VYPR

CVEs

100,081 total · page 1901 of 2,002

  • CVE-2017-2415HigApr 2, 2017
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code by…

  • CVE-2017-2413HigApr 2, 2017
    risk 0.51cvss 7.8epss 0.02

    An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "QuickTime" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted media file.

  • CVE-2017-2410HigApr 2, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.

  • CVE-2017-2409HigApr 2, 2017
    risk 0.46cvss 7.1epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Menus" component. It allows attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted app.

  • CVE-2017-2408HigApr 2, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOATAFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

  • CVE-2017-2407HigApr 2, 2017
    risk 0.51cvss 7.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or…

  • CVE-2017-2406HigApr 2, 2017
    risk 0.51cvss 7.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or…

  • CVE-2017-2405HigApr 2, 2017
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and…

  • CVE-2017-2403HigApr 2, 2017
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Printing" component. A format-string vulnerability allows remote attackers to execute arbitrary code via a crafted ipp: or ipps: URL.

  • CVE-2017-2401HigApr 2, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a…

  • CVE-2017-2398HigApr 2, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via…

  • CVE-2017-2396HigApr 2, 2017
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory…

  • CVE-2017-2395HigApr 2, 2017
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory…

  • CVE-2017-2394HigApr 2, 2017
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory…

  • CVE-2017-2392HigApr 2, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.

  • CVE-2017-2389HigApr 2, 2017
    risk 0.53cvss 8.1epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof an HTTP authentication sheet or cause a denial of service via a crafted web site.

  • CVE-2017-2382HigApr 2, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in certain Apple products. macOS Server before 5.3 is affected. The issue involves the "Wiki Server" component. It allows remote attackers to enumerate user accounts via unspecified vectors.

  • CVE-2017-2381HigApr 2, 2017
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "sudo" component. It allows remote authenticated users to gain privileges by leveraging membership in the admin group on a network directory server.

  • CVE-2017-2380HigApr 2, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the Simple Certificate Enrollment Protocol (SCEP) implementation in the "Profiles" component. It allows remote attackers to bypass cryptographic protection mechanisms by…

  • CVE-2017-2379HigApr 2, 2017
    risk 0.51cvss 7.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Carbon" component. It allows remote attackers to execute arbitrary code or…

  • CVE-2017-2378HigApr 2, 2017
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the "WebKit" component. It allows remote attackers to execute arbitrary code or spoof a bookmark by leveraging mishandling of…

  • CVE-2017-2377HigApr 2, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows attackers to cause a denial of service (memory corruption and application crash) by leveraging a…

  • CVE-2017-2376HigApr 2, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar by leveraging text input during the loading of a page.

  • CVE-2017-7396HigApr 1, 2017
    risk 0.49cvss 7.5epss 0.02

    In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server.

  • CVE-2017-7394HigApr 1, 2017
    risk 0.49cvss 7.5epss 0.02

    In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames.

  • CVE-2017-7393HigApr 1, 2017
    risk 0.57cvss 8.8epss 0.02

    In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution.

  • CVE-2017-7392HigApr 1, 2017
    risk 0.49cvss 7.5epss 0.02

    In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server.

  • CVE-2016-8032HigMar 31, 2017
    risk 0.47cvss 7.3epss 0.00

    Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file.

  • CVE-2017-7374HigMar 31, 2017
    risk 0.51cvss 7.8epss 0.01

    Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic…

  • CVE-2016-6561HigMar 31, 2017
    risk 0.49cvss 7.5epss 0.03

    illumos smbsrv NULL pointer dereference allows system crash.

  • CVE-2016-6560HigMar 31, 2017
    risk 0.56cvss 8.6epss 0.02

    illumos osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comparisons allowing a system crash.

  • CVE-2017-2775HigMar 31, 2017
    risk 0.49cvss 7.5epss 0.03

    An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting…

  • CVE-2016-9707HigMar 31, 2017
    risk 0.53cvss 8.1epss 0.02

    IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM…

  • CVE-2016-8917HigMar 31, 2017
    risk 0.57cvss 8.8epss 0.01

    IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000943.

  • CVE-2017-3009HigMar 31, 2017
    risk 0.49cvss 7.5epss 0.04

    Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow vulnerability in the JPEG2000 parser. Successful exploitation could lead to information disclosure.

  • CVE-2015-4624HigMar 31, 2017
    risk 0.55cvss 7.5epss 0.37

    Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.

  • CVE-2014-9114HigMar 31, 2017
    risk 0.44cvss 7.8epss 0.01

    Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.

  • CVE-2017-2647HigMar 31, 2017
    risk 0.51cvss 7.8epss 0.00

    The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in…

  • CVE-2017-7253HigMar 30, 2017
    risk 0.57cvss 8.8epss 0.02

    Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera. During…

  • CVE-2017-6412HigMar 30, 2017
    risk 0.56cvss 8.1epss 0.08

    In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.

  • CVE-2017-6183HigMar 30, 2017
    risk 0.47cvss 7.2epss 0.03

    In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314.

  • CVE-2017-5185HigMar 30, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service.

  • CVE-2014-9825HigMar 30, 2017
    risk 0.51cvss 7.8epss 0.01

    Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824.

  • CVE-2014-9824HigMar 30, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825.

  • CVE-2014-9823HigMar 30, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819.

  • CVE-2014-9822HigMar 30, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file.

  • CVE-2014-9821HigMar 30, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.

  • CVE-2014-9820HigMar 30, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file.

  • CVE-2014-9819HigMar 30, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823.

  • CVE-2014-9817HigMar 30, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file.