VYPR

CVEs

11,223 total · page 187 of 225

  • CVE-2017-9436CriJun 5, 2017
    risk 0.64cvss 9.8epss 0.01

    TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php.

  • CVE-2017-9435CriJun 5, 2017
    risk 0.57cvss 9.8epss 0.01

    Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters).

  • CVE-2017-8837CriJun 5, 2017
    risk 0.67cvss 9.8epss 0.05

    Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The files in question are /etc/waipass and /etc/roapass. In case one of these devices is…

  • CVE-2017-8835CriJun 5, 2017
    risk 0.72cvss 9.8epss 0.62

    SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth cookie to cgi-bin/MANGA/admin.cgi. One impact is enumeration of user accounts by…

  • CVE-2017-9430CriJun 5, 2017
    risk 0.68cvss 9.8epss 0.11

    Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv[0]. An example threat model…

  • CVE-2017-9433CriJun 5, 2017
    risk 0.64cvss 9.8epss 0.02

    Document Liberation Project libmwaw before 2017-04-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the MsWrd1Parser::readFootnoteCorrespondance function in lib/MsWrd1Parser.cxx.

  • CVE-2017-9432CriJun 5, 2017
    risk 0.64cvss 9.8epss 0.02

    Document Liberation Project libstaroffice before 2017-04-07 has an out-of-bounds write caused by a stack-based buffer overflow related to the DatabaseName::read function in lib/StarWriterStruct.cxx.

  • CVE-2017-9431CriJun 5, 2017
    risk 0.64cvss 9.8epss 0.02

    Google gRPC before 2017-04-05 has an out-of-bounds write caused by a heap-based buffer overflow related to core/lib/iomgr/error.c.

  • CVE-2017-9417CriJun 4, 2017
    risk 0.71cvss 9.8epss 0.48

    Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue.

  • CVE-2017-9364CriJun 2, 2017
    risk 0.64cvss 9.8epss 0.01

    Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code.

  • CVE-2017-9363CriJun 2, 2017
    risk 0.64cvss 9.8epss 0.03

    Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request.

  • CVE-2017-9360CriJun 2, 2017
    risk 0.64cvss 9.8epss 0.01

    WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php.

  • CVE-2015-5473CriJun 1, 2017
    risk 0.65cvss 9.8epss 0.13

    Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified…

  • CVE-2015-0936CriJun 1, 2017
    risk 0.73cvss 9.8epss 0.78

    Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.

  • CVE-2017-7494CriKEVMay 30, 2017
    risk 0.86cvss 9.8epss 0.99

    Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

  • CVE-2017-9294CriMay 29, 2017
    risk 0.64cvss 9.8epss 0.02

    RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports.

  • CVE-2017-9148CriMay 29, 2017
    risk 0.64cvss 9.8epss 0.04

    The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass…

  • CVE-2017-7915CriMay 29, 2017
    risk 0.64cvss 9.8epss 0.02

    An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and…

  • CVE-2017-7913CriMay 29, 2017
    risk 0.64cvss 9.8epss 0.01

    A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell…

  • CVE-2017-9265CriMay 29, 2017
    risk 0.64cvss 9.8epss 0.03

    In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.

  • CVE-2017-9264CriMay 29, 2017
    risk 0.64cvss 9.8epss 0.02

    In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely.

  • CVE-2017-9232CriMay 28, 2017
    risk 0.64cvss 9.8epss 0.48

    Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.

  • CVE-2015-9059CriMay 28, 2017
    risk 0.57cvss 9.8epss 0.02

    picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely.

  • CVE-2017-7337CriMay 27, 2017
    risk 0.59cvss 9.1epss 0.01

    An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the…

  • CVE-2017-6862CriKEVMay 26, 2017
    risk 0.79cvss 9.8epss 0.43

    NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261.

  • CVE-2016-10375CriMay 26, 2017
    risk 0.57cvss 9.8epss 0.02

    Yodl before 3.07.01 has a Buffer Over-read in the queue_push function in queue/queuepush.c.

  • CVE-2017-9034CriMay 26, 2017
    risk 0.64cvss 9.8epss 0.06

    Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates.

  • CVE-2016-6256CriMay 26, 2017
    risk 0.66cvss 9.6epss 0.08

    SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i.vplatform.runtime/INB_WS_CALL_SYNC_XPT/INB_WS_CALL_SYNC_XPT.ipo/proc, aka SAP…

  • CVE-2016-4435CriMay 25, 2017
    risk 0.59cvss 9.0epss 0.01

    An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated…

  • CVE-2016-0761CriMay 25, 2017
    risk 0.64cvss 9.8epss 0.02

    Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other…

  • CVE-2015-5211CriMay 25, 2017
    risk 0.56cvss 9.6epss 0.03

    Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in…

  • CVE-2014-3527CriMay 25, 2017
    risk 0.57cvss 9.8epss 0.02

    When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information…

  • CVE-2017-9228CriMay 24, 2017
    risk 0.64cvss 9.8epss 0.06

    An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state…

  • CVE-2017-9227CriMay 24, 2017
    risk 0.64cvss 9.8epss 0.06

    An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could…

  • CVE-2017-9226CriMay 24, 2017
    risk 0.64cvss 9.8epss 0.08

    An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled…

  • CVE-2017-9225CriMay 24, 2017
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not…

  • CVE-2017-9224CriMay 24, 2017
    risk 0.64cvss 9.8epss 0.07

    An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in…

  • CVE-2017-2800CriMay 24, 2017
    risk 0.67cvss 9.8epss 0.09

    A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution. In order to trigger this vulnerability, the…

  • CVE-2017-9214CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.03

    In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.

  • CVE-2017-6131CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.01

    In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user…

  • CVE-2017-9200CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:528:63.

  • CVE-2017-9199CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:192:19.

  • CVE-2017-9198CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:508:18.

  • CVE-2017-9197CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:498:55.

  • CVE-2017-9196CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a "negative-size-param" issue in the ReadImage function in input-tga.c:528:7.

  • CVE-2017-9195CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:620:27.

  • CVE-2017-9194CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:559:29.

  • CVE-2017-9193CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:538:33.

  • CVE-2017-9192CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-tga.c:528:7.

  • CVE-2017-9191CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the rle_fread function in input-tga.c:252:15.