VYPR

CVEs

101,963 total · page 1864 of 2,040

  • CVE-2017-15369HigOct 16, 2017
    risk 0.51cvss 7.8epss 0.01

    The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or…

  • CVE-2017-15368HigOct 16, 2017
    risk 0.51cvss 7.8epss 0.01

    The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted WASM file that triggers an incorrect…

  • CVE-2017-15303HigOct 16, 2017
    risk 0.51cvss 7.8epss 0.02

    In CPUID CPU-Z before 1.43, there is an arbitrary memory write that results directly in elevation of privileges, because any program running on the local machine (while CPU-Z is running) can issue an ioctl 0x9C402430 call to the kernel-mode driver (e.g., cpuz141_x64.sys for…

  • CVE-2017-15302HigOct 16, 2017
    risk 0.51cvss 7.8epss 0.00

    In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver (e.g., cpuz143_x64.sys for version 1.43) that can result in information disclosure or elevation of privileges, because of an arbitrary read of any physical address via ioctl 0x9C402604. Any…

  • CVE-2017-15363HigOct 15, 2017
    risk 0.50cvss 7.5epss 0.14

    Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1 for TYPO3, allows remote attackers to read arbitrary files via the file parameter.

  • CVE-2017-6224HigOct 13, 2017
    risk 0.57cvss 8.8epss 0.01

    Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. contain OS Command Injection vulnerabilities that could…

  • CVE-2017-6223HigOct 13, 2017
    risk 0.57cvss 8.8epss 0.02

    Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the…

  • CVE-2017-10624HigOct 13, 2017
    risk 0.49cvss 7.5epss 0.00

    Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized modifications to Space database or add nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1.

  • CVE-2017-10623HigOct 13, 2017
    risk 0.46cvss 7.1epss 0.01

    Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes. Affected releases are Juniper Networks Junos Space all…

  • CVE-2017-10620HigOct 13, 2017
    risk 0.48cvss 7.4epss 0.01

    Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. This may allow a man-in-the-middle attacker to inject bogus signatures to cause service disruptions or make the device not detect certain types of…

  • CVE-2017-10619HigOct 13, 2017
    risk 0.49cvss 7.5epss 0.01

    When Express Path (formerly known as service offloading) is configured on Juniper Networks SRX1400, SRX3400, SRX3600, SRX5400, SRX5600, SRX5800 in high availability cluster configuration mode, certain multicast packets might cause the flowd process to crash, halting or…

  • CVE-2017-10612HigOct 13, 2017
    risk 0.52cvss 8.0epss 0.01

    A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected…

  • CVE-2017-10610HigOct 13, 2017
    risk 0.49cvss 7.5epss 0.01

    On SRX Series devices, a crafted ICMP packet embedded within a NAT64 IPv6 to IPv4 tunnel may cause the flowd process to crash. Repeated crashes of the flowd process constitutes an extended denial of service condition for the SRX Series device. This issue only occurs if NAT64 is…

  • CVE-2017-10608HigOct 13, 2017
    risk 0.49cvss 7.5epss 0.01

    Any Juniper Networks SRX series device with one or more ALGs enabled may experience a flowd crash when traffic is processed by the Sun/MS-RPC ALGs. This vulnerability in the Sun/MS-RPC ALG services component of Junos OS allows an attacker to cause a repeated denial of service…

  • CVE-2017-10607HigOct 13, 2017
    risk 0.49cvss 7.5epss 0.01

    Juniper Networks Junos OS 16.1R1, and services releases based off of 16.1R1, are vulnerable to the receipt of a crafted BGP Protocol Data Unit (PDU) sent directly to the router, which can cause the RPD routing process to crash and restart. Unlike BGP UPDATEs, which are…

  • CVE-2016-4925HigOct 13, 2017
    risk 0.49cvss 7.5epss 0.03

    Receipt of a specifically malformed IPv6 packet processed by the router may trigger a line card reset: processor exception 0x68616c74 (halt) in task: scheduler. The line card will reboot and recover without user interaction. However, additional specifically malformed packets may…

  • CVE-2016-4924HigOct 13, 2017
    risk 0.55cvss 8.4epss 0.00

    An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during…

  • CVE-2016-4923HigOct 13, 2017
    risk 0.52cvss 8.0epss 0.01

    Insufficient cross site scripting protection in J-Web component in Juniper Networks Junos OS may potentially allow a remote unauthenticated user to inject web script or HTML and steal sensitive data and credentials from a J-Web session and to perform administrative actions on…

  • CVE-2016-4922HigOct 13, 2017
    risk 0.55cvss 8.4epss 0.00

    Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a way that can allow unauthorized access to the operating system. This may allow any user with permissions to run these CLI commands the ability to achieve elevated privileges and…

  • CVE-2016-4921HigOct 13, 2017
    risk 0.49cvss 7.5epss 0.03

    By flooding a Juniper Networks router running Junos OS with specially crafted IPv6 traffic, all available resources can be consumed, leading to the inability to store next hop information for legitimate traffic. In extreme cases, the crafted IPv6 traffic may result in a total…

  • CVE-2016-1261HigOct 13, 2017
    risk 0.46cvss 7.1epss 0.00

    J-Web does not validate certain input that may lead to cross-site request forgery (CSRF) issues or cause a denial of J-Web service (DoS).

