VYPR

CVEs

100,081 total · page 1905 of 2,002

  • CVE-2016-6650HigMar 21, 2017
    risk 0.49cvss 7.5epss 0.02

    EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to compromise the affected system.

  • CVE-2016-4504HigMar 21, 2017
    risk 0.57cvss 8.8epss 0.00

    A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function.

  • CVE-2017-7208HigMar 21, 2017
    risk 0.46cvss 7.1epss 0.01

    The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file.

  • CVE-2017-7206HigMar 21, 2017
    risk 0.46cvss 7.1epss 0.01

    The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file.

  • CVE-2016-4929HigMar 20, 2017
    risk 0.58cvss 8.8epss 0.04

    Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user.

  • CVE-2016-4928HigMar 20, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space.

  • CVE-2016-4927HigMar 20, 2017
    risk 0.53cvss 8.1epss 0.01

    Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices.

  • CVE-2016-6816HigMar 20, 2017
    risk 0.45cvss 7.1epss 0.40

    The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid…

  • CVE-2017-6803HigMar 20, 2017
    risk 0.61cvss 8.8epss 0.04

    Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin password, (2) terminate the…

  • CVE-2017-6318HigMar 20, 2017
    risk 0.49cvss 7.5epss 0.03

    saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet.

  • CVE-2017-6178HigMar 20, 2017
    risk 0.54cvss 7.8epss 0.01

    The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference.

  • CVE-2017-6058HigMar 20, 2017
    risk 0.49cvss 7.5epss 0.04

    Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN…

  • CVE-2017-5618HigMar 20, 2017
    risk 0.51cvss 7.8epss 0.01

    GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.

  • CVE-2017-1151HigMar 20, 2017
    risk 0.53cvss 8.1epss 0.02

    IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. IBM Reference #: 1999293.

  • CVE-2017-1145HigMar 20, 2017
    risk 0.56cvss 8.6epss 0.02

    IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. IBM Reference #: 1999672.

  • CVE-2017-1134HigMar 20, 2017
    risk 0.51cvss 7.8epss 0.00

    IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access. IBM Reference #: 1998459.

  • CVE-2016-9165HigMar 20, 2017
    risk 0.49cvss 7.5epss 0.04

    The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication…

  • CVE-2016-5857HigMar 20, 2017
    risk 0.51cvss 7.8epss 0.00

    The Qualcomm SPCom driver in Android before 7.0 allows local users to execute arbitrary code within the context of the kernel via a crafted application, aka Android internal bug 34386529 and Qualcomm internal bug CR#1094140.

  • CVE-2015-8983HigMar 20, 2017
    risk 0.53cvss 8.1epss 0.04

    Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a…

  • CVE-2014-9851HigMar 20, 2017
    risk 0.49cvss 7.5epss 0.04

    ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).

  • CVE-2014-9850HigMar 20, 2017
    risk 0.49cvss 7.5epss 0.04

    Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).

  • CVE-2014-9849HigMar 20, 2017
    risk 0.49cvss 7.5epss 0.04

    The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).

  • CVE-2014-9848HigMar 20, 2017
    risk 0.49cvss 7.5epss 0.04

    Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).

  • CVE-2014-9842HigMar 20, 2017
    risk 0.49cvss 7.5epss 0.04

    Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

  • CVE-2012-5361HigMar 20, 2017
    risk 0.51cvss 7.8epss 0.03

    Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted WMV file.

  • CVE-2017-7187HigMar 20, 2017
    risk 0.51cvss 7.8epss 0.00

    The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to…

  • CVE-2017-7186HigMar 20, 2017
    risk 0.49cvss 7.5epss 0.05

    libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.

  • CVE-2014-9938HigMar 20, 2017
    risk 0.50cvss 8.8epss 0.02

    contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.

  • CVE-2017-7184HigMar 19, 2017
    risk 0.51cvss 7.8epss 0.02

    The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by…

  • CVE-2017-7178HigMar 18, 2017
    risk 0.61cvss 8.8epss 0.04

    CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin.

  • CVE-2017-7177HigMar 18, 2017
    risk 0.49cvss 7.5epss 0.01

    Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching.

  • CVE-2015-3884HigMar 17, 2017
    risk 0.61cvss 8.8epss 0.14

    Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing…

  • CVE-2015-3881HigMar 17, 2017
    risk 0.49cvss 7.5epss 0.02

    Information disclosure issue in qdPM 8.3 allows remote attackers to obtain sensitive information via a direct request to (1) core/config/databases.yml, (2) core/log/qdPM_prod.log, or (3) core/apps/qdPM/config/settings.yml.

  • CVE-2014-9854HigMar 17, 2017
    risk 0.49cvss 7.5epss 0.04

    coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."

  • CVE-2014-8722HigMar 17, 2017
    risk 0.53cvss 7.5epss 0.14

    GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/.xml, (2) backups/users/.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml.

  • CVE-2014-8701HigMar 17, 2017
    risk 0.49cvss 7.5epss 0.01

    Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the unsalted MD5 hashed password.

  • CVE-2017-6967HigMar 17, 2017
    risk 0.48cvss 7.3epss 0.01

    xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass.

  • CVE-2017-6962HigMar 17, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer overflow. This is related to the read_chunk function making an unchecked addition of 12.

  • CVE-2017-6960HigMar 17, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer over-read, related to the load_apng function and the imagesize variable.

  • CVE-2017-0151HigMar 17, 2017
    risk 0.50cvss 7.5epss 0.15

    A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the…

  • CVE-2017-0150HigMar 17, 2017
    risk 0.50cvss 7.5epss 0.15

    A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the…

  • CVE-2017-0149HigKEVMar 17, 2017
    risk 0.72cvss 8.8epss 0.29

    Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in…

  • CVE-2017-0148HigKEVMar 17, 2017
    risk 0.82cvss 8.1epss 0.99

    The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via…

  • CVE-2017-0147HigKEVMar 17, 2017
    risk 0.78cvss 7.5epss 1.00

    The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information…

  • CVE-2017-0146HigKEVMar 17, 2017
    risk 0.85cvss 8.8epss 0.90

    The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via…

  • CVE-2017-0145HigKEVMar 17, 2017
    risk 0.85cvss 8.8epss 0.90

    The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via…

  • CVE-2017-0144HigKEVMar 17, 2017
    risk 0.86cvss 8.8epss 0.99

    The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via…

  • CVE-2017-0143HigKEVMar 17, 2017
    risk 0.86cvss 8.8epss 0.93

    The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via…

  • CVE-2017-0141HigMar 17, 2017
    risk 0.53cvss 7.5epss 0.48

    A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the…

  • CVE-2017-0138HigMar 17, 2017
    risk 0.50cvss 7.5epss 0.15

    A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the…