VYPR

CVEs

101,963 total · page 1861 of 2,040

  • CVE-2017-15801HigOct 22, 2017
    risk 0.51cvss 7.8epss 0.01

    XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address controls Branch Selection…

  • CVE-2017-11292HigKEVOct 22, 2017
    risk 0.70cvss 8.8epss 0.12

    Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code…

  • CVE-2017-15735HigOct 22, 2017
    risk 0.53cvss 8.8epss 0.01

    In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary.

  • CVE-2017-15734HigOct 22, 2017
    risk 0.53cvss 8.8epss 0.01

    In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php.

  • CVE-2017-15733HigOct 22, 2017
    risk 0.57cvss 8.8epss 0.01

    In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php.

  • CVE-2017-15732HigOct 22, 2017
    risk 0.57cvss 8.8epss 0.01

    In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php.

  • CVE-2017-15731HigOct 22, 2017
    risk 0.57cvss 8.8epss 0.01

    In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php.

  • CVE-2017-15730HigOct 22, 2017
    risk 0.60cvss 8.8epss 0.02

    In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php.

  • CVE-2017-15729HigOct 22, 2017
    risk 0.57cvss 8.8epss 0.01

    In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary.

  • CVE-2015-5699HigOct 22, 2017
    risk 0.51cvss 7.8epss 0.00

    The Switch Configuration Tools Backend (clcmd_server) in Cumulus Linux 2.5.3 and earlier allows local users to execute arbitrary commands via shell metacharacters in a cl-rctl command label.

  • CVE-2015-5177HigOct 22, 2017
    risk 0.49cvss 7.5epss 0.06

    Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.

  • CVE-2017-13127HigOct 20, 2017
    risk 0.53cvss 8.1epss 0.01

    The VIP.com application for IOS and Android allows remote attackers to obtain sensitive information and hijack the authentication of users via a rogue access point and a man-in-the-middle attack.

  • CVE-2013-6049HigOct 20, 2017
    risk 0.51cvss 7.8epss 0.00

    apt-listbugs before 0.1.10 creates temporary files insecurely, which allows attackers to have unspecified impact via unknown vectors.

  • CVE-2017-6145HigOct 20, 2017
    risk 0.48cvss 7.3epss 0.01

    iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.0.0 through 12.1.2 and 13.0.0 includes a service to convert authorization BIGIPAuthCookie cookies to X-F5-Auth-Token tokens. This service does not properly re-validate…

  • CVE-2017-6144HigOct 20, 2017
    risk 0.48cvss 7.4epss 0.01

    In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type Allocation Code (TAC) database file via HTTPS, the server's certificate is not verified. Attackers in a privileged network position may be able to launch a man-in-the-middle attack against these connections. TAC…

  • CVE-2017-12628HigOct 20, 2017
    risk 0.51cvss 7.8epss 0.01

    The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for…

  • CVE-2017-2133HigOct 20, 2017
    risk 0.57cvss 8.8epss 0.01

    SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2017-2132HigOct 20, 2017
    risk 0.49cvss 7.5epss 0.01

    Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to delete arbitrary files in a specific directory via unspecified vectors.

  • CVE-2017-15650HigOct 19, 2017
    risk 0.49cvss 7.5epss 0.02

    musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.

  • CVE-2017-14017HigOct 19, 2017
    risk 0.51cvss 7.8epss 0.01

    An Uncontrolled Search Path Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An uncontrolled search path element vulnerability has been identified, which may allow a remote attacker without privileges to execute arbitrary code in the form of a…

  • CVE-2017-15649HigOct 19, 2017
    risk 0.54cvss 7.8epss 0.01

    net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a…

  • CVE-2017-15647HigOct 19, 2017
    risk 0.54cvss 7.5epss 0.27

    On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.

  • CVE-2017-15645HigOct 19, 2017
    risk 0.60cvss 8.8epss 0.03

    CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands.

  • CVE-2017-15644HigOct 19, 2017
    risk 0.60cvss 8.6epss 0.09

    SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000.