  • CVE-2017-15276HigOct 13, 2017
    risk 0.61cvss 8.8epss 0.09

    OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR…

  • CVE-2017-15013HigOct 13, 2017
    risk 0.61cvss 8.8epss 0.07

    OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are…

  • CVE-2017-15012HigOct 13, 2017
    risk 0.61cvss 8.8epss 0.08

    OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack an arbitrary file from the Content Server filesystem; because some files on the…

  • CVE-2017-8727HigOct 13, 2017
    risk 0.49cvss 7.5epss 0.08

    Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Microsoft…

  • CVE-2017-8718HigOct 13, 2017
    risk 0.53cvss 7.8epss 0.23

    The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to take control of an affected system, due to how it handles…

  • CVE-2017-8717HigOct 13, 2017
    risk 0.53cvss 7.8epss 0.24

    The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to take control of an affected system, due to how it handles…

  • CVE-2017-8694HigOct 13, 2017
    risk 0.46cvss 7.0epss 0.01

    The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability…

  • CVE-2017-8689HigOct 13, 2017
    risk 0.46cvss 7.0epss 0.01

    The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability…

  • CVE-2017-11826HigKEVOct 13, 2017
    risk 0.69cvss 7.8epss 0.81

    Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software…

  • CVE-2017-11825HigOct 13, 2017
    risk 0.52cvss 7.8epss 0.22

    Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for Mac allow an attacker to use a specially crafted file to perform actions in the security context of the current user, due to how Microsoft Office handles files in memory, aka "Microsoft Office Remote Code…

  • CVE-2017-11824HigOct 13, 2017
    risk 0.46cvss 7.0epss 0.01

    The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability in the way…

  • CVE-2017-11822HigOct 13, 2017
    risk 0.49cvss 7.5epss 0.08

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current…

  • CVE-2017-11821HigOct 13, 2017
    risk 0.42cvss 7.5epss 0.09

    ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique…

  • CVE-2017-11819HigOct 13, 2017
    risk 0.50cvss 7.5epss 0.14

    Microsoft Windows 7 SP1 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft browsers handle objects in memory, aka "Windows Shell Remote Code Execution Vulnerability".

  • CVE-2017-11813HigOct 13, 2017
    risk 0.49cvss 7.5epss 0.08

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka…

  • CVE-2017-11812HigOct 13, 2017
    risk 0.53cvss 7.5epss 0.47

    ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption…

  • CVE-2017-11811HigOct 13, 2017
    risk 0.57cvss 7.5epss 0.65

    ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory…

  • CVE-2017-11810HigOct 13, 2017
    risk 0.56cvss 7.5epss 0.54

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current…

  • CVE-2017-11809HigOct 13, 2017
    risk 0.57cvss 7.5epss 0.68

    ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory…

  • CVE-2017-11808HigOct 13, 2017
    risk 0.49cvss 7.5epss 0.09

    ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory…

  • CVE-2017-11807HigOct 13, 2017
    risk 0.42cvss 7.5epss 0.09

    ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique…

  • CVE-2017-11806HigOct 13, 2017
    risk 0.42cvss 7.5epss 0.09

    ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique…

  • CVE-2017-11805HigOct 13, 2017
    risk 0.42cvss 7.5epss 0.09

    ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique…

  • CVE-2017-11804HigOct 13, 2017
    risk 0.49cvss 7.5epss 0.09

    ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory…

  • CVE-2017-11802HigOct 13, 2017
    risk 0.57cvss 7.5epss 0.69

    ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory…

  • CVE-2017-11801HigOct 13, 2017
    risk 0.42cvss 7.5epss 0.06

    ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11792,…

  • CVE-2017-11800HigOct 13, 2017
    risk 0.49cvss 7.5epss 0.09

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".…

  • CVE-2017-11799HigOct 13, 2017
    risk 0.57cvss 7.5epss 0.64

    ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory…

  • CVE-2017-11798HigOct 13, 2017
    risk 0.49cvss 7.5epss 0.09

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption…