
    risk 0.54cvss 8.3epss 0.01

    In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file on the underlying filesystem, then manipulate the user's data.

  • CVE-2017-1000433HigJan 2, 2018
    risk 0.46cvss 8.1epss 0.03

    pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.

  • CVE-2017-1000432HigJan 2, 2018
    risk 0.55cvss 8.0epss 0.02

    Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access

  • CVE-2017-1000422HigJan 2, 2018
    risk 0.57cvss 8.8epss 0.02

    Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution

  • CVE-2017-1000420HigJan 2, 2018
    risk 0.42cvss 7.5epss 0.02

    Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite

  • CVE-2017-1000419HigJan 2, 2018
    risk 0.49cvss 7.5epss 0.01

    phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application.

  • CVE-2017-1000456HigJan 2, 2018
    risk 0.57cvss 8.8epss 0.02

    freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.

  • CVE-2017-1000418HigJan 2, 2018
    risk 0.00cvss 7.8epss 0.02

    The WildMidi_Open function in WildMIDI since commit d8a466829c67cacbb1700beded25c448d99514e5 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.

  • CVE-2017-1000454HigJan 2, 2018
    risk 0.51cvss 7.8epss 0.01

    CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1

  • CVE-2017-1000452HigJan 2, 2018
    risk 0.42cvss 7.5epss 0.01

    An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users.

  • CVE-2017-1000451HigJan 2, 2018
    risk 0.44cvss 7.8epss 0.01

    fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on child_process.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use…