VYPR

CVEs

100,472 total · page 1882 of 2,010

  • CVE-2017-6674HigJun 13, 2017
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. More Information: CSCvb16413. Known Affected Releases: 6.0.1…

  • CVE-2017-6671HigJun 13, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter. More Information: CSCvd34632.…

  • CVE-2017-6659HigJun 13, 2017
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvc91800.…

  • CVE-2017-4994HigJun 13, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x…

  • CVE-2017-4991HigJun 13, 2017
    risk 0.40cvss 7.2epss 0.01

    An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12, and other versions prior to v3.17.0; and UAA bosh release (uaa-release) 13.x…

  • CVE-2017-4975HigJun 13, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0. Tiles created by the PCF Tile Generator create a running open security group that overrides security groups set by the operator.

  • CVE-2017-4973HigJun 13, 2017
    risk 0.50cvss 8.8epss 0.01

    An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x…

  • CVE-2017-4972HigJun 13, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x…

  • CVE-2017-4966HigJun 13, 2017
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management…

  • CVE-2017-4963HigJun 13, 2017
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier versions. UAA is vulnerable to session fixation when configured to authenticate…

  • CVE-2017-4961HigJun 13, 2017
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM, aka…

  • CVE-2017-4959HigJun 13, 2017
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of…

  • CVE-2017-7667HigJun 12, 2017
    risk 0.49cvss 7.5epss 0.01

    Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin.

  • CVE-2017-6892HigJun 12, 2017
    risk 0.57cvss 8.8epss 0.02

    In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.

  • CVE-2017-9557HigJun 12, 2017
    risk 0.49cvss 7.5epss 0.02

    register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response.

  • CVE-2017-9418HigJun 12, 2017
    risk 0.60cvss 8.8epss 0.02

    SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php.

  • CVE-2017-9543HigJun 12, 2017
    risk 0.49cvss 7.5epss 0.01

    register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm.

  • CVE-2017-9324HigJun 12, 2017
    risk 0.57cvss 8.8epss 0.02

    In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read…

  • CVE-2017-9527HigJun 11, 2017
    risk 0.51cvss 7.8epss 0.01

    The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb file.

  • CVE-2017-0376HigJun 9, 2017
    risk 0.49cvss 7.5epss 0.02

    The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit.

  • CVE-2017-0375HigJun 9, 2017
    risk 0.49cvss 7.5epss 0.03

    The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell.

  • CVE-2017-2219HigJun 9, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in the [Simeji for Windows] installer (simeji.exe) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-2214HigJun 9, 2017
    risk 0.55cvss 8.4epss 0.02

    Untrusted search path vulnerability in AppCheck and AppCheck Pro prior to version 2.0.1.15 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.

  • CVE-2017-2213HigJun 9, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in SemiDynaEXE (SemiDynaEXE2008.EXE) ver. 1.0.2 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-2212HigJun 9, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in TKY2JGD (TKY2JGD1379.EXE) ver. 1.3.79 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-2211HigJun 9, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in PatchJGD (Hyoko) (PatchJGDh101.EXE) ver. 1.0.1 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-2210HigJun 9, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in PatchJGD (PatchJGD101.EXE) ver. 1.0.1 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-2209HigJun 9, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in the installer of Houkokusyo Sakusei Shien Tool ver3.0.2 (For the first installation) (The version which was available on the website from 2017 April 4 to 2017 May 18) and ver2.0 and later (For the first installation) (The versions which…

  • CVE-2017-2207HigJun 9, 2017
    risk 0.57cvss 8.8epss 0.02

    Untrusted search path vulnerability in the installer of SaAT Personal ver.1.0.10.272 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-2206HigJun 9, 2017
    risk 0.57cvss 8.8epss 0.02

    Untrusted search path vulnerability in the installer of SaAT Netizen ver.1.2.10.510 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-2195HigJun 9, 2017
    risk 0.57cvss 8.8epss 0.02

    SQL injection vulnerability in the Multi Feed Reader prior to version 2.2.4 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2017-2193HigJun 9, 2017
    risk 0.51cvss 7.8epss 0.02

    Untrusted search path vulnerability in the installer of Tera Term 4.94 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-2192HigJun 9, 2017
    risk 0.51cvss 7.8epss 0.02

    Untrusted search path vulnerability in RW-5100 tool to verify execution environment for Windows 7 version 1.1.0.0 and RW-5100 tool to verify execution environment for Windows 8.1 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified…

  • CVE-2017-2191HigJun 9, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in RW-5100 driver installer for Windows 7 version 1.0.0.9 and RW-5100 driver installer for Windows 8.1 version 1.0.1.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-2190HigJun 9, 2017
    risk 0.51cvss 7.8epss 0.02

    Untrusted search path vulnerability in RW-4040 tool to verify execution environment for Windows 7 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-2189HigJun 9, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in RW-4040 driver installer for Windows 7 version 2.27 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-2182HigJun 9, 2017
    risk 0.57cvss 8.8epss 0.02

    Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2181.

  • CVE-2017-2181HigJun 9, 2017
    risk 0.57cvss 8.8epss 0.02

    Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2182.

  • CVE-2017-2179HigJun 9, 2017
    risk 0.57cvss 8.8epss 0.02

    Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2182.

  • CVE-2017-2178HigJun 9, 2017
    risk 0.57cvss 8.8epss 0.02

    Untrusted search path vulnerability in Installer of electronic tendering and bid opening system available prior to May 25, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-2177HigJun 9, 2017
    risk 0.57cvss 8.8epss 0.01

    Untrusted search path vulnerability in Installer of Shogyo Touki Denshi Ninsho Software Ver 1.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-2176HigJun 9, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in screensaver installers (jasdf_01.exe, jasdf_02.exe, jasdf_03.exe, jasdf_04.exe, jasdf_05.exe, scramble_setup.exe, clock_01_setup.exe, clock_02_setup.exe) available prior to May 25, 2017 allows an attacker to gain privileges via a Trojan…

  • CVE-2016-7838HigJun 9, 2017
    risk 0.51cvss 7.8epss 0.03

    Untrusted search path vulnerability in WinSparkle versions prior to 0.5.3 allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory.

  • CVE-2016-7837HigJun 9, 2017
    risk 0.51cvss 7.8epss 0.01

    Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.

  • CVE-2016-7833HigJun 9, 2017
    risk 0.49cvss 7.5epss 0.02

    Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.

  • CVE-2016-7830HigJun 9, 2017
    risk 0.57cvss 8.8epss 0.01

    Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative…

  • CVE-2016-7824HigJun 9, 2017
    risk 0.57cvss 8.8epss 0.02

    Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors.

  • CVE-2016-7822HigJun 9, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors.

  • CVE-2016-7820HigJun 9, 2017
    risk 0.47cvss 7.2epss 0.03

    Buffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to cause a denial-of-service (DoS) or execute arbitrary code via unspecified vectors.

  • CVE-2016-7819HigJun 9, 2017
    risk 0.47cvss 7.2epss 0.02

    I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.