VYPR

CVEs

101,963 total · page 1875 of 2,040

  • CVE-2017-14428HigSep 13, 2017
    risk 0.51cvss 7.8epss 0.00

    D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions.

  • CVE-2017-14427HigSep 13, 2017
    risk 0.51cvss 7.8epss 0.00

    D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions.

  • CVE-2017-14426HigSep 13, 2017
    risk 0.51cvss 7.8epss 0.00

    D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0644 /var/etc/shadow (aka the /etc/shadow symlink target) permissions.

  • CVE-2017-14425HigSep 13, 2017
    risk 0.51cvss 7.8epss 0.00

    D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd permissions.

  • CVE-2017-14424HigSep 13, 2017
    risk 0.51cvss 7.8epss 0.00

    D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions.

  • CVE-2017-14423HigSep 13, 2017
    risk 0.49cvss 7.5epss 0.01

    htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests.

  • CVE-2017-14422HigSep 13, 2017
    risk 0.49cvss 7.5epss 0.01

    D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS…

  • CVE-2017-14418HigSep 13, 2017
    risk 0.53cvss 8.1epss 0.01

    The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services.

  • CVE-2017-12612HigSep 13, 2017
    risk 0.51cvss 7.8epss 0.01

    In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to arbitrary code execution by an attacker with access to any user…

  • CVE-2016-8744HigSep 13, 2017
    risk 0.58cvss 8.8epss 0.04

    Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type…

  • CVE-2016-8737HigSep 13, 2017
    risk 0.57cvss 8.8epss 0.01

    In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as…

  • CVE-2017-7441HigSep 13, 2017
    risk 0.51cvss 7.8epss 0.00

    In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some…

  • CVE-2017-6008HigSep 13, 2017
    risk 0.54cvss 7.8epss 0.02

    A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate privileges via a malformed IOCTL call.

  • CVE-2017-14398HigSep 13, 2017
    risk 0.51cvss 7.8epss 0.00

    rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to read and write to arbitrary memory locations, and consequently gain privileges, via a methodology involving a handle to \Device\PhysicalMemory, IOCTL 0x22A064, and ZwMapViewOfSection.

  • CVE-2017-11350HigSep 13, 2017
    risk 0.57cvss 8.8epss 0.00

    Cross-Site Request Forgery (CSRF) exists in cgi-bin/ConfigSet on Axesstel MU553S MU55XS-V1.14 devices.

  • CVE-2017-14412HigSep 13, 2017
    risk 0.51cvss 7.8epss 0.01

    An invalid memory write was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a denial of service (segmentation fault and application crash) or possibly unspecified other impact.

  • CVE-2017-14411HigSep 13, 2017
    risk 0.51cvss 7.8epss 0.02

    A stack-based buffer overflow was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.

  • CVE-2017-14409HigSep 13, 2017
    risk 0.51cvss 7.8epss 0.02

    A buffer overflow was discovered in III_dequantize_sample in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.

  • CVE-2017-14405HigSep 13, 2017
    risk 0.47cvss 7.2epss 0.04

    The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php.

  • CVE-2017-14404HigSep 13, 2017
    risk 0.49cvss 7.5epss 0.02

    The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file inclusion via the tool_list parameter (aka the url_tool variable) to module/tool_all/select_tool.php, as demonstrated by a tool_list=php://filter/ substring.

  • CVE-2017-8759HigKEVSep 13, 2017
    risk 0.73cvss 7.8epss 0.89

    Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."

