VYPR

CVEs

11,223 total · page 189 of 225

  • CVE-2017-7503CriMay 18, 2017
    risk 0.64cvss 9.8epss 0.02

    It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed.

  • CVE-2017-9058CriMay 18, 2017
    risk 0.64cvss 9.8epss 0.02

    In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c.

  • CVE-2017-9055CriMay 18, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In dwarf_formsdata() a few data types were not checked for being in bounds, leading to a heap-based buffer over-read.

  • CVE-2017-9054CriMay 18, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. In _dwarf_decode_s_leb128_chk() a byte pointer was dereferenced just before it was checked for being in bounds, leading to a heap-based buffer over-read.

  • CVE-2017-9053CriMay 18, 2017
    risk 0.59cvss 9.1epss 0.02

    An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in _dwarf_read_loc_expr_op() is due to a failure to check a pointer for being in bounds (in a few places in this function).

  • CVE-2017-9052CriMay 18, 2017
    risk 0.64cvss 9.8epss 0.03

    An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarf_formsdata() is due to a failure to check a pointer for being in bounds (in a few places in this function) and a failure in a check in dwarf_attr_list().

  • CVE-2017-9051CriMay 18, 2017
    risk 0.64cvss 9.8epss 0.02

    libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer dereferencing in the nsv_read_chunk function in libavformat/nsvdec.c.

  • CVE-2017-6195CriMay 18, 2017
    risk 0.64cvss 9.8epss 0.02

    Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20.

  • CVE-2017-8917CriMay 17, 2017
    risk 0.75cvss 9.8epss 1.00

    SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2017-9031CriMay 17, 2017
    risk 0.64cvss 9.8epss 0.03

    The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file.

  • CVE-2017-5215CriMay 17, 2017
    risk 0.64cvss 9.8epss 0.04

    The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a rename attack that bypasses a "safe file extension" protection mechanism, leading to remote code execution.

  • CVE-2017-9026CriMay 17, 2017
    risk 0.64cvss 9.8epss 0.02

    Stack buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted fname parameter of a GET request.

  • CVE-2017-6079CriMay 16, 2017
    risk 0.67cvss 9.8epss 0.47

    The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. You can use this page as a web shell essentially to execute commands, though you get no…

  • CVE-2017-3882CriMay 16, 2017
    risk 0.63cvss 9.6epss 0.02

    A vulnerability in the Universal Plug-and-Play (UPnP) implementation in the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, Layer 2-adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition. The remote code execution could occur…

  • CVE-2017-6886CriMay 16, 2017
    risk 0.64cvss 9.8epss 0.03

    An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory.

  • CVE-2017-6885CriMay 16, 2017
    risk 0.64cvss 9.8epss 0.01

    An error when handling certain external commands and services related to the FlexNet Inventory Agent and FlexNet Beacon of the Flexera Software FlexNet Manager Suite 2017 before 2017 R1 and 2014 R3 through 2016 R1 SP1 can be exploited to gain elevated privileges.

  • CVE-2016-10372CriMay 16, 2017
    risk 0.73cvss 9.8epss 0.82

    The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login password (which defaults to the Wi-Fi password), and…

  • CVE-2017-6890CriMay 15, 2017
    risk 0.64cvss 9.8epss 0.01

    A boundary error within the "foveon_load_camf()" function (dcraw_foveon.c) when initializing a huffman table in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a stack-based buffer overflow.

  • CVE-2017-6889CriMay 15, 2017
    risk 0.64cvss 9.8epss 0.01

    An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow.

  • CVE-2017-0252CriMay 15, 2017
    risk 0.58cvss 9.8epss 0.13

    A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Scripting Engine Memory Corruption Vulnerability". This vulnerability is unique from CVE-2017-0223.

  • CVE-2017-0223CriMay 15, 2017
    risk 0.58cvss 9.8epss 0.15

    A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Scripting Engine Memory Corruption Vulnerability". This vulnerability is unique from CVE-2017-0252.

