VYPR

CVEs

100,082 total · page 1894 of 2,002

  • CVE-2015-8107HigApr 13, 2017
    risk 0.51cvss 7.8epss 0.03

    Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.

  • CVE-2012-6697HigApr 13, 2017
    risk 0.42cvss 7.5epss 0.02

    InspIRCd before 2.0.7 allows remote attackers to cause a denial of service (infinite loop).

  • CVE-2017-7748HigApr 12, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check.

  • CVE-2017-7747HigApr 12, 2017
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree.

  • CVE-2017-7746HigApr 12, 2017
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length.

  • CVE-2017-7745HigApr 12, 2017
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check.

  • CVE-2017-7705HigApr 12, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum…

  • CVE-2017-7704HigApr 12, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value.

  • CVE-2017-7703HigApr 12, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly.

  • CVE-2017-7702HigApr 12, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation.

  • CVE-2017-7701HigApr 12, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type.

  • CVE-2017-7284HigApr 12, 2017
    risk 0.57cvss 8.8epss 0.03

    An attacker that has hijacked a Unitrends Enterprise Backup (before 9.1.2) web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the current password. This allows for an account takeover.

  • CVE-2017-7281HigApr 12, 2017
    risk 0.58cvss 8.8epss 0.04

    An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows for an authenticated user to create a randomly named file on disk with a…

  • CVE-2017-5936HigApr 12, 2017
    risk 0.42cvss 7.5epss 0.03

    OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.

  • CVE-2016-5856HigApr 12, 2017
    risk 0.46cvss 7.0epss 0.01

    Drivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857.

  • CVE-2016-5313HigApr 12, 2017
    risk 0.58cvss 8.8epss 0.05

    Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands.

  • CVE-2016-4895HigApr 12, 2017
    risk 0.57cvss 8.8epss 0.02

    SetsucoCMS all versions allows remote authenticated attackers to conduct code injection attacks via unspecified vectors.

  • CVE-2016-4893HigApr 12, 2017
    risk 0.57cvss 8.8epss 0.02

    SQL injection vulnerability in the SetsucoCMS all versions allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2016-4891HigApr 12, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in SetsucoCMS all versions allows remote attackers to hijack the authentication of an administrator to change settings via unspecified vectors.

  • CVE-2015-7563HigApr 12, 2017
    risk 0.53cvss 8.8epss 0.03

    Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user.

  • CVE-2017-6059HigApr 12, 2017
    risk 0.49cvss 7.5epss 0.05

    Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request.

  • CVE-2016-9959HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.02

    game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.

  • CVE-2016-9958HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.02

    game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.

  • CVE-2016-9957HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.02

    Stack-based buffer overflow in game-music-emu before 0.6.1.

  • CVE-2016-4459HigApr 12, 2017
    risk 0.49cvss 7.5epss 0.03

    Stack-based buffer overflow in native/mod_manager/node.c in mod_cluster 1.2.9.

  • CVE-2016-8718HigApr 12, 2017
    risk 0.57cvss 8.8epss 0.01

    An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be…

  • CVE-2016-8716HigApr 12, 2017
    risk 0.49cvss 7.5epss 0.01

    An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker…

  • CVE-2017-3065HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.03

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the font manipulation functionality. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3064HigApr 12, 2017
    risk 0.55cvss 7.8epss 0.13

    Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability when parsing a shape outline. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3058HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.07

    Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the sound class. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3057HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.05

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript API related to the collaboration functionality. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3056HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.03

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine, related to string manipulation. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3055HigApr 12, 2017
    risk 0.52cvss 7.8epss 0.14

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in JPEG 2000 parsing of the fragment list tag. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3054HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.03

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to manipulation of EMF files. Successful exploitation could lead to arbitrary code…

  • CVE-2017-3051HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.04

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of JPEG files. Successful exploitation could lead to arbitrary code…

  • CVE-2017-3050HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.04

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of GIF files. Successful exploitation could lead to arbitrary code…

  • CVE-2017-3049HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.09

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to internal tile manipulation in TIFF files. Successful exploitation could lead to…

  • CVE-2017-3048HigApr 12, 2017
    risk 0.52cvss 7.8epss 0.14

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to internal scan line representation in TIFF files. Successful exploitation could lead to…

  • CVE-2017-3047HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.05

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript engine's annotation-related API. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3044HigApr 12, 2017
    risk 0.52cvss 7.8epss 0.20

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JPEG 2000 engine, related to image scaling. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3042HigApr 12, 2017
    risk 0.52cvss 7.8epss 0.14

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in image conversion, related to parsing offsets in TIFF files. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3041HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.03

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when parsing font data in the MakeAccessible plugin. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3040HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.03

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JBIG2 image compression module. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3039HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.03

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the PPKLite security handler. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3038HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.04

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when parsing TTF (TrueType font format) stream data. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3036HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.04

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in image conversion related to processing of the PCX (picture exchange) file format. Successful exploitation could lead to…

  • CVE-2017-3035HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.05

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XML Forms Architecture (XFA) engine. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3034HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.05

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the XML Forms Architecture (XFA) engine, related to layout functionality. Successful exploitation could lead to arbitrary…

  • CVE-2017-3030HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.03

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the AES module. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3028HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.04

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion module, related to processing of TIFF files. Successful exploitation could lead to arbitrary code…