VYPR

CVEs

100,082 total · page 1891 of 2,002

  • CVE-2015-8110HigApr 24, 2017
    risk 0.51cvss 7.8epss 0.01

    Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator…

  • CVE-2015-8109HigApr 24, 2017
    risk 0.46cvss 7.0epss 0.00

    Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator…

  • CVE-2015-1522HigApr 24, 2017
    risk 0.42cvss 7.5epss 0.02

    analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not reject certain non-zero values of a packet length, which allows remote attackers to cause a denial of service (buffer overflow or buffer over-read) via a crafted DNP3 packet.

  • CVE-2015-1521HigApr 24, 2017
    risk 0.42cvss 7.5epss 0.02

    analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not properly handle zero values of a packet length, which allows remote attackers to cause a denial of service (buffer overflow or buffer over-read if NDEBUG; otherwise assertion failure) via a crafted DNP3 packet.

  • CVE-2015-0104HigApr 24, 2017
    risk 0.61cvss 8.8epss 0.07

    IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0…

  • CVE-2007-6761HigApr 24, 2017
    risk 0.44cvss 7.8epss 0.00

    drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6.24 does not initialize videobuf_mapping data structures, which allows local users to trigger an incorrect count value and videobuf leak via unspecified vectors, a different vulnerability than CVE-2010-5321.

  • CVE-2017-8077HigApr 23, 2017
    risk 0.49cvss 7.5epss 0.01

    On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

  • CVE-2017-8073HigApr 23, 2017
    risk 0.49cvss 7.5epss 0.03

    WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow.

  • CVE-2017-8072HigApr 23, 2017
    risk 0.51cvss 7.8epss 0.00

    The cp2112_gpio_direction_input function in drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 does not have the expected EIO error status for a zero-length report, which allows local users to have an unspecified impact via unknown vectors.

  • CVE-2017-8070HigApr 23, 2017
    risk 0.51cvss 7.8epss 0.00

    drivers/net/usb/catc.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more…

  • CVE-2017-8069HigApr 23, 2017
    risk 0.51cvss 7.8epss 0.00

    drivers/net/usb/rtl8150.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of…

  • CVE-2017-8068HigApr 23, 2017
    risk 0.51cvss 7.8epss 0.00

    drivers/net/usb/pegasus.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of…

  • CVE-2017-8067HigApr 23, 2017
    risk 0.51cvss 7.8epss 0.00

    drivers/char/virtio_console.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by…

  • CVE-2017-8066HigApr 23, 2017
    risk 0.51cvss 7.8epss 0.00

    drivers/net/can/usb/gs_usb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.2 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by…

  • CVE-2017-8065HigApr 23, 2017
    risk 0.51cvss 7.8epss 0.00

    crypto/ccm.c in the Linux kernel 4.9.x and 4.10.x through 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of…

  • CVE-2017-8064HigApr 23, 2017
    risk 0.51cvss 7.8epss 0.00

    drivers/media/usb/dvb-usb-v2/dvb_usb_core.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other…

  • CVE-2017-8063HigApr 23, 2017
    risk 0.51cvss 7.8epss 0.00

    drivers/media/usb/dvb-usb/cxusb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact by leveraging use of more…

  • CVE-2017-8062HigApr 23, 2017
    risk 0.51cvss 7.8epss 0.00

    drivers/media/usb/dvb-usb/dw2102.c in the Linux kernel 4.9.x and 4.10.x before 4.10.4 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by…

  • CVE-2017-8061HigApr 23, 2017
    risk 0.51cvss 7.8epss 0.00

    drivers/media/usb/dvb-usb/dvb-usb-firmware.c in the Linux kernel 4.9.x and 4.10.x before 4.10.7 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other…

  • CVE-2016-9954HigApr 21, 2017
    risk 0.49cvss 7.5epss 0.02

    The backtrack compilation code in the Irregex package (aka IrRegular Expressions) before 0.9.6 for Scheme allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression with a repeating pattern.

  • CVE-2016-5399HigApr 21, 2017
    risk 0.54cvss 7.8epss 0.10

    The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.

