VYPR

CVEs

100,472 total · page 1883 of 2,010

  • CVE-2016-7818HigJun 9, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in Installers for Specification check program (social insurance) Ver. 9.00 and earlier, TODOKESHO print program Ver. 5.00 and earlier, Device data encryption program Ver. 1.00 and earlier, and TODOKESHO creation program Ver. 15.00 and earlier…

  • CVE-2016-7814HigJun 9, 2017
    risk 0.49cvss 7.5epss 0.03

    I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors.

  • CVE-2016-7811HigJun 9, 2017
    risk 0.57cvss 8.8epss 0.01

    Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors.

  • CVE-2016-7809HigJun 9, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors.

  • CVE-2016-7807HigJun 9, 2017
    risk 0.49cvss 7.5epss 0.02

    I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors.

  • CVE-2016-7803HigJun 9, 2017
    risk 0.57cvss 8.8epss 0.02

    SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.

  • CVE-2016-4907HigJun 9, 2017
    risk 0.57cvss 8.8epss 0.01

    Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.

  • CVE-2016-4902HigJun 9, 2017
    risk 0.51cvss 7.8epss 0.02

    Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.0.1 and earlier, The Public Certification Service for Individuals "The JPKI user's software (for Windows Vista)" Ver3.0.1 and earlier…

  • CVE-2017-1319HigJun 8, 2017
    risk 0.49cvss 7.5epss 0.01

    IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. IBM X-Force ID: 125731.

  • CVE-2016-9991HigJun 8, 2017
    risk 0.52cvss 8.0epss 0.01

    IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 121314.

  • CVE-2016-9698HigJun 8, 2017
    risk 0.53cvss 8.1epss 0.02

    IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory…

  • CVE-2016-6098HigJun 8, 2017
    risk 0.53cvss 8.1epss 0.01

    IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

  • CVE-2015-3913HigJun 8, 2017
    risk 0.49cvss 7.5epss 0.01

    The IP stack in multiple Huawei Campus series switch models allows remote attackers to cause a denial of service (reboot) via a crafted ICMP request message.

  • CVE-2015-3634HigJun 8, 2017
    risk 0.42cvss 7.5epss 0.03

    The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 through 2.2.21 for Wordpress allows remote attackers to read arbitrary Wordpress option values.

  • CVE-2015-1786HigJun 8, 2017
    risk 0.50cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers.

  • CVE-2015-1379HigJun 8, 2017
    risk 0.49cvss 7.5epss 0.04

    The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash).

  • CVE-2016-6594HigJun 8, 2017
    risk 0.49cvss 7.5epss 0.01

    Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning.

  • CVE-2014-7919HigJun 8, 2017
    risk 0.49cvss 7.5epss 0.01

    b/libs/gui/ISurfaceComposer.cpp in Android allows attackers to trigger a denial of service (null pointer dereference and process crash).

  • CVE-2016-5416HigJun 8, 2017
    risk 0.49cvss 7.5epss 0.03

    389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control…

  • CVE-2016-4992HigJun 8, 2017
    risk 0.49cvss 7.5epss 0.02

    389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component…

  • CVE-2016-3099HigJun 8, 2017
    risk 0.49cvss 7.5epss 0.02

    mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled.

  • CVE-2016-4471HigJun 8, 2017
    risk 0.57cvss 8.8epss 0.02

    ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code.

  • CVE-2016-4457HigJun 8, 2017
    risk 0.49cvss 7.5epss 0.01

    CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate.

  • CVE-2016-3112HigJun 8, 2017
    risk 0.49cvss 7.5epss 0.02

    client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-readable, which allows remote authenticated users to obtain the consumer private keys and escalate privileges by reading…

  • CVE-2016-3108HigJun 8, 2017
    risk 0.46cvss 7.1epss 0.00

    The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack.

  • CVE-2016-3091HigJun 8, 2017
    risk 0.49cvss 7.5epss 0.01

    Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers to cause a denial of service.

  • CVE-2014-3498HigJun 8, 2017
    risk 0.50cvss 8.8epss 0.03

    The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands.

  • CVE-2017-9023HigJun 8, 2017
    risk 0.49cvss 7.5epss 0.02

    The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate.

  • CVE-2017-9022HigJun 8, 2017
    risk 0.49cvss 7.5epss 0.02

    The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.

  • CVE-2017-8108HigJun 8, 2017
    risk 0.51cvss 7.8epss 0.00

    Unspecified tests in Lynis before 2.5.0 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file.

  • CVE-2015-2800HigJun 8, 2017
    risk 0.49cvss 7.5epss 0.02

    The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restart) via vectors involving…

  • CVE-2015-2252HigJun 8, 2017
    risk 0.57cvss 8.8epss 0.02

    Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts.

  • CVE-2015-2251HigJun 8, 2017
    risk 0.49cvss 7.5epss 0.01

    The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript.

  • CVE-2017-9519HigJun 8, 2017
    risk 0.57cvss 8.8epss 0.00

    atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account.

  • CVE-2017-9518HigJun 8, 2017
    risk 0.57cvss 8.8epss 0.00

    atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails.

  • CVE-2017-9517HigJun 8, 2017
    risk 0.57cvss 8.8epss 0.00

    atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV.

  • CVE-2017-6648HigJun 8, 2017
    risk 0.49cvss 7.5epss 0.04

    A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS)…

  • CVE-2017-6638HigJun 8, 2017
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges equivalent to the Microsoft Windows SYSTEM account. The vulnerability is due to…

  • CVE-2017-4913HigJun 8, 2017
    risk 0.51cvss 7.8epss 0.00

    VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain an integer-overflow vulnerability in the True Type Font parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows…

  • CVE-2017-4912HigJun 8, 2017
    risk 0.51cvss 7.8epss 0.00

    VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on…

  • CVE-2017-4911HigJun 8, 2017
    risk 0.51cvss 7.8epss 0.00

    VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds write vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows…

  • CVE-2017-4910HigJun 8, 2017
    risk 0.51cvss 7.8epss 0.00

    VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows…

  • CVE-2017-4909HigJun 8, 2017
    risk 0.51cvss 7.8epss 0.00

    VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain a heap buffer-overflow vulnerability in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the…

  • CVE-2017-4908HigJun 8, 2017
    risk 0.51cvss 7.8epss 0.00

    VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows…

  • CVE-2017-7180HigJun 8, 2017
    risk 0.51cvss 7.3epss 0.01

    Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privileges to write to program.exe in a protected directory, such as the…

  • CVE-2016-4973HigJun 7, 2017
    risk 0.51cvss 7.8epss 0.00

    Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (SSP) might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature.

  • CVE-2015-8235HigJun 7, 2017
    risk 0.49cvss 7.5epss 0.03

    Directory traversal vulnerability in Spiffy before 5.4.

  • CVE-2015-6240HigJun 7, 2017
    risk 0.44cvss 7.8epss 0.00

    The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.

  • CVE-2015-5232HigJun 7, 2017
    risk 0.46cvss 8.1epss 0.02

    Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before 10.4.0.0.197.

  • CVE-2015-5175HigJun 7, 2017
    risk 0.43cvss 7.5epss 0.11

    Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service.