VYPR

CVEs

101,975 total · page 1850 of 2,040

  • CVE-2017-2714HigNov 22, 2017
    risk 0.52cvss 8.0epss 0.01

    The GaussDB in FusionSphere OpenStack V100R005C10SPC705 and earlier versions has a buffer overflow vulnerability. An authenticated attacker on the LAN can exploit this vulnerability to execute arbitrary code or cause a denial of service (DoS) condition in the affected system.

  • CVE-2017-2707HigNov 22, 2017
    risk 0.46cvss 7.1epss 0.00

    Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. An attacker tricks a user to save a rich media into message on the smart phone, which could be exploited to cause the attacker to delete message or fake user to send…

  • CVE-2017-2706HigNov 22, 2017
    risk 0.46cvss 7.1epss 0.01

    Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and…

  • CVE-2017-2704HigNov 22, 2017
    risk 0.49cvss 7.5epss 0.01

    Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and…

  • CVE-2017-2700HigNov 22, 2017
    risk 0.49cvss 7.5epss 0.01

    AC6005 with software V200R006C10, AC6605 with software V200R006C10 have a DoS Vulnerability. An attacker can send malformed packets to the device, which causes the device memory leaks, leading to DoS attacks.

  • CVE-2017-2699HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The Huawei Themes APP in versions earlier than PLK-UL00C17B385, versions earlier than CRR-L09C432B380, versions earlier than LYO-L21C577B128 has a privilege elevation vulnerability. An attacker could exploit this vulnerability to upload theme packs containing malicious files and…

  • CVE-2017-2698HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The ddr_devfreq driver in versions earlier than GRA-UL00C00B197 has buffer overflow vulnerability. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to…

  • CVE-2017-2697HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The goldeneye driver in NMO-L31C432B120 and earlier versions,NEM-L21C432B100 and earlier versions,NEM-L51C432B120 and earlier versions,KNT-AL10C746B160 and earlier versions,VNS-L21C185B142 and earlier versions,CAM-L21C10B130 and earlier versions,CAM-L21C185B141 and earlier…

  • CVE-2017-2696HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The emerg_data driver in CAM-L21C10B130 and earlier versions, CAM-L21C185B141 and earlier versions has a buffer overflow vulnerability. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and…

  • CVE-2017-2693HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and…

  • CVE-2017-2692HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The Keyguard application in ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier…

  • CVE-2017-15098HigNov 22, 2017
    risk 0.53cvss 8.1epss 0.04

    Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory.

  • CVE-2017-8863HigNov 22, 2017
    risk 0.49cvss 7.5epss 0.01

    Information disclosure of .esp source code on the Cohu 3960 allows an attacker to view sensitive information such as application logic with a simple web browser.

  • CVE-2017-5729HigNov 21, 2017
    risk 0.48cvss 7.4epss 0.01

    Frame replay vulnerability in Wi-Fi subsystem in Intel Dual-Band and Tri-Band Wireless-AC Products allows remote attacker to replay frames via channel-based man-in-the-middle.

  • CVE-2017-5712HigNov 21, 2017
    risk 0.47cvss 7.2epss 0.04

    Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege.

  • CVE-2017-5711HigNov 21, 2017
    risk 0.51cvss 7.8epss 0.01

    Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.

  • CVE-2017-5710HigNov 21, 2017
    risk 0.51cvss 7.8epss 0.01

    Multiple privilege escalations in kernel in Intel Trusted Execution Engine Firmware 3.0 allows unauthorized process to access privileged content via unspecified vector.

  • CVE-2017-5709HigNov 21, 2017
    risk 0.51cvss 7.8epss 0.01

    Multiple privilege escalations in kernel in Intel Server Platform Services Firmware 4.0 allows unauthorized process to access privileged content via unspecified vector.

  • CVE-2017-5708HigNov 21, 2017
    risk 0.51cvss 7.8epss 0.01

    Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector.

  • CVE-2017-5707HigNov 21, 2017
    risk 0.51cvss 7.8epss 0.01

    Multiple buffer overflows in kernel in Intel Trusted Execution Engine Firmware 3.0 allow attacker with local access to the system to execute arbitrary code.

  • CVE-2017-5706HigNov 21, 2017
    risk 0.51cvss 7.8epss 0.01

    Multiple buffer overflows in kernel in Intel Server Platform Services Firmware 4.0 allow attacker with local access to the system to execute arbitrary code.