  • CVE-2016-5168HigApr 21, 2017
    risk 0.49cvss 7.5epss 0.02

    Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information.

  • CVE-2016-2433HigApr 21, 2017
    risk 0.57cvss 8.8epss 0.01

    The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel.

  • CVE-2016-2347HigApr 21, 2017
    risk 0.44cvss 7.8epss 0.03

    Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.

  • CVE-2016-1561HigApr 21, 2017
    risk 0.58cvss 7.5epss 0.74

    ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image.

  • CVE-2016-1520HigApr 21, 2017
    risk 0.51cvss 7.8epss 0.02

    The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application.

  • CVE-2016-1518HigApr 21, 2017
    risk 0.53cvss 8.1epss 0.02

    The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs,…

  • CVE-2017-8050HigApr 21, 2017
    risk 0.49cvss 7.5epss 0.01

    Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password.

  • CVE-2016-1559HigApr 21, 2017
    risk 0.53cvss 8.1epss 0.03

    D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames and passwords over SNMP.

  • CVE-2016-1556HigApr 21, 2017
    risk 0.49cvss 7.5epss 0.03

    Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages.

  • CVE-2016-10091HigApr 21, 2017
    risk 0.49cvss 7.5epss 0.03

    Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-service by writing a negative integer to the (1) cmd_expand function, (2) cmd_emboss function, or (3) cmd_engrave function.

  • CVE-2016-0721HigApr 21, 2017
    risk 0.46cvss 8.1epss 0.02

    Session fixation vulnerability in pcsd in pcs before 0.9.157.

  • CVE-2016-0720HigApr 21, 2017
    risk 0.50cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.

  • CVE-2016-4846HigApr 21, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer before 3.7.8.2.

  • CVE-2016-1148HigApr 21, 2017
    risk 0.53cvss 8.1epss 0.01

    Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates.

  • CVE-2016-0833HigApr 21, 2017
    risk 0.49cvss 7.5epss 0.01

    Android allows users to cause a denial of service.

  • CVE-2017-7951HigApr 21, 2017
    risk 0.57cvss 8.8epss 0.01

    WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context.

  • CVE-2017-7220HigApr 21, 2017
    risk 0.57cvss 8.8epss 0.02

    OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an "RPC save-commands" attack. NOTE: this vulnerability exists because of an…

  • CVE-2017-7990HigApr 21, 2017
    risk 0.57cvss 8.8epss 0.01

    The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp.

  • CVE-2017-6619HigApr 20, 2017
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize…

  • CVE-2017-6616HigApr 20, 2017
    risk 0.58cvss 8.8epss 0.04

    A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize…

  • CVE-2017-6610HigApr 20, 2017
    risk 0.50cvss 7.7epss 0.03

    A vulnerability in the Internet Key Exchange Version 1 (IKEv1) XAUTH code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to insufficient validation of the IKEv1 XAUTH parameters passed during…

  • CVE-2017-6609HigApr 20, 2017
    risk 0.50cvss 7.7epss 0.03

    A vulnerability in the IPsec code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of malformed IPsec packets. An attacker could exploit this vulnerability by sending…

  • CVE-2017-6608HigApr 20, 2017
    risk 0.56cvss 8.6epss 0.05

    A vulnerability in the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of crafted SSL or TLS packets.…

  • CVE-2017-6607HigApr 20, 2017
    risk 0.57cvss 8.7epss 0.02

    A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload or corrupt the information present in the device's local DNS cache. The vulnerability is due to a flaw in handling crafted DNS response…

  • CVE-2017-3863HigApr 20, 2017
    risk 0.56cvss 8.6epss 0.03

    Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service…

  • CVE-2017-3862HigApr 20, 2017
    risk 0.56cvss 8.6epss 0.03

    Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service…

  • CVE-2017-3861HigApr 20, 2017
    risk 0.56cvss 8.6epss 0.03

    Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service…

  • CVE-2017-3860HigApr 20, 2017
    risk 0.56cvss 8.6epss 0.03

    Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service…

  • CVE-2017-3808HigApr 20, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due…