VYPR

CVEs

101,975 total · page 1848 of 2,040

  • CVE-2017-17065HigNov 30, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06_hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service (device crash) or possibly have unspecified other impact by sending a sufficiently…

  • CVE-2017-12631HigNov 30, 2017
    risk 0.50cvss 8.8epss 0.02

    Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3 and Spring 4 plugins in versions before 1.4.3 and 1.3.3. The…

  • CVE-2017-12343HigNov 30, 2017
    risk 0.57cvss 8.8epss 0.02

    Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a…

  • CVE-2017-14198HigNov 30, 2017
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution (RCE) via a maliciously crafted time_format tag.

  • CVE-2017-14196HigNov 30, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed.

  • CVE-2017-13872HigNov 29, 2017
    risk 0.59cvss 8.1epss 0.37

    An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the "Directory Utility" component. It allows attackers to obtain administrator access without a password via certain interactions involving entry…

  • CVE-2017-17058HigNov 29, 2017
    risk 0.54cvss 7.5epss 0.24

    The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because…

  • CVE-2017-17053HigNov 29, 2017
    risk 0.46cvss 7.0epss 0.00

    The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other…

  • CVE-2017-17052HigNov 29, 2017
    risk 0.51cvss 7.8epss 0.00

    The mm_init function in kernel/fork.c in the Linux kernel before 4.12.10 does not clear the ->exe_file member of a new process's mm_struct, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program.

  • CVE-2017-17050HigNov 29, 2017
    risk 0.51cvss 7.8epss 0.00

    TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730020 DeviceIoControl request to \\.\Viragtlt.

  • CVE-2017-17049HigNov 29, 2017
    risk 0.51cvss 7.8epss 0.00

    TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730010 DeviceIoControl request to \\.\Viragtlt.

  • CVE-2017-17045HigNov 28, 2017
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M)…

  • CVE-2017-17042HigNov 28, 2017
    risk 0.42cvss 7.5epss 0.03

    lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.

  • CVE-2017-15673HigNov 28, 2017
    risk 0.47cvss 7.2epss 0.02

    The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page.

  • CVE-2017-8019HigNov 28, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service situation.

  • CVE-2017-8001HigNov 28, 2017
    risk 0.55cvss 8.4epss 0.00

    An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with…

  • CVE-2016-10701HigNov 28, 2017
    risk 0.57cvss 8.8epss 0.01

    In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics application.

  • CVE-2017-15275HigNov 27, 2017
    risk 0.50cvss 7.5epss 0.21

    Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.

  • CVE-2017-15055HigNov 27, 2017
    risk 0.46cvss 8.1epss 0.01

    TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, edit any item within a read-only directory, delete an arbitrary item, delete the…

  • CVE-2017-15054HigNov 27, 2017
    risk 0.42cvss 7.5epss 0.04

    An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. To exploit this vulnerability, an authenticated attacker has to tamper with parameters of a request to…

  • CVE-2017-15114HigNov 27, 2017
    risk 0.53cvss 8.1epss 0.02

    When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is…

  • CVE-2017-14585HigNov 27, 2017
    risk 0.47cvss 7.2epss 0.04

    A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 of Hipchat Data Center. Versions of Hipchat Server starting with 2.2.0 and…

  • CVE-2017-0910HigNov 27, 2017
    risk 0.57cvss 8.8epss 0.01

    In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm.

  • CVE-2017-1000207HigNov 27, 2017
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and…

  • CVE-2017-1000159HigNov 27, 2017
    risk 0.51cvss 7.8epss 0.01

    Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91.

  • CVE-2017-1001004HigNov 27, 2017
    risk 0.50cvss 8.8epss 0.02

    typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.

  • CVE-2017-8038HigNov 27, 2017
    risk 0.57cvss 8.8epss 0.01

    In Cloud Foundry Foundation Credhub-release version 1.1.0, access control lists (ACLs) enforce whether an authenticated user can perform an operation on a credential. For installations using ACLs, the ACL was bypassed for the CredHub interpolate endpoint, allowing authenticated…

  • CVE-2017-8028HigNov 27, 2017
    risk 0.46cvss 8.1epss 0.03

    In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication…

  • CVE-2017-4995HigNov 27, 2017
    risk 0.46cvss 8.1epss 0.03

    An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this…

  • CVE-2017-16960HigNov 27, 2017
    risk 0.57cvss 8.8epss 0.02

    TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in…

  • CVE-2017-16958HigNov 27, 2017
    risk 0.57cvss 8.8epss 0.03

    TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in…

  • CVE-2017-16957HigNov 27, 2017
    risk 0.58cvss 8.8epss 0.06

    TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in…

  • CVE-2017-16955HigNov 27, 2017
    risk 0.57cvss 8.8epss 0.02

    SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the "keyword" parameter to /wp-admin/options-general.php?page=inlinks/inlinks.php.

  • CVE-2017-14390HigNov 27, 2017
    risk 0.49cvss 7.5epss 0.01

    In Cloud Foundry Foundation cf-deployment v0.35.0, a misconfiguration with Loggregator and syslog-drain causes logs to be drained to unintended locations.

  • CVE-2017-14176HigNov 27, 2017
    risk 0.58cvss 8.8epss 0.06

    Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and…

  • CVE-2017-16948HigNov 26, 2017
    risk 0.51cvss 7.8epss 0.00

    TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730008 DeviceIoControl request to \\.\Viragtlt.

  • CVE-2017-16944HigNov 25, 2017
    risk 0.57cvss 7.5epss 0.63

    The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the…

  • CVE-2017-16941HigNov 25, 2017
    risk 0.57cvss 8.8epss 0.02

    October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a…

  • CVE-2017-16939HigNov 24, 2017
    risk 0.54cvss 7.8epss 0.02

    The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink…

  • CVE-2017-16938HigNov 24, 2017
    risk 0.51cvss 7.8epss 0.02

    A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolled loop in the LZWReadByte function of the gifread.c file.

  • CVE-2017-16933HigNov 24, 2017
    risk 0.46cvss 7.0epss 0.00

    etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link.

  • CVE-2016-10700HigNov 24, 2017
    risk 0.50cvss 8.8epss 0.02

    auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an…

  • CVE-2017-16932HigNov 23, 2017
    risk 0.42cvss 7.5epss 0.06

    parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.

  • CVE-2017-13699HigNov 23, 2017
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password…

  • CVE-2017-13698HigNov 23, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. An attacker could extract public and private keys from the firmware image available on the MOXA website and could use them against a production switch that has the default keys embedded.

  • CVE-2017-16927HigNov 23, 2017
    risk 0.55cvss 8.4epss 0.00

    The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other…

  • CVE-2017-7501HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.00

    It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and…

  • CVE-2017-16879HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.02

    Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.

  • CVE-2017-8212HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a…

  • CVE-2017-8211HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a…