VYPR

CVEs

100,081 total · page 1904 of 2,002

  • CVE-2016-9389HigMar 23, 2017
    risk 0.49cvss 7.5epss 0.04

    The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure).

  • CVE-2016-9387HigMar 23, 2017
    risk 0.51cvss 7.8epss 0.02

    Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.

  • CVE-2016-9276HigMar 23, 2017
    risk 0.49cvss 7.5epss 0.04

    The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read).

  • CVE-2016-9275HigMar 23, 2017
    risk 0.49cvss 7.5epss 0.04

    Heap-based buffer overflow in the _dwarf_skim_forms function in libdwarf/dwarf_macro5.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read).

  • CVE-2016-8886HigMar 23, 2017
    risk 0.51cvss 7.8epss 0.02

    The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.

  • CVE-2016-10059HigMar 23, 2017
    risk 0.44cvss 7.8epss 0.02

    Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file.

  • CVE-2016-10057HigMar 23, 2017
    risk 0.44cvss 7.8epss 0.02

    Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

  • CVE-2016-10056HigMar 23, 2017
    risk 0.44cvss 7.8epss 0.02

    Buffer overflow in the sixel_decode function in coders/sixel.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

  • CVE-2016-10055HigMar 23, 2017
    risk 0.44cvss 7.8epss 0.02

    Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

  • CVE-2016-10054HigMar 23, 2017
    risk 0.44cvss 7.8epss 0.02

    Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

  • CVE-2016-10052HigMar 23, 2017
    risk 0.44cvss 7.8epss 0.02

    Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

  • CVE-2016-10051HigMar 23, 2017
    risk 0.44cvss 7.8epss 0.02

    Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

  • CVE-2016-10050HigMar 23, 2017
    risk 0.44cvss 7.8epss 0.02

    Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.

  • CVE-2016-10049HigMar 23, 2017
    risk 0.44cvss 7.8epss 0.02

    Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.

  • CVE-2016-10048HigMar 23, 2017
    risk 0.42cvss 7.5epss 0.07

    Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors.

  • CVE-2017-7199HigMar 23, 2017
    risk 0.51cvss 7.8epss 0.00

    Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue.

  • CVE-2017-6191HigMar 23, 2017
    risk 0.54cvss 7.8epss 0.07

    Buffer overflow in APNGDis 2.8 and below allows a remote attacker to execute arbitrary code via a crafted filename.

  • CVE-2017-5227HigMar 23, 2017
    risk 0.52cvss 7.5epss 0.06

    QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration file.

  • CVE-2017-5207HigMar 23, 2017
    risk 0.51cvss 7.8epss 0.00

    Firejail before 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via the --shell argument.

  • CVE-2016-9775HigMar 23, 2017
    risk 0.51cvss 7.8epss 0.01

    The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before…

  • CVE-2016-9774HigMar 23, 2017
    risk 0.51cvss 7.8epss 0.01

    The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before…

  • CVE-2016-9167HigMar 23, 2017
    risk 0.49cvss 7.5epss 0.01

    NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL.

  • CVE-2016-5758HigMar 23, 2017
    risk 0.57cvss 8.8epss 0.01

    A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load.

  • CVE-2016-5754HigMar 23, 2017
    risk 0.49cvss 7.5epss 0.01

    Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before SP2.

  • CVE-2016-5752HigMar 23, 2017
    risk 0.49cvss 7.5epss 0.01

    The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the original requester.

  • CVE-2016-5750HigMar 23, 2017
    risk 0.57cvss 8.8epss 0.01

    The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users.

  • CVE-2016-5747HigMar 23, 2017
    risk 0.49cvss 7.5epss 0.02

    A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies.

  • CVE-2016-1602HigMar 23, 2017
    risk 0.51cvss 7.8epss 0.01

    A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root).

  • CVE-2016-1597HigMar 23, 2017
    risk 0.57cvss 8.8epss 0.01

    A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could escalate privileges to administrator.

  • CVE-2017-7235HigMar 23, 2017
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. This is fixed in 1.8.0.

  • CVE-2017-3864HigMar 22, 2017
    risk 0.56cvss 8.6epss 0.03

    A vulnerability in the DHCP client implementation of Cisco IOS (12.2, 12.4, and 15.0 through 15.6) and Cisco IOS XE (3.3 through 3.7) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability occurs during the parsing of a…

  • CVE-2017-3859HigMar 22, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a format string vulnerability when…

  • CVE-2017-3858HigMar 22, 2017
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the web framework of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of HTTP parameters supplied by the user. An…

  • CVE-2017-3857HigMar 22, 2017
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to…

  • CVE-2017-3856HigMar 22, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the web user interface of Cisco IOS XE 3.1 through 3.17 could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient resource handling by the affected software when the web user interface is…

  • CVE-2017-3852HigMar 22, 2017
    risk 0.53cvss 8.1epss 0.03

    A vulnerability in the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance running on the affected device. The vulnerability is due…

  • CVE-2017-3851HigMar 22, 2017
    risk 0.49cvss 7.5epss 0.05

    A Directory Traversal vulnerability in the web framework code of the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the…

  • CVE-2017-7231HigMar 22, 2017
    risk 0.51cvss 7.8epss 0.01

    pngdefry through 2017-03-22 is prone to a heap-based buffer-overflow vulnerability because it fails to properly process a specially crafted png file. This issue affects the 'process()' function of the 'pngdefry.c' source file.

  • CVE-2017-7227HigMar 22, 2017
    risk 0.49cvss 7.5epss 0.03

    GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l.

  • CVE-2017-7225HigMar 22, 2017
    risk 0.49cvss 7.5epss 0.02

    The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.

  • CVE-2017-7223HigMar 22, 2017
    risk 0.49cvss 7.5epss 0.02

    GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.

  • CVE-2017-6971HigMar 22, 2017
    risk 0.61cvss 8.8epss 0.16

    AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862.

  • CVE-2017-6970HigMar 22, 2017
    risk 0.58cvss 8.4epss 0.02

    AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863.

  • CVE-2014-9839HigMar 22, 2017
    risk 0.49cvss 7.5epss 0.02

    magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access).

  • CVE-2014-9835HigMar 22, 2017
    risk 0.51cvss 7.8epss 0.01

    Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file.

  • CVE-2014-9834HigMar 22, 2017
    risk 0.51cvss 7.8epss 0.01

    Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file.

  • CVE-2014-9833HigMar 22, 2017
    risk 0.51cvss 7.8epss 0.01

    Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file.

  • CVE-2014-9832HigMar 22, 2017
    risk 0.51cvss 7.8epss 0.01

    Heap overflow in ImageMagick 6.8.9-9 via a crafted pcx file.

  • CVE-2017-5874HigMar 22, 2017
    risk 0.57cvss 8.8epss 0.01

    CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact.

  • CVE-2017-3849HigMar 21, 2017
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16) could allow an unauthenticated, adjacent attacker to cause a denial of service…