  • CVE-2017-5705HigNov 21, 2017
    risk 0.51cvss 7.8epss 0.01

    Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code.

  • CVE-2017-16923HigNov 21, 2017
    risk 0.57cvss 8.8epss 0.03

    Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01,…

  • CVE-2017-16664HigNov 21, 2017
    risk 0.57cvss 8.8epss 0.02

    Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation.

  • CVE-2017-15044HigNov 21, 2017
    risk 0.57cvss 8.8epss 0.02

    The default installation of DocuWare Fulltext Search server through 6.11 allows remote users to connect to and download searchable text from the embedded Solr service, bypassing DocuWare's access control features of the DocuWare user interfaces and API. An attacker can also gain…

  • CVE-2017-2919HigNov 20, 2017
    risk 0.51cvss 7.8epss 0.02

    An exploitable stack based buffer overflow vulnerability exists in the xls_getfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability

  • CVE-2017-2897HigNov 20, 2017
    risk 0.51cvss 7.8epss 0.02

    An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.

  • CVE-2017-2896HigNov 20, 2017
    risk 0.51cvss 7.8epss 0.02

    An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.

  • CVE-2017-12111HigNov 20, 2017
    risk 0.57cvss 8.8epss 0.02

    An exploitable out-of-bounds vulnerability exists in the xls_addCell function of libxls 1.4. A specially crafted XLS file with a formula record can cause memory corruption resulting in remote code execution. An attacker can send a malicious XLS file to trigger this vulnerability.

  • CVE-2017-12110HigNov 20, 2017
    risk 0.57cvss 8.8epss 0.02

    An exploitable integer overflow vulnerability exists in the xls_appendSST function of libxls 1.4.A specially crafted XLS file can cause memory corruption resulting in remote code execution.

  • CVE-2017-12608HigNov 20, 2017
    risk 0.51cvss 7.8epss 0.03

    A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code…

  • CVE-2017-12607HigNov 20, 2017
    risk 0.51cvss 7.8epss 0.03

    A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.

  • CVE-2017-16902HigNov 20, 2017
    risk 0.52cvss 7.5epss 0.08

    On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long string of characters in the loginPassword and/or loginUsername field to goform/login causes the router to reboot.

  • CVE-2017-16899HigNov 20, 2017
    risk 0.46cvss 7.1epss 0.01

    An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in…

  • CVE-2017-9806HigNov 20, 2017
    risk 0.51cvss 7.8epss 0.02

    A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code…

  • CVE-2017-16544HigNov 20, 2017
    risk 0.58cvss 8.8epss 0.06

    In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially…

  • CVE-2016-6804HigNov 20, 2017
    risk 0.51cvss 7.8epss 0.03

    The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. This requires that the location in which the installer is run has been…

  • CVE-2017-16894HigNov 20, 2017
    risk 0.59cvss 7.5epss 0.87

    In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in…

  • CVE-2017-16892HigNov 19, 2017
    risk 0.49cvss 7.5epss 0.01

    In Bftpd before 4.7, there is a memory leak in the file rename function.

  • CVE-2017-16882HigNov 18, 2017
    risk 0.51cvss 7.8epss 0.00

    Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging…

  • CVE-2017-1000217HigNov 17, 2017
    risk 0.50cvss 8.8epss 0.02

    Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0.

  • CVE-2017-4939HigNov 17, 2017
    risk 0.51cvss 7.8epss 0.01

    VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. This issue may allow an attacker to load a DLL file of the attacker's choosing that could execute arbitrary code.

  • CVE-2017-1000230HigNov 17, 2017
    risk 0.49cvss 7.5epss 0.01

    The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack.

  • CVE-2017-14111HigNov 17, 2017
    risk 0.47cvss 7.2epss 0.02

    The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user…

  • CVE-2017-6168HigNov 17, 2017
    risk 0.53cvss 7.4epss 0.20

    On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack)…

  • CVE-2017-13703HigNov 17, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A denial of service may occur.

  • CVE-2017-1000170HigNov 17, 2017
    risk 0.56cvss 7.5epss 0.59

    jqueryFileTree 2.1.5 and older Directory Traversal

  • CVE-2017-16877HigNov 17, 2017
    risk 0.43cvss 7.5epss 0.14

    ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.

  • CVE-2017-1000191HigNov 17, 2017
    risk 0.49cvss 7.5epss 0.01

    Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS.

  • CVE-2017-16875HigNov 17, 2017
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key unregistration will trigger…