VYPR

CVEs

101,975 total · page 1839 of 2,040

  • CVE-2017-13848HigDec 25, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.

  • CVE-2017-13847HigDec 25, 2017
    risk 0.54cvss 7.8epss 0.05

    An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via…

  • CVE-2017-14022HigDec 23, 2017
    risk 0.49cvss 7.5epss 0.04

    An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with FactoryTalk Alarms and Events can send a specially crafted set of packets packet to…

  • CVE-2017-15328HigDec 22, 2017
    risk 0.49cvss 7.5epss 0.01

    Huawei HG8245H version earlier than V300R018C00SPC110 has an authentication bypass vulnerability. An attacker can access a specific URL of the affect product. Due to improper verification of the privilege, successful exploitation may cause information leak.

  • CVE-2017-15324HigDec 22, 2017
    risk 0.49cvss 7.5epss 0.01

    Huawei S5700 and S6700 with software of V200R005C00 have a DoS vulnerability due to insufficient validation of the Network Quality Analysis (NQA) packets. A remote attacker could exploit this vulnerability by sending malformed NQA packets to the target device. Successful…

  • CVE-2017-15320HigDec 22, 2017
    risk 0.49cvss 7.5epss 0.01

    RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input…

  • CVE-2017-15319HigDec 22, 2017
    risk 0.49cvss 7.5epss 0.01

    RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input…

  • CVE-2017-15318HigDec 22, 2017
    risk 0.49cvss 7.5epss 0.01

    RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input…

  • CVE-2017-15317HigDec 22, 2017
    risk 0.49cvss 7.5epss 0.01

    AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02,…

  • CVE-2017-15316HigDec 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application,…

  • CVE-2017-15313HigDec 22, 2017
    risk 0.57cvss 8.8epss 0.01

    Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An remote authenticated attacker could inject malicious CSV expression to the affected device.

  • CVE-2017-15311HigDec 22, 2017
    risk 0.57cvss 8.8epss 0.01

    The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due…

  • CVE-2017-15309HigDec 22, 2017
    risk 0.46cvss 7.1epss 0.01

    Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory.

  • CVE-2017-15308HigDec 22, 2017
    risk 0.57cvss 8.8epss 0.01

    Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load malicious websites created by the attacker, and the code in webpages would be loaded and…

  • CVE-2017-10909HigDec 22, 2017
    risk 0.51cvss 7.8epss 0.02

    Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-10908HigDec 22, 2017
    risk 0.49cvss 7.5epss 0.04

    H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header.

  • CVE-2017-10869HigDec 22, 2017
    risk 0.49cvss 7.5epss 0.03

    Buffer overflow in H2O version 2.2.2 and earlier allows remote attackers to cause a denial-of-service in the server via unspecified vectors.

  • CVE-2017-10868HigDec 22, 2017
    risk 0.49cvss 7.5epss 0.03

    H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header.

  • CVE-2017-17692HigDec 21, 2017
    risk 0.58cvss 7.5epss 0.79

    Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property.

  • CVE-2017-6167HigDec 21, 2017
    risk 0.49cvss 7.5epss 0.01

    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected.

  • CVE-2017-6164HigDec 21, 2017
    risk 0.53cvss 8.1epss 0.04

    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly…

  • CVE-2017-6151HigDec 21, 2017
    risk 0.49cvss 7.5epss 0.02

    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the "HTTP/2 profile" may result in a disruption of service to…

  • CVE-2017-6140HigDec 21, 2017
    risk 0.49cvss 7.5epss 0.02

    On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an…

  • CVE-2017-6138HigDec 21, 2017
    risk 0.49cvss 7.5epss 0.02

    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles,…

  • CVE-2017-6135HigDec 21, 2017
    risk 0.49cvss 7.5epss 0.02

    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions.

  • CVE-2017-6133HigDec 21, 2017
    risk 0.49cvss 7.5epss 0.02

    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service.

  • CVE-2017-6132HigDec 21, 2017
    risk 0.49cvss 7.5epss 0.03

    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or…

  • CVE-2017-6129HigDec 21, 2017
    risk 0.49cvss 7.5epss 0.02

    In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a "flow not in use" assertion. An attacker may be able to disrupt traffic or cause the…

  • CVE-2017-0301HigDec 21, 2017
    risk 0.49cvss 7.6epss 0.01

    In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 and 12.1.2 BIG-IP APM portal access requests do not return the intended resources in some cases. This may allow access to internal BIG-IP APM resources, however the…

  • CVE-2017-17410HigDec 21, 2017
    risk 0.57cvss 8.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The…

  • CVE-2017-17409HigDec 21, 2017
    risk 0.58cvss 8.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The…

  • CVE-2017-17408HigDec 21, 2017
    risk 0.58cvss 8.8epss 0.06

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The…

  • CVE-2017-17831HigDec 21, 2017
    risk 0.50cvss 8.8epss 0.04

    GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository.

  • CVE-2017-17829HigDec 21, 2017
    risk 0.47cvss 7.2epss 0.01

    Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter.

  • CVE-2017-17827HigDec 21, 2017
    risk 0.57cvss 8.8epss 0.01

    Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration&section=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions.

  • CVE-2017-17818HigDec 21, 2017
    risk 0.49cvss 7.5epss 0.03

    In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c.

  • CVE-2017-17809HigDec 20, 2017
    risk 0.51cvss 7.8epss 0.01

    In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed. An attacker can abuse this…

  • CVE-2017-17806HigDec 20, 2017
    risk 0.51cvss 7.8epss 0.01

    The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash…

  • CVE-2017-17805HigDec 20, 2017
    risk 0.51cvss 7.8epss 0.00

    The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free…

  • CVE-2017-14385HigDec 20, 2017
    risk 0.49cvss 7.5epss 0.05

    An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data…

  • CVE-2017-5263HigDec 20, 2017
    risk 0.52cvss 8.0epss 0.00

    Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones.

  • CVE-2017-5262HigDec 20, 2017
    risk 0.55cvss 8.0epss 0.05

    In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference.

  • CVE-2017-5261HigDec 20, 2017
    risk 0.61cvss 8.8epss 0.09

    In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users.

  • CVE-2017-5260HigDec 20, 2017
    risk 0.61cvss 8.8epss 0.08

    In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at…

  • CVE-2017-5259HigDec 20, 2017
    risk 0.63cvss 8.8epss 0.39

    In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https:///adm/syscmd.asp.

  • CVE-2017-5255HigDec 20, 2017
    risk 0.66cvss 8.8epss 0.75

    In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-privilege readonly user) to inject shell meta-characters as part of a…

  • CVE-2017-5254HigDec 20, 2017
    risk 0.64cvss 8.8epss 0.54

    In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism.

  • CVE-2017-16731HigDec 20, 2017
    risk 0.57cvss 8.8epss 0.01

    An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit…

  • CVE-2017-16717HigDec 20, 2017
    risk 0.56cvss 8.6epss 0.02

    A Heap-based Buffer Overflow issue was discovered in WECON LeviStudio HMI. The heap-based buffer overflow vulnerability has been identified, which may allow remote code execution.

  • CVE-2017-1757HigDec 20, 2017
    risk 0.57cvss 8.8epss 0.02

    IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858.