VYPR

CVEs

11,223 total · page 188 of 225

  • CVE-2017-9188CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a "left shift ... cannot be represented in type int" issue in input-bmp.c:516:63.

  • CVE-2017-9187CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:486:7.

  • CVE-2017-9186CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:326:17.

  • CVE-2017-9185CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:319:7.

  • CVE-2017-9184CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:314:7.

  • CVE-2017-9183CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:309:7.

  • CVE-2017-9173CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:497:29.

  • CVE-2017-9172CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:496:29.

  • CVE-2017-9171CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-bmp.c:492:24.

  • CVE-2017-9170CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:370:25.

  • CVE-2017-9169CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:355:25.

  • CVE-2017-9168CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:353:25.

  • CVE-2017-9167CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:337:25.

  • CVE-2017-9166CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:18:11.

  • CVE-2017-9165CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:17:11.

  • CVE-2017-9164CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:16:11.

  • CVE-2017-9163CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in pxl-outline.c:106:54.

  • CVE-2017-9162CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in autotrace.c:191:2.

  • CVE-2017-9161CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in autotrace.c:188:23.

  • CVE-2017-9160CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a stack-based buffer overflow in the pnmscanner_gettoken function in input-pnm.c:458:12.

  • CVE-2017-9153CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnm_load_rawpbm function in input-pnm.c:391:13.

  • CVE-2017-9152CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the pnm_load_raw function in input-pnm.c:346:41.

  • CVE-2017-9151CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnm_load_ascii function in input-pnm.c:303:12.

  • CVE-2017-6821CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.04

    Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors.

  • CVE-2017-6813CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.03

    A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fails to require needed privileges before performing a few requested operations.

  • CVE-2016-9843CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.06

    The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

  • CVE-2016-9841CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.07

    inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

  • CVE-2016-7979CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.06

    Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.

  • CVE-2016-7978CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.06

    Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.

  • CVE-2016-5178CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2015-5609CriMay 23, 2017
    risk 0.52cvss 9.1epss 0.03

    Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php.

  • CVE-2015-4455CriMay 23, 2017
    risk 0.70cvss 9.8epss 0.41

    Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct…

  • CVE-2017-1092CriMay 22, 2017
    risk 0.73cvss 9.8epss 0.76

    IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.

  • CVE-2016-4905CriMay 22, 2017
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows attackers with administrator rights to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2017-2527CriMay 22, 2017
    risk 0.67cvss 9.8epss 0.07

    An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "CoreAnimation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via crafted data.

  • CVE-2017-2524CriMay 22, 2017
    risk 0.67cvss 9.8epss 0.07

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "TextInput" component. It allows remote attackers to execute arbitrary…

  • CVE-2017-2523CriMay 22, 2017
    risk 0.68cvss 9.8epss 0.11

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Foundation" component. It allows remote attackers to execute arbitrary…

  • CVE-2017-2522CriMay 22, 2017
    risk 0.67cvss 9.8epss 0.07

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreFoundation" component. It allows remote attackers to execute…

  • CVE-2017-2520CriMay 22, 2017
    risk 0.64cvss 9.8epss 0.05

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code…

  • CVE-2017-2519CriMay 22, 2017
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code…

  • CVE-2017-2518CriMay 22, 2017
    risk 0.64cvss 9.8epss 0.05

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code…

  • CVE-2017-2513CriMay 22, 2017
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. A use-after-free vulnerability allows remote attackers…

  • CVE-2017-9119CriMay 21, 2017
    risk 0.64cvss 9.8epss 0.04

    The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures.

  • CVE-2017-9101CriMay 21, 2017
    risk 0.73cvss 9.8epss 0.77

    import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file.

  • CVE-2017-7504CriMay 19, 2017
    risk 0.66cvss 9.8epss 0.29

    HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute…

  • CVE-2017-6027CriMay 19, 2017
    risk 0.64cvss 9.8epss 0.03

    An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A…

  • CVE-2017-6025CriMay 19, 2017
    risk 0.64cvss 9.8epss 0.02

    A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A malicious…

  • CVE-2017-5174CriMay 19, 2017
    risk 0.71cvss 9.8epss 0.52

    An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control that may allow remote code…

  • CVE-2017-5173CriMay 19, 2017
    risk 0.69cvss 9.8epss 0.30

    An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an…

  • CVE-2017-6622CriMay 18, 2017
    risk 0.72cvss 9.8epss 0.62

    A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP…