VYPR

CVEs

100,081 total · page 1896 of 2,002

  • CVE-2017-7647HigApr 10, 2017
    risk 0.57cvss 8.8epss 0.03

    SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands.

  • CVE-2016-8237HigApr 10, 2017
    risk 0.53cvss 8.1epss 0.03

    Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code.

  • CVE-2016-8235HigApr 10, 2017
    risk 0.51cvss 7.8epss 0.00

    Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges.

  • CVE-2016-10323HigApr 10, 2017
    risk 0.51cvss 7.8epss 0.01

    Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command.

  • CVE-2016-10322HigApr 10, 2017
    risk 0.57cvss 8.8epss 0.02

    Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php.

  • CVE-2017-7622HigApr 10, 2017
    risk 0.57cvss 8.8epss 0.01

    dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. Anybody can change the grub config, even to append some arguments to make a…

  • CVE-2016-5041HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.03

    dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a debugging information entry using DWARF5 and without a DW_AT_name.

  • CVE-2017-7185HigApr 10, 2017
    risk 0.53cvss 7.5epss 0.12

    Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data…

  • CVE-2017-5988HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.02

    NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors.

  • CVE-2016-6879HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.01

    The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value.

  • CVE-2015-7825HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.01

    botan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the certificate chain.

  • CVE-2015-7824HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.02

    botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites.

  • CVE-2017-7619HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.01

    In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB, ModulateLCHab, and ModulateLCHuv.

  • CVE-2017-7618HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.04

    crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue.

  • CVE-2017-7617HigApr 10, 2017
    risk 0.58cvss 8.8epss 0.06

    Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI…

  • CVE-2017-6190HigApr 10, 2017
    risk 0.53cvss 7.5epss 0.16

    Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a "GET /uir/" request.

  • CVE-2016-6605HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.01

    Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization.

  • CVE-2015-8378HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.01

    In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile.

  • CVE-2016-6534HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.01

    Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations.

  • CVE-2016-5076HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.01

    CloudView NMS before 2.10a allows remote attackers to obtain sensitive information via a direct request for admin/auto.def.

  • CVE-2016-5072HigApr 10, 2017
    risk 0.57cvss 8.8epss 0.02

    OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition…

  • CVE-2016-5071HigApr 10, 2017
    risk 0.57cvss 8.8epss 0.02

    Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.

  • CVE-2016-5067HigApr 10, 2017
    risk 0.57cvss 8.8epss 0.04

    Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.

  • CVE-2016-5058HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.01

    OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay.

  • CVE-2016-5057HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.01

    OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning.

  • CVE-2016-5056HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.01

    OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK.

  • CVE-2016-5054HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.01

    OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay.

  • CVE-2016-5052HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.01

    OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning.

  • CVE-2016-5051HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.01

    OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in cleartext under /private/var/mobile/Containers/Data/Application.

  • CVE-2016-4319HigApr 10, 2017
    risk 0.57cvss 8.8epss 0.01

    Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings.

  • CVE-2016-1516HigApr 10, 2017
    risk 0.50cvss 8.8epss 0.02

    OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code.

  • CVE-2015-8258HigApr 10, 2017
    risk 0.52cvss 7.5epss 0.09

    AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."

  • CVE-2015-8255HigApr 10, 2017
    risk 0.60cvss 8.8epss 0.02

    AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi.

  • CVE-2015-7274HigApr 10, 2017
    risk 0.57cvss 8.8epss 0.02

    Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands.

  • CVE-2015-7270HigApr 10, 2017
    risk 0.51cvss 7.8epss 0.01

    Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal.

  • CVE-2015-7265HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.01

    Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks.

  • CVE-2015-7263HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.01

    The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value.

  • CVE-2015-7260HigApr 10, 2017
    risk 0.51cvss 7.8epss 0.00

    Liebert MultiLink Automated Shutdown v4.2.4 allows local users to gain privileges by replacing the LiebertM executable file.

  • CVE-2015-6028HigApr 10, 2017
    risk 0.57cvss 8.8epss 0.01

    Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter.

  • CVE-2015-2889HigApr 10, 2017
    risk 0.57cvss 8.8epss 0.02

    Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to gain privileges via manual entry of a Settings URL.

  • CVE-2015-2886HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.01

    iBaby M6 allows remote attackers to obtain sensitive information, related to the ibabycloud.com service.

  • CVE-2015-2884HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.01

    Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and cam_service_enable.cgi.

  • CVE-2015-2880HigApr 10, 2017
    risk 0.57cvss 8.8epss 0.01

    TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account.

  • CVE-2014-2960HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.01

    Vision Critical before 2014-05-30 allows attackers to read arbitrary files via unspecified vectors, as demonstrated by image files and configuration files.

  • CVE-2017-7605HigApr 9, 2017
    risk 0.51cvss 7.8epss 0.02

    aacplusenc.c in HE-AAC+ Codec (aka libaacplus) 2.0.2 has an assertion failure, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.

  • CVE-2017-7604HigApr 9, 2017
    risk 0.51cvss 7.8epss 0.01

    au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.

  • CVE-2017-7603HigApr 9, 2017
    risk 0.51cvss 7.8epss 0.01

    au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.

  • CVE-2017-7602HigApr 9, 2017
    risk 0.51cvss 7.8epss 0.03

    LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

  • CVE-2017-7601HigApr 9, 2017
    risk 0.51cvss 7.8epss 0.02

    LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.

  • CVE-2017-7600HigApr 9, 2017
    risk 0.51cvss 7.8epss 0.01

    LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.