  • CVE-2017-8757HigSep 13, 2017
    risk 0.50cvss 7.5epss 0.16

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way Microsoft Edge handles objects in memory, aka "Microsoft Edge Remote Code Execution…

  • CVE-2017-8756HigSep 13, 2017
    risk 0.49cvss 7.5epss 0.09

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Scripting Engine Memory Corruption…

  • CVE-2017-8755HigSep 13, 2017
    risk 0.57cvss 7.5epss 0.71

    Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory…

  • CVE-2017-8753HigSep 13, 2017
    risk 0.49cvss 7.5epss 0.09

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory…

  • CVE-2017-8752HigSep 13, 2017
    risk 0.49cvss 7.5epss 0.09

    Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory…

  • CVE-2017-8751HigSep 13, 2017
    risk 0.56cvss 7.5epss 0.50

    Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from…

  • CVE-2017-8750HigSep 13, 2017
    risk 0.49cvss 7.5epss 0.09

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in…

  • CVE-2017-8749HigSep 13, 2017
    risk 0.50cvss 7.5epss 0.11

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current…

  • CVE-2017-8748HigSep 13, 2017
    risk 0.50cvss 7.5epss 0.12

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in…

  • CVE-2017-8747HigSep 13, 2017
    risk 0.50cvss 7.5epss 0.11

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due…

  • CVE-2017-8744HigSep 13, 2017
    risk 0.52cvss 7.8epss 0.17

    A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, and Microsoft Excel 2016 when they fail to properly handle…

  • CVE-2017-8743HigSep 13, 2017
    risk 0.52cvss 7.8epss 0.21

    A remote code execution vulnerability exists in Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from…

  • CVE-2017-8742HigSep 13, 2017
    risk 0.52cvss 7.8epss 0.21

    A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007,…

  • CVE-2017-8741HigSep 13, 2017
    risk 0.50cvss 7.5epss 0.12

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute…

  • CVE-2017-8740HigSep 13, 2017
    risk 0.58cvss 7.5epss 0.72

    Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is…

  • CVE-2017-8738HigSep 13, 2017
    risk 0.49cvss 7.5epss 0.09

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory…

  • CVE-2017-8737HigSep 13, 2017
    risk 0.50cvss 7.5epss 0.22

    Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Windows PDF…

  • CVE-2017-8734HigSep 13, 2017
    risk 0.56cvss 7.5epss 0.53

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption…

  • CVE-2017-8731HigSep 13, 2017
    risk 0.56cvss 7.5epss 0.52

    Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID…

  • CVE-2017-8729HigSep 13, 2017
    risk 0.58cvss 7.5epss 0.72

    Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is…

  • CVE-2017-8728HigSep 13, 2017
    risk 0.50cvss 7.5epss 0.22

    Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Windows PDF…

  • CVE-2017-8725HigSep 13, 2017
    risk 0.52cvss 7.8epss 0.20

    A remote code execution vulnerability exists in Microsoft Publisher 2007 Service Pack 3 and Microsoft Publisher 2010 Service Pack 2 when they fail to properly handle objects in memory, aka "Microsoft Office Publisher Remote Code Execution".

  • CVE-2017-8720HigSep 13, 2017
    risk 0.51cvss 7.8epss 0.02

    The Microsoft Windows graphics component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability…

  • CVE-2017-8714HigSep 13, 2017
    risk 0.51cvss 7.8epss 0.04

    The Windows Hyper-V component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2,, Windows 10 1607, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka…

  • CVE-2017-8702HigSep 13, 2017
    risk 0.46cvss 7.0epss 0.01

    Windows Error Reporting (WER) in Microsoft Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows an attacker to gain greater access to sensitive information and system functionality, due to the way that WER handles and executes files, aka "Windows Elevation of…

  • CVE-2017-8699HigSep 13, 2017
    risk 0.47cvss 7.0epss 0.21

    Windows Shell in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to run arbitrary code in the context of the current user, due to…

  • CVE-2017-8696HigSep 13, 2017
    risk 0.50cvss 7.5epss 0.14

    Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows…

  • CVE-2017-8692HigSep 13, 2017
    risk 0.50cvss 7.5epss 0.17

    The Windows Uniscribe component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote code execution vulnerability when it fails to properly handle objects in memory, aka "Uniscribe…

  • CVE-2017-8682HigSep 13, 2017
    risk 0.64cvss 8.8epss 0.50

    Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server 2016, Microsoft Office Word Viewer, Microsoft Office 2007 Service Pack 3 , and…