VYPR

CVEs

97,194 total · page 1921 of 1,944

  • CVE-2015-8523HigApr 5, 2016
    risk 0.49cvss 7.5epss 0.01

    The server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to cause a denial of service (service crash) via crafted packets to a TCP port.

  • CVE-2016-2289HigApr 1, 2016
    risk 0.49cvss 7.5epss 0.02

    Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors.

  • CVE-2016-0793HigApr 1, 2016
    risk 0.53cvss 7.5epss 0.16

    Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that…

  • CVE-2016-1168HigApr 1, 2016
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users.

  • CVE-2016-1167HigApr 1, 2016
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP devices allows remote attackers to hijack the authentication of arbitrary users.

  • CVE-2016-1345HigApr 1, 2016
    risk 0.49cvss 7.5epss 0.01

    Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726.

  • CVE-2016-3142HigMar 31, 2016
    risk 0.54cvss 8.2epss 0.05

    The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06…

  • CVE-2015-8837HigMar 30, 2016
    risk 0.48cvss 7.3epss 0.03

    Stack-based buffer overflow in the isofs_real_readdir function in isofs.c in FuseISO 20070708 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long pathname in an ISO file.

  • CVE-2015-8836HigMar 30, 2016
    risk 0.48cvss 7.3epss 0.02

    Integer overflow in the isofs_real_read_zf function in isofs.c in FuseISO 20070708 might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ZF block size in an ISO file, leading to a heap-based buffer…

  • CVE-2016-2288HigMar 29, 2016
    risk 0.54cvss 7.8epss 0.01

    Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file.

  • CVE-2016-3679HigMar 29, 2016
    risk 0.57cvss 8.8epss 0.01

    Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2016-1650HigMar 29, 2016
    risk 0.57cvss 8.8epss 0.01

    The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/page_capture/page_capture_api.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating…

  • CVE-2016-1649HigMar 29, 2016
    risk 0.57cvss 8.8epss 0.03

    The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified…

  • CVE-2016-1648HigMar 29, 2016
    risk 0.57cvss 8.8epss 0.02

    Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted…

  • CVE-2016-1647HigMar 29, 2016
    risk 0.57cvss 8.8epss 0.02

    Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have…

  • CVE-2016-1646HigKEVMar 29, 2016
    risk 0.73cvss 8.8epss 0.48

    The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other…

  • CVE-2016-2344HigMar 28, 2016
    risk 0.49cvss 7.5epss 0.04

    Stack-based buffer overflow in manager.exe in Backburner Manager in Autodesk Backburner 2016 2016.0.0.2150 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted command. NOTE: this is only a vulnerability in…

  • CVE-2016-0226HigMar 28, 2016
    risk 0.51cvss 7.8epss 0.00

    The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file.

  • CVE-2014-9769HigMar 28, 2016
    risk 0.48cvss 7.3epss 0.02

    pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets…

  • CVE-2016-1351HigMar 26, 2016
    risk 0.49cvss 7.5epss 0.04

    The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.1 and 15.2 and NX-OS 4.1 through 6.2 allows remote attackers to cause a denial of service (device reload) via a crafted header in a packet, aka Bug ID CSCuu64279.

  • CVE-2016-1350HigMar 26, 2016
    risk 0.49cvss 7.5epss 0.03

    Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293.

  • CVE-2016-1349HigMar 26, 2016
    risk 0.49cvss 7.5epss 0.02

    The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410.

  • CVE-2016-1348HigMar 26, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821.

  • CVE-2016-1347HigMar 24, 2016
    risk 0.49cvss 7.5epss 0.01

    The Wide Area Application Services (WAAS) Express implementation in Cisco IOS 15.1 through 15.5 allows remote attackers to cause a denial of service (device reload) via a crafted TCP segment, aka Bug ID CSCuq59708.

  • CVE-2016-0636HigMar 24, 2016
    risk 0.53cvss 8.1epss 0.06

    Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component.

  • CVE-2016-1783HigMar 24, 2016
    risk 0.57cvss 8.8epss 0.03

    WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

  • CVE-2016-1778HigMar 24, 2016
    risk 0.58cvss 8.8epss 0.04

    WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

  • CVE-2016-1777HigMar 24, 2016
    risk 0.49cvss 7.5epss 0.02

    Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.

  • CVE-2016-1775HigMar 24, 2016
    risk 0.51cvss 7.8epss 0.04

    TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

  • CVE-2016-1769HigMar 24, 2016
    risk 0.54cvss 7.8epss 0.05

    QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file.

  • CVE-2016-1768HigMar 24, 2016
    risk 0.55cvss 7.8epss 0.17

    QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1767.

  • CVE-2016-1767HigMar 24, 2016
    risk 0.54cvss 7.8epss 0.05

    QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768.

  • CVE-2016-1766HigMar 24, 2016
    risk 0.49cvss 7.5epss 0.01

    The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors.

  • CVE-2016-1765HigMar 24, 2016
    risk 0.51cvss 7.8epss 0.00

    otool in Apple Xcode before 7.3 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors.

  • CVE-2016-1762HigMar 24, 2016
    risk 0.46cvss 8.1epss 0.06

    The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

  • CVE-2016-1759HigMar 24, 2016
    risk 0.51cvss 7.8epss 0.01

    The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

  • CVE-2016-1757HigMar 24, 2016
    risk 0.50cvss 7.0epss 0.13

    Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.

  • CVE-2016-1756HigMar 24, 2016
    risk 0.51cvss 7.8epss 0.01

    The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

  • CVE-2016-1755HigMar 24, 2016
    risk 0.54cvss 7.8epss 0.05

    The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754.

  • CVE-2016-1754HigMar 24, 2016
    risk 0.51cvss 7.8epss 0.01

    The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1755.

  • CVE-2016-1753HigMar 24, 2016
    risk 0.51cvss 7.8epss 0.02

    Multiple integer overflows in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allow attackers to execute arbitrary code in a privileged context via a crafted app.

  • CVE-2016-1751HigMar 24, 2016
    risk 0.51cvss 7.8epss 0.01

    The kernel in Apple iOS before 9.3, tvOS before 9.2, and watchOS before 2.2 does not properly restrict the execute permission, which allows attackers to bypass a code-signing protection mechanism via a crafted app.

  • CVE-2016-1750HigMar 24, 2016
    risk 0.51cvss 7.8epss 0.02

    Use-after-free vulnerability in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.

  • CVE-2016-1749HigMar 24, 2016
    risk 0.54cvss 7.8epss 0.04

    IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

  • CVE-2016-1747HigMar 24, 2016
    risk 0.51cvss 7.8epss 0.02

    IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1746.

  • CVE-2016-1746HigMar 24, 2016
    risk 0.51cvss 7.8epss 0.02

    IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1747.

  • CVE-2016-1744HigMar 24, 2016
    risk 0.54cvss 7.8epss 0.04

    The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1743.

  • CVE-2016-1743HigMar 24, 2016
    risk 0.54cvss 7.8epss 0.05

    The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1744.

  • CVE-2016-1740HigMar 24, 2016
    risk 0.51cvss 7.8epss 0.04

    FontParser in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document.

  • CVE-2016-1738HigMar 24, 2016
    risk 0.51cvss 7.8epss 0.00

    dyld in Apple OS X before 10.11.4 allows attackers to bypass a code-signing protection mechanism via a modified app.