VYPR

CVEs

101,975 total · page 1851 of 2,040

  • CVE-2017-1000203HigNov 17, 2017
    risk 0.58cvss 8.8epss 0.04

    ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution

  • CVE-2017-4937HigNov 17, 2017
    risk 0.51cvss 7.8epss 0.00

    VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows…

  • CVE-2017-4936HigNov 17, 2017
    risk 0.51cvss 7.8epss 0.00

    VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows…

  • CVE-2017-4935HigNov 17, 2017
    risk 0.51cvss 7.8epss 0.00

    VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows…

  • CVE-2017-4934HigNov 17, 2017
    risk 0.57cvss 8.8epss 0.00

    VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host.

  • CVE-2017-4928HigNov 17, 2017
    risk 0.49cvss 7.5epss 0.01

    The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with…

  • CVE-2017-4927HigNov 17, 2017
    risk 0.49cvss 7.5epss 0.02

    VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service.

  • CVE-2017-10887HigNov 17, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in BOOK WALKER for Windows Ver.1.2.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-16871HigNov 17, 2017
    risk 0.53cvss 8.1epss 0.02

    The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter. NOTE: the vendor reports that…

  • CVE-2017-16870HigNov 17, 2017
    risk 0.53cvss 8.1epss 0.01

    The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that this does not cross a privilege boundary

  • CVE-2017-16869HigNov 17, 2017
    risk 0.51cvss 7.8epss 0.01

    p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated "there is no…

  • CVE-2017-1000229HigNov 17, 2017
    risk 0.51cvss 7.8epss 0.02

    Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.

  • CVE-2017-1000129HigNov 17, 2017
    risk 0.49cvss 7.5epss 0.01

    Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure

  • CVE-2017-1000125HigNov 17, 2017
    risk 0.49cvss 7.5epss 0.01

    Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell.

  • CVE-2017-1000247HigNov 17, 2017
    risk 0.49cvss 7.5epss 0.01

    British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws.

  • CVE-2017-1000241HigNov 17, 2017
    risk 0.53cvss 8.1epss 0.01

    The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. This vulnerability can allow an authenticated non-administrator users to view and modify information only accessible to administrators.

  • CVE-2017-1000238HigNov 17, 2017
    risk 0.57cvss 8.8epss 0.01

    InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver.

  • CVE-2017-1000189HigNov 17, 2017
    risk 0.42cvss 7.5epss 0.02

    nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile()

  • CVE-2017-1000208HigNov 17, 2017
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<=…

  • CVE-2017-1000200HigNov 17, 2017
    risk 0.49cvss 7.5epss 0.01

    tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service

  • CVE-2017-1000199HigNov 17, 2017
    risk 0.49cvss 7.5epss 0.01

    tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges.

  • CVE-2017-1000198HigNov 17, 2017
    risk 0.49cvss 7.5epss 0.01

    tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service

  • CVE-2017-1000195HigNov 17, 2017
    risk 0.49cvss 7.5epss 0.02

    October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server.

  • CVE-2017-1000187HigNov 17, 2017
    risk 0.51cvss 7.8epss 0.01

    In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF()

  • CVE-2017-0865HigNov 16, 2017
    risk 0.51cvss 7.8epss 0.00

    An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-65025090. References: M-ALPS02973195.

  • CVE-2017-0864HigNov 16, 2017
    risk 0.51cvss 7.8epss 0.00

    An elevation of privilege vulnerability in the MediaTek ioctl (flashlight). Product: Android. Versions: Android kernel. Android ID: A-37277147. References: M-ALPS03394571.

  • CVE-2017-0863HigNov 16, 2017
    risk 0.51cvss 7.8epss 0.00

    An elevation of privilege vulnerability in the Upstream kernel video driver. Product: Android. Versions: Android kernel. Android ID: A-37950620.

  • CVE-2017-0862HigNov 16, 2017
    risk 0.51cvss 7.8epss 0.00

    An elevation of privilege vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-36006779.

  • CVE-2017-0861HigNov 16, 2017
    risk 0.51cvss 7.8epss 0.00

    Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.

  • CVE-2017-0859HigNov 16, 2017
    risk 0.49cvss 7.5epss 0.00

    Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36075131.

  • CVE-2017-0858HigNov 16, 2017
    risk 0.49cvss 7.5epss 0.01

    Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64836894.

  • CVE-2017-0857HigNov 16, 2017
    risk 0.49cvss 7.5epss 0.00

    Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65122447.

  • CVE-2017-0852HigNov 16, 2017
    risk 0.49cvss 7.5epss 0.00

    A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0. Android ID: A-62815506.

  • CVE-2017-0845HigNov 16, 2017
    risk 0.49cvss 7.5epss 0.00

    A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827.

  • CVE-2017-0843HigNov 16, 2017
    risk 0.51cvss 7.8epss 0.00

    An elevation of privilege vulnerability in the MediaTek ccci. Product: Android. Versions: Android kernel. Android ID: A-62670819. References: M-ALPS03361488.

  • CVE-2017-0842HigNov 16, 2017
    risk 0.51cvss 7.8epss 0.00

    An elevation of privilege vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37502513.

  • CVE-2017-0841HigNov 16, 2017
    risk 0.51cvss 7.8epss 0.01

    A remote code execution vulnerability in the Android system (libutils). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37723026.

  • CVE-2017-0840HigNov 16, 2017
    risk 0.49cvss 7.5epss 0.01

    An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62948670.

  • CVE-2017-0839HigNov 16, 2017
    risk 0.49cvss 7.5epss 0.01

    An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64478003.

  • CVE-2017-0838HigNov 16, 2017
    risk 0.51cvss 7.8epss 0.00

    An elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-63522818.

  • CVE-2017-0836HigNov 16, 2017
    risk 0.51cvss 7.8epss 0.01

    A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64893226.

  • CVE-2017-0835HigNov 16, 2017
    risk 0.51cvss 7.8epss 0.01

    A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63316832.

  • CVE-2017-0834HigNov 16, 2017
    risk 0.51cvss 7.8epss 0.01

    A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63125953.

  • CVE-2017-0833HigNov 16, 2017
    risk 0.51cvss 7.8epss 0.01

    A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62896384.

  • CVE-2017-0832HigNov 16, 2017
    risk 0.51cvss 7.8epss 0.01

    A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62887820.

  • CVE-2017-0831HigNov 16, 2017
    risk 0.51cvss 7.8epss 0.00

    An elevation of privilege vulnerability in the Android framework (window manager). Product: Android. Versions: 8.0. Android ID: A-37442941.

  • CVE-2017-0830HigNov 16, 2017
    risk 0.51cvss 7.8epss 0.00

    An elevation of privilege vulnerability in the Android framework (device policy client). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62623498.

  • CVE-2017-9721HigNov 16, 2017
    risk 0.51cvss 7.8epss 0.00

    In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the boot loader, a buffer overflow can occur while parsing the splash image.

  • CVE-2017-9719HigNov 16, 2017
    risk 0.51cvss 7.8epss 0.00

    In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the kernel driver MDSS, a buffer overflow can occur in HDMI CEC parsing if frame size is out of range.

  • CVE-2017-9702HigNov 16, 2017
    risk 0.51cvss 7.8epss 0.00

    In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a user-space pointer is directly accessed in a camera driver.