VYPR

CVEs

101,963 total · page 1871 of 2,040

  • CVE-2015-5263HigSep 25, 2017
    risk 0.46cvss 8.1epss 0.01

    pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration.

  • CVE-2015-5184HigSep 25, 2017
    risk 0.49cvss 7.5epss 0.01

    Console: CORS headers set to allow all in Red Hat AMQ.

  • CVE-2015-5183HigSep 25, 2017
    risk 0.49cvss 7.5epss 0.02

    Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ.

  • CVE-2015-5182HigSep 25, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ.

  • CVE-2017-14730HigSep 25, 2017
    risk 0.51cvss 7.8epss 0.00

    The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link.

  • CVE-2015-7318HigSep 25, 2017
    risk 0.49cvss 7.5epss 0.02

    Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses.

  • CVE-2015-5237HigSep 25, 2017
    risk 0.58cvss 8.8epss 0.05

    protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.

  • CVE-2015-4669HigSep 25, 2017
    risk 0.54cvss 7.8epss 0.01

    The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.

  • CVE-2017-14729HigSep 25, 2017
    risk 0.51cvss 7.8epss 0.02

    The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and…

  • CVE-2017-1362HigSep 25, 2017
    risk 0.51cvss 7.8epss 0.00

    IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801.

  • CVE-2017-14683HigSep 25, 2017
    risk 0.50cvss 8.8epss 0.01

    geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload.

  • CVE-2017-14727HigSep 23, 2017
    risk 0.49cvss 7.5epss 0.03

    logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized.

  • CVE-2017-14722HigSep 23, 2017
    risk 0.49cvss 7.5epss 0.08

    Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.

  • CVE-2017-14719HigSep 23, 2017
    risk 0.50cvss 7.5epss 0.13

    Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.

  • CVE-2017-14627HigSep 23, 2017
    risk 0.55cvss 7.8epss 0.19

    Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default (inside the TEXT tag) parameter in…

  • CVE-2017-14694HigSep 22, 2017
    risk 0.51cvss 7.8epss 0.07

    Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013 and earlier, when running in single instance mode, allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow…

  • CVE-2017-14705HigSep 22, 2017
    risk 0.53cvss 8.1epss 0.07

    DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be…

  • CVE-2017-6277HigSep 22, 2017
    risk 0.51cvss 7.8epss 0.00

    NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or…

  • CVE-2017-6272HigSep 22, 2017
    risk 0.51cvss 7.8epss 0.00

    NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to a denial of service or possible escalation of privileges.

  • CVE-2017-6269HigSep 22, 2017
    risk 0.51cvss 7.8epss 0.00

    NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is used without validation which may lead to denial of service or possible escalation of privileges.

  • CVE-2017-6268HigSep 22, 2017
    risk 0.51cvss 7.8epss 0.00

    NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or…

  • CVE-2017-14081HigSep 22, 2017
    risk 0.59cvss 8.8epss 0.17

    Proxy command injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.

  • CVE-2017-14079HigSep 22, 2017
    risk 0.58cvss 8.8epss 0.11

    Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.

  • CVE-2017-11396HigSep 22, 2017
    risk 0.47cvss 7.2epss 0.03

    Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections.

  • CVE-2017-11395HigSep 22, 2017
    risk 0.58cvss 8.8epss 0.14

    Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations.

  • CVE-2017-3770HigSep 22, 2017
    risk 0.57cvss 8.8epss 0.01

    Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system.

  • CVE-2017-14693HigSep 22, 2017
    risk 0.51cvss 7.8epss 0.00

    IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address controls Branch Selection starting at DJVU!GetPlugInInfo+0x000000000001c613."

  • CVE-2017-14692HigSep 22, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000653b."

  • CVE-2017-14691HigSep 22, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_773a0000!RtlAddAccessAllowedAce+0x000000000000027a."

  • CVE-2017-14690HigSep 22, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000064e7."

  • CVE-2017-14689HigSep 22, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at…

  • CVE-2017-14688HigSep 22, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Read Access Violation starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d917."

  • CVE-2017-14687HigSep 22, 2017
    risk 0.51cvss 7.8epss 0.01

    Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of…

  • CVE-2017-14686HigSep 22, 2017
    risk 0.51cvss 7.8epss 0.02

    Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in…

  • CVE-2017-14685HigSep 22, 2017
    risk 0.51cvss 7.8epss 0.01

    Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because…

  • CVE-2017-8012HigSep 22, 2017
    risk 0.48cvss 7.4epss 0.02

    In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition.…

  • CVE-2017-8007HigSep 22, 2017
    risk 0.57cvss 8.8epss 0.03

    In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access…

  • CVE-2017-14682HigSep 21, 2017
    risk 0.57cvss 8.8epss 0.02

    GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928.

  • CVE-2017-14680HigSep 21, 2017
    risk 0.52cvss 7.5epss 0.04

    ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document.

  • CVE-2017-9281HigSep 21, 2017
    risk 0.49cvss 7.5epss 0.01

    An integer overflow (CWE-190) potentially causing an out-of-bounds read (CWE-125) vulnerability in Micro Focus VisiBroker 8.5 can lead to a denial of service.

  • CVE-2017-14650HigSep 21, 2017
    risk 0.53cvss 8.1epss 0.04

    A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde…

  • CVE-2017-14647HigSep 21, 2017
    risk 0.57cvss 8.8epss 0.02

    A heap-based buffer overflow was discovered in AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.

  • CVE-2017-14646HigSep 21, 2017
    risk 0.49cvss 7.5epss 0.02

    The AP4_AvccAtom and AP4_HvccAtom classes in Bento4 version 1.5.0-617 do not properly validate data sizes, leading to a heap-based buffer over-read and application crash in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp.

  • CVE-2017-14644HigSep 21, 2017
    risk 0.57cvss 8.8epss 0.02

    A heap-based buffer overflow was discovered in the AP4_HdlrAtom class in Bento4 1.5.0-617. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.

  • CVE-2017-14639HigSep 21, 2017
    risk 0.57cvss 8.8epss 0.02

    AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617 uses incorrect character data types, which causes a stack-based buffer underflow and out-of-bounds write, leading to denial of service (application crash) or possibly unspecified other impact.

  • CVE-2017-14320HigSep 21, 2017
    risk 0.52cvss 8.0epss 0.01

    Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to execute arbitrary code by leveraging failure to filter uploaded files.

  • CVE-2017-12929HigSep 21, 2017
    risk 0.61cvss 8.8epss 0.10

    Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution.

  • CVE-2015-3887HigSep 21, 2017
    risk 0.44cvss 7.8epss 0.00

    Untrusted search path vulnerability in ProxyChains-NG before 4.9 allows local users to gain privileges via a Trojan horse libproxychains4.so library in the current working directory, which is referenced in the LD_PRELOAD path.

  • CVE-2017-9725HigSep 21, 2017
    risk 0.51cvss 7.8epss 0.01

    In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail.

  • CVE-2017-9724HigSep 21, 2017
    risk 0.51cvss 7.8epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, user-level permissions can be used to gain access to kernel memory, specifically the ION cache maintenance code is writing to a user supplied address.