VYPR

CVEs

101,975 total · page 1843 of 2,040

  • CVE-2017-11914HigDec 12, 2017
    risk 0.50cvss 7.5epss 0.63

    ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".…

  • CVE-2017-11913HigDec 12, 2017
    risk 0.49cvss 7.5epss 0.09

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current…

  • CVE-2017-11912HigDec 12, 2017
    risk 0.49cvss 7.5epss 0.08

    ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an…

  • CVE-2017-11911HigDec 12, 2017
    risk 0.50cvss 7.5epss 0.65

    ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE…

  • CVE-2017-11910HigDec 12, 2017
    risk 0.42cvss 7.5epss 0.09

    ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".…

  • CVE-2017-11909HigDec 12, 2017
    risk 0.50cvss 7.5epss 0.65

    ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE…

  • CVE-2017-11908HigDec 12, 2017
    risk 0.42cvss 7.5epss 0.09

    ChakraCore and Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886,…

  • CVE-2017-11907HigDec 12, 2017
    risk 0.57cvss 7.5epss 0.64

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to…

  • CVE-2017-11905HigDec 12, 2017
    risk 0.42cvss 7.5epss 0.09

    ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption…

  • CVE-2017-11903HigDec 12, 2017
    risk 0.55cvss 7.5epss 0.46

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to…

  • CVE-2017-11901HigDec 12, 2017
    risk 0.49cvss 7.5epss 0.08

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how…

  • CVE-2017-11895HigDec 12, 2017
    risk 0.49cvss 7.5epss 0.08

    ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to…

  • CVE-2017-11894HigDec 12, 2017
    risk 0.49cvss 7.5epss 0.08

    ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and and Internet Explorer adn Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an…

  • CVE-2017-11893HigDec 12, 2017
    risk 0.50cvss 7.5epss 0.68

    ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption…

  • CVE-2017-11890HigDec 12, 2017
    risk 0.56cvss 7.5epss 0.49

    Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how…

  • CVE-2017-11889HigDec 12, 2017
    risk 0.42cvss 7.5epss 0.09

    ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption…

  • CVE-2017-11888HigDec 12, 2017
    risk 0.49cvss 7.5epss 0.08

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability".

  • CVE-2017-11886HigDec 12, 2017
    risk 0.49cvss 7.5epss 0.09

    Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how…

  • CVE-2017-5717HigDec 12, 2017
    risk 0.54cvss 7.8epss 0.01

    Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access.

  • CVE-2017-17562HigKEVDec 12, 2017
    risk 0.68cvss 8.1epss 0.96

    Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When…

  • CVE-2017-17561HigDec 12, 2017
    risk 0.47cvss 7.2epss 0.01

    SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/admin_ping.php, which interacts with data/admin/ping.php.

  • CVE-2017-16690HigDec 12, 2017
    risk 0.51cvss 7.8epss 0.01

    A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs like DWMAPI.dll (located in your Syswow64 / System32 folder) from the folder…

  • CVE-2017-16689HigDec 12, 2017
    risk 0.57cvss 8.8epss 0.01

    A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no…

  • CVE-2017-16682HigDec 12, 2017
    risk 0.47cvss 7.2epss 0.02

    SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application.

  • CVE-2017-16680HigDec 12, 2017
    risk 0.49cvss 7.5epss 0.02

    Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1) Certain HTTP/REST endpoints of controller service are missing user input validation which could allow unprivileged attackers to forge audit log lines. Hence the interpretation of…

  • CVE-2017-2886HigDec 11, 2017
    risk 0.51cvss 7.8epss 0.01

    A memory corruption vulnerability exists in the .PSD parsing functionality of ACDSee Ultimate 10.0.0.292. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in potential code execution. An attacker can send a specific .PSD file to trigger this…

  • CVE-2017-1760HigDec 11, 2017
    risk 0.46cvss 7.1epss 0.00

    IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454.

  • CVE-2017-1606HigDec 11, 2017
    risk 0.57cvss 8.8epss 0.01

    IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end…

  • CVE-2017-1000407HigDec 11, 2017
    risk 0.48cvss 7.4epss 0.01

    The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.

  • CVE-2014-8358HigDec 11, 2017
    risk 0.54cvss 7.8epss 0.05

    Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the "Mobile Partner" directory, which allows remote attackers to gain SYSTEM…

  • CVE-2017-17551HigDec 11, 2017
    risk 0.57cvss 8.8epss 0.01

    The Backup and Restore feature in Mobotap Dolphin Browser for Android 12.0.2 suffers from an arbitrary file write vulnerability when attempting to restore browser settings from a malicious Dolphin Browser backup file. This arbitrary file write vulnerability allows an attacker to…

  • CVE-2017-15942HigDec 11, 2017
    risk 0.49cvss 7.5epss 0.02

    Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.13, and 8.0.x before 8.0.6 allows remote attackers to cause a denial of service via vectors related to the management interface.

  • CVE-2017-11319HigDec 11, 2017
    risk 0.61cvss 8.8epss 0.06

    Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and missing cross server side checking mechanisms.

  • CVE-2017-13070HigDec 11, 2017
    risk 0.51cvss 7.8epss 0.02

    A DLL Hijacking vulnerability in QNAP Qsync for Windows (exe) version 4.2.2.0724 and earlier could allow remote attackers to execute arbitrary code on Windows machines.

  • CVE-2016-6904HigDec 11, 2017
    risk 0.53cvss 8.1epss 0.01

    Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials.

  • CVE-2017-17536HigDec 11, 2017
    risk 0.57cvss 8.8epss 0.02

    Phabricator before 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary code by using the web UI to browse a branch whose name begins with a --config= or --debugger= substring.

  • CVE-2017-17523HigDec 11, 2017
    risk 0.57cvss 8.8epss 0.02

    lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument.

  • CVE-2017-17512HigDec 11, 2017
    risk 0.57cvss 8.8epss 0.02

    sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file…

  • CVE-2017-11463HigDec 11, 2017
    risk 0.57cvss 8.8epss 0.02

    In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the…

  • CVE-2017-17509HigDec 11, 2017
    risk 0.57cvss 8.8epss 0.02

    In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file.

  • CVE-2017-17503HigDec 11, 2017
    risk 0.57cvss 8.8epss 0.02

    ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file.

  • CVE-2017-17502HigDec 11, 2017
    risk 0.57cvss 8.8epss 0.02

    ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file.

  • CVE-2017-17501HigDec 11, 2017
    risk 0.57cvss 8.8epss 0.03

    WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file.

  • CVE-2017-17500HigDec 11, 2017
    risk 0.57cvss 8.8epss 0.03

    ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file.

  • CVE-2017-17498HigDec 11, 2017
    risk 0.57cvss 8.8epss 0.03

    WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.

  • CVE-2017-17497HigDec 10, 2017
    risk 0.49cvss 7.5epss 0.01

    In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service (Segmentation Fault), because the currentNode variable in the "children of the head" processing feature is modified in the loop without validating the new value.

  • CVE-2017-16241HigDec 10, 2017
    risk 0.49cvss 7.5epss 0.02

    Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card…

  • CVE-2017-3111HigDec 9, 2017
    risk 0.49cvss 7.5epss 0.07

    An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances.

  • CVE-2017-16420HigDec 9, 2017
    risk 0.58cvss 8.8epss 0.07

    An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is…

  • CVE-2017-16418HigDec 9, 2017
    risk 0.58cvss 8.8epss 0.09

    An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is…