VYPR

CVEs

101,972 total · page 1838 of 2,040

  • CVE-2017-17912HigDec 27, 2017
    risk 0.57cvss 8.8epss 0.02

    In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region.

  • CVE-2017-17908HigDec 27, 2017
    risk 0.57cvss 8.8epss 0.00

    PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general.

  • CVE-2017-17905HigDec 27, 2017
    risk 0.57cvss 8.8epss 0.01

    PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php.

  • CVE-2017-17903HigDec 27, 2017
    risk 0.57cvss 8.8epss 0.00

    FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel.

  • CVE-2017-17898HigDec 27, 2017
    risk 0.42cvss 7.5epss 0.02

    Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information.

  • CVE-2017-17894HigDec 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Readymade Job Site Script has CSRF via the /job URI.

  • CVE-2017-17891HigDec 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Readymade Video Sharing Script has CSRF via user-profile-edit.php.

  • CVE-2017-17888HigDec 27, 2017
    risk 0.59cvss 8.8epss 0.28

    cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer devices, allows remote authenticated users to…

  • CVE-2017-17880HigDec 27, 2017
    risk 0.57cvss 8.8epss 0.01

    In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check.

  • CVE-2017-17879HigDec 27, 2017
    risk 0.57cvss 8.8epss 0.03

    In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error.

  • CVE-2017-17876HigDec 27, 2017
    risk 0.53cvss 7.5epss 0.10

    Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter.

  • CVE-2017-17874HigDec 27, 2017
    risk 0.61cvss 8.8epss 0.06

    Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.

  • CVE-2017-17866HigDec 27, 2017
    risk 0.51cvss 7.8epss 0.02

    pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact…

  • CVE-2017-17863HigDec 27, 2017
    risk 0.51cvss 7.8epss 0.00

    kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer overflow or invalid memory access) or possibly have unspecified other impact.

  • CVE-2017-17857HigDec 27, 2017
    risk 0.51cvss 7.8epss 0.00

    The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations.

  • CVE-2017-17856HigDec 27, 2017
    risk 0.51cvss 7.8epss 0.00

    kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement.

  • CVE-2017-17855HigDec 27, 2017
    risk 0.51cvss 7.8epss 0.00

    kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars.

  • CVE-2017-17854HigDec 27, 2017
    risk 0.51cvss 7.8epss 0.00

    kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic.

  • CVE-2017-17853HigDec 27, 2017
    risk 0.51cvss 7.8epss 0.00

    kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations.

  • CVE-2017-17852HigDec 27, 2017
    risk 0.51cvss 7.8epss 0.00

    kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops.

  • CVE-2017-17850HigDec 27, 2017
    risk 0.55cvss 7.5epss 0.75

    An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and…

  • CVE-2017-17848HigDec 27, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a cid: URI but not actually displayed. In other words, the entire containing…

  • CVE-2017-17847HigDec 27, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message…

  • CVE-2017-17846HigDec 27, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003.

  • CVE-2017-17845HigDec 27, 2017
    risk 0.48cvss 7.3epss 0.02

    An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001.

  • CVE-2017-17840HigDec 27, 2017
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to lack of checking) can lead to buffer overflows, and result in aborts (with…

  • CVE-2017-17010HigDec 27, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-16996HigDec 27, 2017
    risk 0.51cvss 7.8epss 0.00

    kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling.

  • CVE-2017-16995HigDec 27, 2017
    risk 0.56cvss 7.8epss 0.30

    The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.

  • CVE-2017-16897HigDec 27, 2017
    risk 0.46cvss 8.1epss 0.01

    A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider does not sign the full SAML response…

  • CVE-2017-12741HigDec 26, 2017
    risk 0.49cvss 7.5epss 0.03

    Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually.

  • CVE-2017-12736HigDec 26, 2017
    risk 0.57cvss 8.8epss 0.01

    After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions. This could allow an attacker located in the adjacent network of the targeted device to perform unauthorized administrative actions.

  • CVE-2017-13903HigDec 25, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify the application state by leveraging incorrect message handling, as demonstrated by…

  • CVE-2017-13883HigDec 25, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

  • CVE-2017-13879HigDec 25, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "IOMobileFrameBuffer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

  • CVE-2017-13878HigDec 25, 2017
    risk 0.49cvss 7.1epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read and system crash).

  • CVE-2017-13876HigDec 25, 2017
    risk 0.54cvss 7.8epss 0.05

    An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a…

  • CVE-2017-13875HigDec 25, 2017
    risk 0.54cvss 7.8epss 0.04

    An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted…

  • CVE-2017-13874HigDec 25, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail" component. It might allow remote attackers to bypass an intended encryption protection mechanism by leveraging incorrect S/MIME certificate selection.

  • CVE-2017-13871HigDec 25, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Mail" component. It allows remote attackers to read cleartext e-mail content (for which S/MIME encryption was intended) by leveraging the lack of installation of an…

  • CVE-2017-13870HigDec 25, 2017
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It…

  • CVE-2017-13867HigDec 25, 2017
    risk 0.54cvss 7.8epss 0.05

    An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a…

  • CVE-2017-13866HigDec 25, 2017
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It…

  • CVE-2017-13862HigDec 25, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a…

  • CVE-2017-13861HigDec 25, 2017
    risk 0.55cvss 7.8epss 0.15

    An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOSurface" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of…

  • CVE-2017-13858HigDec 25, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.

  • CVE-2017-13856HigDec 25, 2017
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It…

  • CVE-2017-13848HigDec 25, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.

  • CVE-2017-13847HigDec 25, 2017
    risk 0.54cvss 7.8epss 0.05

    An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via…

  • CVE-2017-14022HigDec 23, 2017
    risk 0.49cvss 7.5epss 0.04

    An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with FactoryTalk Alarms and Events can send a specially crafted set of packets packet to…