  • CVE-2017-15643HigOct 19, 2017
    risk 0.52cvss 7.4epss 0.06

    An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS Anti Virus 2.16.7. IKARUS AV for Windows uses cleartext HTTP for updates along with a CRC32 checksum and an update value for verification of the downloaded files. The attacker first…

  • CVE-2017-10933HigOct 19, 2017
    risk 0.49cvss 7.5epss 0.02

    All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address.

  • CVE-2015-6668HigOct 19, 2017
    risk 0.50cvss 7.5epss 0.10

    The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object reference.

  • CVE-2015-4422HigOct 19, 2017
    risk 0.46cvss 7.0epss 0.01

    The TEEOS module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users with root permissions to gain privileges or cause a denial of service (memory corruption) via a crafted application.

  • CVE-2015-4421HigOct 19, 2017
    risk 0.49cvss 7.5epss 0.01

    The tzdriver module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users to gain privileges or cause a denial of service (memory corruption) via an unspecified input.

  • CVE-2012-4380HigOct 19, 2017
    risk 0.49cvss 7.5epss 0.02

    MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors.

  • CVE-2017-5635HigOct 19, 2017
    risk 0.49cvss 7.5epss 0.03

    In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the "anonymous" user.

  • CVE-2017-10955HigOct 19, 2017
    risk 0.58cvss 8.8epss 0.07

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Authentication is required to exploit this vulnerability. The specific flaw exists within the EMC DPA Application service, which listens on TCP…

  • CVE-2012-6707HigOct 19, 2017
    risk 0.42cvss 7.5epss 0.01

    WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as…

  • CVE-2017-3588HigOct 19, 2017
    risk 0.47cvss 7.3epss 0.01

    Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: HA for MySQL). Supported versions that are affected are 3.3 and 4.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris…

  • CVE-2017-3446HigOct 19, 2017
    risk 0.53cvss 8.2epss 0.02

    Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker…

  • CVE-2017-3445HigOct 19, 2017
    risk 0.53cvss 8.2epss 0.02

    Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker…

  • CVE-2017-3444HigOct 19, 2017
    risk 0.53cvss 8.2epss 0.02

    Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker…

  • CVE-2017-10424HigOct 19, 2017
    risk 0.57cvss 8.8epss 0.02

    Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Web). Supported versions that are affected are 3.2.8.2223 and earlier, 3.3.4.3247 and earlier and 3.4.2.4181 and earlier. Easily exploitable vulnerability allows unauthenticated…

  • CVE-2017-10417HigOct 19, 2017
    risk 0.53cvss 8.2epss 0.02

    Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: Setup and Configuration). Supported versions that are affected are 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated…

  • CVE-2017-10416HigOct 19, 2017
    risk 0.53cvss 8.2epss 0.02

    Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: Setup and Configuration). Supported versions that are affected are 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated…

  • CVE-2017-10415HigOct 19, 2017
    risk 0.53cvss 8.2epss 0.02

    Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: Others). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with…

  • CVE-2017-10414HigOct 19, 2017
    risk 0.53cvss 8.2epss 0.02

    Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Checkout and Order Placement). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows…

  • CVE-2017-10413HigOct 19, 2017
    risk 0.53cvss 8.2epss 0.02

    Vulnerability in the Oracle Mobile Field Service component of Oracle E-Business Suite (subcomponent: Multiplatform Based on HTML5). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows…

  • CVE-2017-10412HigOct 19, 2017
    risk 0.53cvss 8.2epss 0.02

    Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows…

  • CVE-2017-10411HigOct 19, 2017
    risk 0.53cvss 8.2epss 0.02

    Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows…

  • CVE-2017-10410HigOct 19, 2017
    risk 0.53cvss 8.2epss 0.02

    Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: Search). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated…

  • CVE-2017-10409HigOct 19, 2017
    risk 0.53cvss 8.2epss 0.02

    Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Merchant UI). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with…

  • CVE-2017-10408HigOct 19, 2017
    risk 0.47cvss 7.3epss 0.00

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM…

  • CVE-2017-10407HigOct 19, 2017
    risk 0.47cvss 7.3epss 0.00

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM…

  • CVE-2017-10403HigOct 19, 2017
    risk 0.52cvss 8.0epss 0.01

    Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: iQuery). Supported versions that are affected are 8.5.1 and 9.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access…