VYPR

CVEs

100,075 total · page 1912 of 2,002

  • CVE-2016-10151HigMar 1, 2017
    risk 0.39cvss 7.0epss 0.00

    The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the (1) HESIOD_CONFIG or (2) HES_DOMAIN environment variable and leveraging…

  • CVE-2017-2685HigMar 1, 2017
    risk 0.48cvss 7.4epss 0.01

    Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions while performing a…

  • CVE-2017-5886HigMar 1, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

  • CVE-2017-5853HigMar 1, 2017
    risk 0.51cvss 7.8epss 0.01

    Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

  • CVE-2016-10094HigMar 1, 2017
    risk 0.44cvss 7.8epss 0.02

    Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image.

  • CVE-2016-10093HigMar 1, 2017
    risk 0.44cvss 7.8epss 0.02

    Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image, which…

  • CVE-2016-10092HigMar 1, 2017
    risk 0.44cvss 7.8epss 0.02

    Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to…

  • CVE-2017-5682HigFeb 28, 2017
    risk 0.48cvss 7.3epss 0.01

    Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated…

  • CVE-2017-5982HigFeb 28, 2017
    risk 0.58cvss 7.5epss 0.78

    Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.

  • CVE-2017-5884HigFeb 28, 2017
    risk 0.51cvss 7.8epss 0.02

    gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.

  • CVE-2016-10207HigFeb 28, 2017
    risk 0.42cvss 7.5epss 0.03

    The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early.

  • CVE-2016-8715HigFeb 28, 2017
    risk 0.51cvss 7.8epss 0.02

    An exploitable heap corruption vulnerability exists in the loadTrailer functionality of Iceni Argus version 6.6.05. A specially crafted PDF file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide a malicious PDF file to trigger this…

  • CVE-2016-8389HigFeb 28, 2017
    risk 0.51cvss 7.8epss 0.02

    An exploitable integer-overflow vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will attempt to convert each character from a font into a polygon and then attempt to rasterize these shapes. As the application attempts to iterate…

  • CVE-2016-8388HigFeb 28, 2017
    risk 0.51cvss 7.8epss 0.02

    An exploitable arbitrary heap-overwrite vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will explicitly trust an index within the specific font object and use it to write the font's name to a single object within an array of…

  • CVE-2016-8387HigFeb 27, 2017
    risk 0.51cvss 7.8epss 0.02

    An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF with an object encoded w/ multiple encoding types terminating with an LZW encoded type, an overflow may occur due to a lack of bounds checking by the LZW decoder. This…

  • CVE-2016-8386HigFeb 27, 2017
    risk 0.51cvss 7.8epss 0.02

    An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a PDF containing a malformed font to XML, the tool will attempt to use a size out of the font to search through a linked list of buffers to return. Due to a signedness issue, a buffer…

  • CVE-2016-8385HigFeb 27, 2017
    risk 0.51cvss 7.8epss 0.02

    An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF to XML a stack variable will be left uninitialized which will later be used to fetch a length that is used in a…

  • CVE-2017-2683HigFeb 27, 2017
    risk 0.53cvss 8.2epss 0.01

    A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining administrative permissions.

  • CVE-2017-2682HigFeb 27, 2017
    risk 0.57cvss 8.8epss 0.01

    The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active…

  • CVE-2017-6343HigFeb 27, 2017
    risk 0.57cvss 8.1epss 0.60

    The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash…

  • CVE-2017-5927HigFeb 27, 2017
    risk 0.49cvss 7.5epss 0.02

    Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking…

  • CVE-2017-5926HigFeb 27, 2017
    risk 0.49cvss 7.5epss 0.02

    Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking…

  • CVE-2017-5925HigFeb 27, 2017
    risk 0.49cvss 7.5epss 0.02

    Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript,…

  • CVE-2017-0037HigKEVFeb 26, 2017
    risk 0.74cvss 8.1epss 0.80

    Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted…

  • CVE-2017-2791HigFeb 24, 2017
    risk 0.49cvss 7.5epss 0.01

    JustSystems Ichitaro 2016 Trial contains a vulnerability that exists when trying to open a specially crafted PowerPoint file. Due to the application incorrectly handling the error case for a function's result, the application will use this result in a pointer calculation for…

  • CVE-2017-2790HigFeb 24, 2017
    risk 0.57cvss 8.8epss 0.02

    When processing a record type of 0x3c from a Workbook stream from an Excel file (.xls), JustSystems Ichitaro Office trusts that the size is greater than zero, subtracts one from the length, and uses this result as the size for a memcpy. This results in a heap-based buffer…

  • CVE-2017-2789HigFeb 24, 2017
    risk 0.57cvss 8.8epss 0.02

    When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document. If both of these values are larger than the size of the buffer, the application will choose the smaller of the two and…

  • CVE-2016-4041HigFeb 24, 2017
    risk 0.48cvss 7.3epss 0.01

    Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors.

  • CVE-2016-2226HigFeb 24, 2017
    risk 0.54cvss 7.8epss 0.07

    Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.

  • CVE-2016-9975HigFeb 24, 2017
    risk 0.57cvss 8.8epss 0.00

    IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1998714.

  • CVE-2016-8998HigFeb 24, 2017
    risk 0.47cvss 7.2epss 0.02

    IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. IBM Reference #: 1998747.

  • CVE-2017-5669HigFeb 24, 2017
    risk 0.51cvss 7.8epss 0.00

    The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by…

  • CVE-2017-6310HigFeb 24, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker.

  • CVE-2017-6309HigFeb 24, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker.

  • CVE-2017-6308HigFeb 24, 2017
    risk 0.51cvss 7.8epss 0.02

    An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation.

  • CVE-2017-6307HigFeb 24, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker.

  • CVE-2017-6306HigFeb 24, 2017
    risk 0.51cvss 7.8epss 0.02

    An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c."

  • CVE-2017-6305HigFeb 24, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "8 of 9. Out of Bounds read and write."

  • CVE-2017-6304HigFeb 24, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read."

  • CVE-2017-6303HigFeb 24, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "6 of 9. Invalid Write and Integer Overflow."

  • CVE-2017-6302HigFeb 24, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer Overflow."

  • CVE-2017-6301HigFeb 24, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "4 of 9. Out of Bounds Reads."

  • CVE-2017-6300HigFeb 24, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "3 of 9. Buffer Overflow in version field in lib/tnef-types.h."

  • CVE-2017-6298HigFeb 24, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "1 of 9. Null Pointer Deref / calloc return value not checked."

  • CVE-2017-6196HigFeb 24, 2017
    risk 0.51cvss 7.8epss 0.02

    Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a…

  • CVE-2016-10109HigFeb 23, 2017
    risk 0.49cvss 7.5epss 0.04

    Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function.

  • CVE-2017-6100HigFeb 23, 2017
    risk 0.49cvss 7.5epss 0.01

    tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP.

  • CVE-2017-6214HigFeb 23, 2017
    risk 0.49cvss 7.5epss 0.05

    The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.

  • CVE-2016-8974HigFeb 23, 2017
    risk 0.53cvss 8.1epss 0.01

    IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory…

  • CVE-2017-6206HigFeb 23, 2017
    risk 0.53cvss 7.5epss 0.16

    D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure attacks via unspecified vectors.