VYPR

CVEs

100,082 total · page 1895 of 2,002

  • CVE-2017-3027HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.04

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XFA module, related to the choiceList element. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3026HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.04

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability when manipulating an internal data structure. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3025HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.03

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability related to internal object representation manipulation. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3024HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.05

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when manipulating PDF annotations. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3023HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.04

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JPEG 2000 code-stream tile functionality. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3019HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.03

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the Product Representation Compact (PRC) format parser. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3018HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.04

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the renderer functionality. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3017HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.04

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when handling a malformed PDF file. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3015HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.04

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JBIG2 parsing functionality. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3014HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.05

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in XML Forms Architecture (XFA) related to reset form functionality. Successful exploitation could lead to arbitrary code…

  • CVE-2017-3013HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.03

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in a DLL related to remote logging.

  • CVE-2017-3012HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.03

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in the OCR plugin.

  • CVE-2017-3011HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.08

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the CCITT fax PDF filter. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-3007HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.01

    Adobe Thor versions 3.9.5.353 and earlier have a vulnerability in the directory search path used to find resources, related to Creative Cloud desktop applications.

  • CVE-2017-3006HigApr 12, 2017
    risk 0.61cvss 8.8epss 0.11

    Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications.

  • CVE-2017-3005HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.01

    Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier have an unquoted search path vulnerability.

  • CVE-2017-3004HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.06

    Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier have a memory corruption vulnerability when parsing malicious PCX files. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-0210HigKEVApr 12, 2017
    risk 0.71cvss 8.8epss 0.20

    An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Internet Explorer Elevation of Privilege…

  • CVE-2017-0205HigApr 12, 2017
    risk 0.51cvss 7.5epss 0.24

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user, aka "Microsoft Edge Memory…

  • CVE-2017-0202HigApr 12, 2017
    risk 0.55cvss 7.5epss 0.46

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, a.k.a. "Internet Explorer Memory…

  • CVE-2017-0201HigApr 12, 2017
    risk 0.50cvss 7.5epss 0.14

    A remote code execution vulnerability exists in Internet Explorer in the way that the JScript and VBScript engines render when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the…

  • CVE-2017-0200HigApr 12, 2017
    risk 0.50cvss 7.5epss 0.14

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user, aka "Microsoft Edge Memory…

  • CVE-2017-0199HigKEVApr 12, 2017
    risk 0.80cvss 7.8epss 1.00

    Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft…

  • CVE-2017-0197HigApr 12, 2017
    risk 0.52cvss 7.8epss 0.19

    Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability."

  • CVE-2017-0189HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.02

    An elevation of privilege vulnerability exists in Windows 10 when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode, aka "Win32k Elevation of Privilege…

  • CVE-2017-0181HigApr 12, 2017
    risk 0.50cvss 7.6epss 0.03

    A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10 or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability."…

  • CVE-2017-0180HigApr 12, 2017
    risk 0.50cvss 7.6epss 0.03

    A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from…

  • CVE-2017-0166HigApr 12, 2017
    risk 0.53cvss 8.1epss 0.06

    An elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a Domain…

  • CVE-2017-0165HigApr 12, 2017
    risk 0.54cvss 7.8epss 0.03

    An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Windows Elevation of Privilege Vulnerability."

  • CVE-2017-0163HigApr 12, 2017
    risk 0.50cvss 7.6epss 0.03

    A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from…

  • CVE-2017-0162HigApr 12, 2017
    risk 0.50cvss 7.6epss 0.03

    A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V…

  • CVE-2017-0160HigApr 12, 2017
    risk 0.55cvss 7.8epss 0.18

    Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."

  • CVE-2017-0158HigApr 12, 2017
    risk 0.50cvss 7.5epss 0.13

    An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1 Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Scripting Engine Memory Corruption Vulnerability."

  • CVE-2017-0156HigApr 12, 2017
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists in Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 when the Microsoft Graphics Component fails to properly handle objects in memory,…

  • CVE-2017-0155HigApr 12, 2017
    risk 0.46cvss 7.0epss 0.02

    The Graphics component in the kernel in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Graphics Elevation of Privilege Vulnerability."

  • CVE-2017-0106HigApr 12, 2017
    risk 0.53cvss 7.8epss 0.28

    Microsoft Excel 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption…

  • CVE-2017-0093HigApr 12, 2017
    risk 0.50cvss 7.5epss 0.14

    A remote code execution vulnerability in Microsoft Edge exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of…

  • CVE-2016-7958HigApr 12, 2017
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/CMakeLists.txt by registering this dissector.

  • CVE-2016-7957HigApr 12, 2017
    risk 0.49cvss 7.5epss 0.02

    In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-byte memcmp for potentially shorter strings.

  • CVE-2017-7694HigApr 11, 2017
    risk 0.58cvss 8.8epss 0.04

    Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in the datasource editor…

  • CVE-2015-8666HigApr 11, 2017
    risk 0.51cvss 7.9epss 0.00

    Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.

  • CVE-2015-7893HigApr 11, 2017
    risk 0.61cvss 8.8epss 0.07

    SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript.

  • CVE-2017-6088HigApr 11, 2017
    risk 0.50cvss 7.2epss 0.06

    Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or the (5)…

  • CVE-2016-4989HigApr 11, 2017
    risk 0.46cvss 7.0epss 0.00

    setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3)…

  • CVE-2016-4446HigApr 11, 2017
    risk 0.46cvss 7.0epss 0.00

    The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.

  • CVE-2016-4445HigApr 11, 2017
    risk 0.46cvss 7.0epss 0.00

    The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function.

  • CVE-2016-4444HigApr 11, 2017
    risk 0.46cvss 7.0epss 0.00

    The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function.

  • CVE-2016-4483HigApr 11, 2017
    risk 0.49cvss 7.5epss 0.06

    The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate…

  • CVE-2016-4468HigApr 11, 2017
    risk 0.57cvss 8.8epss 0.02

    SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows…

  • CVE-2016-6811HigApr 11, 2017
    risk 0.57cvss 8.8epss 0.03

    In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.