VYPR

CVEs

100,472 total · page 1878 of 2,010

  • CVE-2017-9953HigJun 26, 2017
    risk 0.49cvss 7.5epss 0.03

    There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.

  • CVE-2017-7458HigJun 26, 2017
    risk 0.49cvss 7.5epss 0.02

    The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty field that should have contained a hostname or IP address.

  • CVE-2017-6324HigJun 26, 2017
    risk 0.48cvss 7.3epss 0.01

    The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. This constitutes a 'bypass' of the disarm…

  • CVE-2017-9949HigJun 26, 2017
    risk 0.51cvss 7.8epss 0.02

    The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (stack-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a buffer…

  • CVE-2016-8493HigJun 26, 2017
    risk 0.57cvss 8.8epss 0.02

    In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability.

  • CVE-2015-3315HigJun 26, 2017
    risk 0.47cvss 7.8epss 0.05

    Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an…

  • CVE-2015-3215HigJun 26, 2017
    risk 0.42cvss 7.5epss 0.02

    The NetKVM Windows Virtio driver allows remote attackers to cause a denial of service (guest crash) via a crafted length value in an IP packet, as demonstrated by a value that does not account for the size of the IP options.

  • CVE-2017-9948HigJun 26, 2017
    risk 0.58cvss 8.8epss 0.06

    A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box.

  • CVE-2017-7496HigJun 26, 2017
    risk 0.46cvss 7.0epss 0.00

    fedora-arm-installer up to and including 1.99.16 is vulnerable to local privilege escalation due to lack of checking the error condition of mount operation failure on unsafely created temporary directories.

  • CVE-2017-9935HigJun 26, 2017
    risk 0.58cvss 8.8epss 0.04

    In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or…

  • CVE-2017-7459HigJun 26, 2017
    risk 0.49cvss 7.5epss 0.01

    ntopng before 3.0 allows HTTP Response Splitting.

  • CVE-2017-6678HigJun 26, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the ingress UDP packet processing functionality of Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software 19.2 through 21.0 could allow an unauthenticated, remote attacker to cause both control function (CF) instances on an affected system to…

  • CVE-2017-6669HigJun 26, 2017
    risk 0.51cvss 7.8epss 0.02

    Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious ARF file via email or URL and convincing the user to launch…

  • CVE-2017-6662HigJun 26, 2017
    risk 0.52cvss 8.0epss 0.02

    A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code…

  • CVE-2017-9872HigJun 25, 2017
    risk 0.54cvss 7.8epss 0.10

    The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a…

  • CVE-2017-9871HigJun 25, 2017
    risk 0.51cvss 7.8epss 0.02

    The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio…

  • CVE-2017-9840HigJun 25, 2017
    risk 0.57cvss 8.8epss 0.01

    Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application.

  • CVE-2017-9846HigJun 24, 2017
    risk 0.57cvss 8.8epss 0.03

    Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder.

  • CVE-2017-9833HigJun 24, 2017
    risk 0.57cvss 7.5epss 0.68

    /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one type of camera) because…

  • CVE-2017-9829HigJun 23, 2017
    risk 0.54cvss 7.5epss 0.69

    '/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already…

  • CVE-2017-1347HigJun 23, 2017
    risk 0.57cvss 8.8epss 0.01

    IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126462.

  • CVE-2017-9776HigJun 22, 2017
    risk 0.51cvss 7.8epss 0.02

    Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.

  • CVE-2017-0897HigJun 22, 2017
    risk 0.49cvss 7.5epss 0.04

    ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution.

  • CVE-2017-0176HigJun 22, 2017
    risk 0.56cvss 8.1epss 0.46

    A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote…

  • CVE-2017-3629HigJun 22, 2017
    risk 0.54cvss 7.8epss 0.05

    Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to…

  • CVE-2017-4988HigJun 21, 2017
    risk 0.47cvss 7.2epss 0.02

    EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system.

  • CVE-2017-3219HigJun 21, 2017
    risk 0.57cvss 8.8epss 0.00

    Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash.

  • CVE-2017-3218HigJun 21, 2017
    risk 0.57cvss 8.8epss 0.00

    Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates.

  • CVE-2016-7508HigJun 21, 2017
    risk 0.52cvss 7.5epss 0.02

    Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5 Asian encoding.

  • CVE-2017-7922HigJun 21, 2017
    risk 0.53cvss 7.6epss 0.10

    An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sensitive information and possibly allow for configuration changes.

  • CVE-2017-6045HigJun 21, 2017
    risk 0.49cvss 7.5epss 0.02

    An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information.

  • CVE-2017-6043HigJun 21, 2017
    risk 0.49cvss 7.5epss 0.02

    A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available.

  • CVE-2017-2813HigJun 21, 2017
    risk 0.57cvss 8.8epss 0.02

    An exploitable integer overflow vulnerability exists in the JPEG 2000 parser functionality of IrfanView 4.44. A specially crafted jpeg2000 image can cause an integer overflow leading to wrong memory allocation resulting in arbitrary code execution. Vulnerability can be triggered…

  • CVE-2017-9774HigJun 21, 2017
    risk 0.57cvss 8.8epss 0.02

    Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication.

  • CVE-2017-9780HigJun 21, 2017
    risk 0.51cvss 7.8epss 0.00

    In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable…

  • CVE-2017-2831HigJun 21, 2017
    risk 0.49cvss 7.5epss 0.03

    An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker…

  • CVE-2017-2830HigJun 21, 2017
    risk 0.49cvss 7.5epss 0.03

    An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker…

  • CVE-2017-2828HigJun 21, 2017
    risk 0.58cvss 8.8epss 0.08

    An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation…

  • CVE-2017-2827HigJun 21, 2017
    risk 0.58cvss 8.8epss 0.08

    An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation…

  • CVE-2017-9766HigJun 21, 2017
    risk 0.49cvss 7.5epss 0.04

    In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c.

  • CVE-2017-3087HigJun 20, 2017
    risk 0.49cvss 7.5epss 0.03

    Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate.

  • CVE-2017-7668HigJun 20, 2017
    risk 0.53cvss 7.5epss 0.57

    The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a…

  • CVE-2017-3745HigJun 20, 2017
    risk 0.51cvss 7.8epss 0.00

    In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and…

  • CVE-2017-3743HigJun 20, 2017
    risk 0.49cvss 7.5epss 0.01

    If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSPI) or Dynamic System Analysis (DSA) to a second machine, the other users may be…

  • CVE-2017-3214HigJun 20, 2017
    risk 0.49cvss 7.5epss 0.01

    The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary.

  • CVE-2017-9763HigJun 19, 2017
    risk 0.49cvss 7.5epss 0.04

    The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a…

  • CVE-2017-1000379HigJun 19, 2017
    risk 0.54cvss 7.8epss 0.02

    The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.

  • CVE-2017-1000376HigJun 19, 2017
    risk 0.46cvss 7.0epss 0.01

    libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be…

  • CVE-2017-1000371HigJun 19, 2017
    risk 0.54cvss 7.8epss 0.02

    The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIM_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above…

  • CVE-2017-1000370HigJun 19, 2017
    risk 0.54cvss 7.8epss 0.02

    The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the…