VYPR

CVEs

11,223 total · page 184 of 225

  • CVE-2017-2236CriJul 7, 2017
    risk 0.64cvss 9.8epss 0.01

    Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges.

  • CVE-2017-2235CriJul 7, 2017
    risk 0.64cvss 9.8epss 0.01

    Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to bypass access restriction to change the administrator account password via unspecified vectors.

  • CVE-2017-2234CriJul 7, 2017
    risk 0.64cvss 9.8epss 0.02

    Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges.

  • CVE-2017-2225CriJul 7, 2017
    risk 0.64cvss 9.8epss 0.01

    Untrusted search path vulnerability in EbidSettingChecker.exe (version 1.0.0.0) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-7406CriJul 7, 2017
    risk 0.64cvss 9.8epss 0.01

    The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user's credentials and/or credentials of users being…

  • CVE-2017-7405CriJul 7, 2017
    risk 0.64cvss 9.8epss 0.02

    On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's host, an attacker might be able to take over the administrative session without being…

  • CVE-2017-10989CriJul 7, 2017
    risk 0.64cvss 9.8epss 0.09

    The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.

  • CVE-2017-10968CriJul 7, 2017
    risk 0.64cvss 9.8epss 0.02

    In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after "<?php" in a route=template request.

  • CVE-2016-4000CriJul 6, 2017
    risk 0.64cvss 9.8epss 0.07

    Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object.

  • CVE-2017-6714CriJul 6, 2017
    risk 0.64cvss 9.8epss 0.04

    A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit…

  • CVE-2017-6713CriJul 6, 2017
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between…

  • CVE-2017-6711CriJul 6, 2017
    risk 0.59cvss 9.1epss 0.02

    A vulnerability in the Ultra Automation Service (UAS) of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device. The vulnerability is due to an insecure default configuration of the Apache ZooKeeper…

  • CVE-2017-6709CriJul 6, 2017
    risk 0.64cvss 9.8epss 0.01

    A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. The vulnerability…

  • CVE-2017-6708CriJul 6, 2017
    risk 0.64cvss 9.8epss 0.01

    A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to…

  • CVE-2017-1253CriJul 5, 2017
    risk 0.65cvss 9.9epss 0.02

    IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 124633.

  • CVE-2017-1175CriJul 5, 2017
    risk 0.64cvss 9.8epss 0.02

    IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123297.

  • CVE-2017-1269CriJul 5, 2017
    risk 0.64cvss 9.8epss 0.02

    IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 124744

  • CVE-2017-10921CriJul 5, 2017
    risk 0.65cvss 10.0epss 0.03

    The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka…

  • CVE-2017-10920CriJul 5, 2017
    risk 0.65cvss 10.0epss 0.03

    The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a GNTMAP_host_map unmapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged…

  • CVE-2017-10918CriJul 5, 2017
    risk 0.65cvss 10.0epss 0.04

    Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host OS access, aka XSA-222.

  • CVE-2017-10917CriJul 5, 2017
    risk 0.59cvss 9.1epss 0.03

    Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly obtain sensitive information, aka XSA-221.

  • CVE-2017-10915CriJul 5, 2017
    risk 0.59cvss 9.0epss 0.02

    The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219.

  • CVE-2017-10913CriJul 5, 2017
    risk 0.64cvss 9.8epss 0.03

    The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1.

  • CVE-2017-10912CriJul 5, 2017
    risk 0.65cvss 10.0epss 0.03

    Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217.

  • CVE-2017-10804CriJul 4, 2017
    risk 0.64cvss 9.8epss 0.03

    In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00 characters are truncated before reaching the database layer. This occurs because…

  • CVE-2017-10807CriJul 4, 2017
    risk 0.64cvss 9.8epss 0.03

    JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.

  • CVE-2017-7317CriJul 4, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on Humax Digital HG100 2.0.6 devices. The attacker can find the root credentials in the backup file, aka GatewaySettings.bin.

  • CVE-2017-7315CriJul 4, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin.

  • CVE-2017-9248CriKEVJul 3, 2017
    risk 0.85cvss 9.8epss 0.75

    Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection…

  • CVE-2017-7919CriJul 3, 2017
    risk 0.64cvss 9.8epss 0.03

    An Improper Authentication issue was discovered in Newport XPS-Cx and XPS-Qx. An attacker may bypass authentication by accessing a specific uniform resource locator (URL).

  • CVE-2017-8116CriJul 3, 2017
    risk 0.64cvss 9.8epss 0.05

    The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request.

  • CVE-2017-10788CriJul 1, 2017
    risk 0.64cvss 9.8epss 0.05

    The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection…

  • CVE-2017-2292CriJun 30, 2017
    risk 0.59cvss 9.0epss 0.02

    Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has been tested in all Puppet-supplied MCollective…

  • CVE-2017-10699CriJun 30, 2017
    risk 0.64cvss 9.8epss 0.04

    avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.

  • CVE-2017-10670CriJun 30, 2017
    risk 0.64cvss 9.8epss 0.01

    An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET), exploitable by sending a crafted standard-conforming OSCI message from within the infrastructure.

  • CVE-2017-7905CriJun 30, 2017
    risk 0.64cvss 9.8epss 0.01

    A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware…

  • CVE-2017-7903CriJun 30, 2017
    risk 0.64cvss 9.8epss 0.03

    A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series…

  • CVE-2017-7902CriJun 30, 2017
    risk 0.64cvss 9.8epss 0.03

    A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions;…

  • CVE-2017-7899CriJun 30, 2017
    risk 0.64cvss 9.8epss 0.05

    An Information Exposure issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A…

  • CVE-2017-7898CriJun 30, 2017
    risk 0.64cvss 9.8epss 0.05

    An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and…

  • CVE-2017-6044CriJun 30, 2017
    risk 0.64cvss 9.8epss 0.04

    An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a remote attacker to…

  • CVE-2017-6041CriJun 30, 2017
    risk 0.64cvss 9.8epss 0.02

    An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single…

  • CVE-2017-6034CriJun 30, 2017
    risk 0.64cvss 9.8epss 0.05

    An authentication bypass by capture-replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and…

  • CVE-2017-6028CriJun 30, 2017
    risk 0.64cvss 9.8epss 0.02

    An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing.…

  • CVE-2017-6026CriJun 30, 2017
    risk 0.65cvss 9.1epss 0.32

    A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are…

  • CVE-2017-6022CriJun 30, 2017
    risk 0.64cvss 9.8epss 0.02

    A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged…

  • CVE-2016-9358CriJun 30, 2017
    risk 0.64cvss 9.8epss 0.02

    A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single…

  • CVE-2017-10685CriJun 29, 2017
    risk 0.64cvss 9.8epss 0.04

    In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.

  • CVE-2017-10684CriJun 29, 2017
    risk 0.64cvss 9.8epss 0.05

    In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.

  • CVE-2017-10682CriJun 29, 2017
    risk 0.67cvss 9.8epss 0.08

    SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php.