VYPR

CVEs

100,081 total · page 1902 of 2,002

  • CVE-2014-9804HigMar 30, 2017
    risk 0.49cvss 7.5epss 0.03

    vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object."

  • CVE-2017-7323HigMar 30, 2017
    risk 0.53cvss 8.1epss 0.02

    The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier use http://rest.modx.com by default, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code by leveraging the lack of the HTTPS protection…

  • CVE-2017-7322HigMar 30, 2017
    risk 0.53cvss 8.1epss 0.01

    The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code via a crafted certificate.

  • CVE-2017-7290HigMar 30, 2017
    risk 0.47cvss 7.2epss 0.02

    SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program.

  • CVE-2017-7310HigMar 29, 2017
    risk 0.58cvss 7.8epss 0.54

    A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML…

  • CVE-2017-4980HigMar 29, 2017
    risk 0.49cvss 7.5epss 0.02

    EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions are 7.1.0 - 7.1.1.10, 7.2.0 - 7.2.1.3, and 8.0.0 - 8.0.0.1.

  • CVE-2017-4977HigMar 29, 2017
    risk 0.46cvss 7.0epss 0.00

    EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to compromise an affected system.

  • CVE-2017-7308HigMar 29, 2017
    risk 0.55cvss 7.8epss 0.18

    The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the…

  • CVE-2017-7258HigMar 29, 2017
    risk 0.49cvss 7.5epss 0.02

    HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Ltd. eMLi allows an Attacker to View Restricted Information or (even more seriously) execute powerful commands on the web server which can lead to a full compromise of the system via Directory Path Traversal, as…

  • CVE-2016-2379HigMar 29, 2017
    risk 0.57cvss 8.8epss 0.00

    The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords.

  • CVE-2017-7304HigMar 29, 2017
    risk 0.49cvss 7.5epss 0.02

    The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This…

  • CVE-2017-7303HigMar 29, 2017
    risk 0.49cvss 7.5epss 0.02

    The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils…

  • CVE-2017-7302HigMar 29, 2017
    risk 0.49cvss 7.5epss 0.02

    The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability…

  • CVE-2017-7301HigMar 29, 2017
    risk 0.49cvss 7.5epss 0.02

    The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU…

  • CVE-2017-7300HigMar 29, 2017
    risk 0.49cvss 7.5epss 0.02

    The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while…

  • CVE-2017-7285HigMar 29, 2017
    risk 0.53cvss 7.5epss 0.19

    A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections.

  • CVE-2017-5671HigMar 29, 2017
    risk 0.60cvss 8.8epss 0.01

    Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root…

  • CVE-2015-4556HigMar 29, 2017
    risk 0.49cvss 7.5epss 0.02

    The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash).

  • CVE-2009-5147HigMar 29, 2017
    risk 0.41cvss 7.3epss 0.08

    DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.

  • CVE-2017-7294HigMar 29, 2017
    risk 0.51cvss 7.8epss 0.00

    The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service…

  • CVE-2017-2689HigMar 29, 2017
    risk 0.57cvss 8.8epss 0.01

    Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings.

  • CVE-2017-2688HigMar 29, 2017
    risk 0.57cvss 8.8epss 0.01

    The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link…

  • CVE-2017-7297HigMar 29, 2017
    risk 0.57cvss 8.8epss 0.01

    Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3.

  • CVE-2016-8031HigMar 28, 2017
    risk 0.47cvss 7.3epss 0.00

    Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local users to bypass local security protection via a crafted input file.

  • CVE-2017-7277HigMar 28, 2017
    risk 0.46cvss 7.1epss 0.00

    The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system…

  • CVE-2016-9469HigMar 28, 2017
    risk 0.53cvss 8.2epss 0.02

    Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be exploited by an…

  • CVE-2016-9463HigMar 28, 2017
    risk 0.53cvss 8.1epss 0.04

    Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB…

  • CVE-2016-9456HigMar 28, 2017
    risk 0.57cvss 8.8epss 0.01

    Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed.

  • CVE-2016-9455HigMar 28, 2017
    risk 0.57cvss 8.8epss 0.01

    Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`,…

  • CVE-2016-9127HigMar 28, 2017
    risk 0.57cvss 8.8epss 0.01

    Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send a large number of password recovery emails to the registered users, especially…

  • CVE-2016-9123HigMar 28, 2017
    risk 0.42cvss 7.5epss 0.02

    go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures.

  • CVE-2016-9122HigMar 28, 2017
    risk 0.42cvss 7.5epss 0.02

    go-jose before 1.0.4 suffers from multiple signatures exploitation. The go-jose library supports messages with multiple signatures. However, when validating a signed message the API did not indicate which signature was valid, which could potentially lead to confusion. For…

  • CVE-2017-6964HigMar 28, 2017
    risk 0.51cvss 7.8epss 0.00

    dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects…

  • CVE-2017-1153HigMar 27, 2017
    risk 0.57cvss 8.8epss 0.01

    IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference #: 1999563.

  • CVE-2016-8960HigMar 27, 2017
    risk 0.57cvss 8.8epss 0.02

    IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subsequent requests. IBM…

  • CVE-2017-5239HigMar 27, 2017
    risk 0.49cvss 7.5epss 0.00

    Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM)…

  • CVE-2017-5237HigMar 27, 2017
    risk 0.49cvss 7.5epss 0.02

    Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!"

  • CVE-2016-9252HigMar 27, 2017
    risk 0.49cvss 7.5epss 0.02

    The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through unspecified vectors.

  • CVE-2017-7272HigMar 27, 2017
    risk 0.48cvss 7.4epss 0.04

    PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname…

  • CVE-2017-7183HigMar 27, 2017
    risk 0.52cvss 7.5epss 0.06

    The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers to cause a denial of service (crash) via a large (1) read or (2) write TFTP protocol message.

  • CVE-2017-6462HigMar 27, 2017
    risk 0.51cvss 7.8epss 0.00

    Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.

  • CVE-2017-6460HigMar 27, 2017
    risk 0.57cvss 8.8epss 0.03

    Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.

  • CVE-2017-6458HigMar 27, 2017
    risk 0.58cvss 8.8epss 0.07

    Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.

  • CVE-2017-6455HigMar 27, 2017
    risk 0.46cvss 7.0epss 0.00

    NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable.

  • CVE-2017-6452HigMar 27, 2017
    risk 0.51cvss 7.8epss 0.00

    Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line.

  • CVE-2017-6451HigMar 27, 2017
    risk 0.51cvss 7.8epss 0.00

    The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds…

  • CVE-2016-9243HigMar 27, 2017
    risk 0.42cvss 7.5epss 0.03

    HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.

  • CVE-2016-4912HigMar 27, 2017
    risk 0.49cvss 7.5epss 0.05

    The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure.

  • CVE-2016-10225HigMar 27, 2017
    risk 0.54cvss 7.8epss 0.04

    The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug.

  • CVE-2015-8764HigMar 27, 2017
    risk 0.53cvss 8.1epss 0.01

    Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.