  • CVE-2017-7213CriMay 15, 2017
    risk 0.66cvss 10.0epss 0.08

    Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors.

  • CVE-2017-8923CriMay 12, 2017
    risk 0.64cvss 9.8epss 0.07

    The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by…

  • CVE-2016-10329CriMay 12, 2017
    risk 0.67cvss 9.8epss 0.40

    Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header.

  • CVE-2017-7474CriMay 12, 2017
    risk 0.64cvss 9.8epss 0.03

    It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.

  • CVE-2017-8911CriMay 12, 2017
    risk 0.64cvss 9.8epss 0.02

    An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker.

  • CVE-2017-8898CriMay 11, 2017
    risk 0.64cvss 9.8epss 0.02

    Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack uses the announce_content parameter in an index.php?/modcp/announcements/&action=cre…

  • CVE-2017-8798CriMay 11, 2017
    risk 0.69cvss 9.8epss 0.24

    Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact.

  • CVE-2017-5461CriMay 11, 2017
    risk 0.64cvss 9.8epss 0.05

    Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect…

  • CVE-2017-8895CriMay 10, 2017
    risk 0.72cvss 9.8epss 0.71

    In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this…

  • CVE-2017-7888CriMay 10, 2017
    risk 0.64cvss 9.8epss 0.01

    Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier.

  • CVE-2017-7886CriMay 10, 2017
    risk 0.64cvss 9.8epss 0.02

    Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.

  • CVE-2017-8872CriMay 10, 2017
    risk 0.59cvss 9.1epss 0.02

    The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.

  • CVE-2017-8859CriMay 9, 2017
    risk 0.64cvss 9.8epss 0.03

    In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root.

  • CVE-2017-8858CriMay 9, 2017
    risk 0.64cvss 9.8epss 0.03

    In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process.

  • CVE-2017-8857CriMay 9, 2017
    risk 0.64cvss 9.8epss 0.06

    In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process.

  • CVE-2017-8856CriMay 9, 2017
    risk 0.64cvss 9.8epss 0.04

    In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process.

  • CVE-2017-4982CriMay 8, 2017
    risk 0.64cvss 9.8epss 0.02

    EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0 contains a fix for a privilege management vulnerability that could potentially be exploited by malicious users to compromise the affected system.

  • CVE-2017-8827CriMay 8, 2017
    risk 0.52cvss 9.1epss 0.02

    forgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might allow remote attackers to cause a denial of service (login inability) or possibly conduct Arbitrary User Password Reset attacks via a series of requests.

  • CVE-2017-7925CriMay 6, 2017
    risk 0.68cvss 9.8epss 0.52

    A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3,…

  • CVE-2017-7921CriKEVMay 6, 2017
    risk 0.87cvss 9.8epss 1.00

    An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series…

  • CVE-2017-7909CriMay 6, 2017
    risk 0.64cvss 9.8epss 0.03

    A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass…

  • CVE-2017-8799CriMay 5, 2017
    risk 0.64cvss 9.8epss 0.02

    Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users (potentially anonymous) to execute remote shell commands via iRODS virtual pathnames. To exploit this vulnerability, a virtual iRODS pathname that includes a semicolon…

  • CVE-2017-8796CriMay 5, 2017
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter.

  • CVE-2017-8794CriMay 5, 2017
    risk 0.65cvss 10.0epss 0.02

    An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd#https:// URL pattern.

  • CVE-2017-8790CriMay 5, 2017
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter "filter" can be used for LDAP Injection.

  • CVE-2017-8789CriMay 5, 2017
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists.

  • CVE-2017-8303CriMay 5, 2017
    risk 0.66cvss 9.8epss 0.24

    An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter.

  • CVE-2017-8786CriMay 5, 2017
    risk 0.64cvss 9.8epss 0.04

    pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression.

  • CVE-2017-8768CriMay 4, 2017
    risk 0.64cvss 9.8epss 0.08

    Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: followed by the command.…