VYPR

CVEs

100,075 total · page 1932 of 2,002

  • CVE-2016-8707HigDec 23, 2016
    risk 0.51cvss 7.8epss 0.04

    An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability…

  • CVE-2016-7967HigDec 23, 2016
    risk 0.53cvss 8.1epss 0.02

    KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled.

  • CVE-2016-7966HigDec 23, 2016
    risk 0.48cvss 7.3epss 0.02

    Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available…

  • CVE-2016-9154HigDec 23, 2016
    risk 0.49cvss 7.5epss 0.01

    Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U,…

  • CVE-2016-7502HigDec 23, 2016
    risk 0.51cvss 7.8epss 0.01

    The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode.

  • CVE-2016-7450HigDec 23, 2016
    risk 0.51cvss 7.8epss 0.01

    The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file.

  • CVE-2016-6671HigDec 23, 2016
    risk 0.51cvss 7.8epss 0.02

    The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file.

  • CVE-2016-6659HigDec 23, 2016
    risk 0.53cvss 8.1epss 0.01

    Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 for UAA 3.6.5 and before 24 for UAA 3.9.3 allow attackers to gain privileges by accessing UAA logs and subsequently…

  • CVE-2016-9675HigDec 22, 2016
    risk 0.51cvss 7.8epss 0.02

    openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.

  • CVE-2016-9181HigDec 22, 2016
    risk 0.46cvss 7.1epss 0.01

    perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or, potentially, information disclosure.

  • CVE-2016-9179HigDec 22, 2016
    risk 0.49cvss 7.5epss 0.02

    lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host.

  • CVE-2016-7172HigDec 21, 2016
    risk 0.49cvss 7.5epss 0.02

    NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user.

  • CVE-2016-5851HigDec 21, 2016
    risk 0.50cvss 8.8epss 0.02

    python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted document.

  • CVE-2016-2349HigDec 21, 2016
    risk 0.49cvss 7.5epss 0.01

    Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password.

  • CVE-2016-7300HigDec 20, 2016
    risk 0.51cvss 7.8epss 0.02

    Untrusted search path vulnerability in Microsoft Auto Updater for Mac allows local users to gain privileges via a Trojan horse executable file, aka "Microsoft (MAU) Office Elevation of Privilege Vulnerability."

  • CVE-2016-7298HigDec 20, 2016
    risk 0.53cvss 7.8epss 0.23

    Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

  • CVE-2016-7297HigDec 20, 2016
    risk 0.51cvss 7.5epss 0.27

    The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7288,…

  • CVE-2016-7296HigDec 20, 2016
    risk 0.50cvss 7.5epss 0.17

    The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7288,…

  • CVE-2016-7292HigDec 20, 2016
    risk 0.51cvss 7.8epss 0.01

    The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles library loading, which allows local users to gain…

  • CVE-2016-7291HigDec 20, 2016
    risk 0.48cvss 7.1epss 0.23

    Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a…

  • CVE-2016-7290HigDec 20, 2016
    risk 0.48cvss 7.1epss 0.23

    Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a…

  • CVE-2016-7289HigDec 20, 2016
    risk 0.53cvss 7.8epss 0.25

    Microsoft Publisher 2010 SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

  • CVE-2016-7288HigDec 20, 2016
    risk 0.57cvss 7.5epss 0.70

    The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7296,…

  • CVE-2016-7287HigDec 20, 2016
    risk 0.57cvss 7.5epss 0.69

    The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

  • CVE-2016-7286HigDec 20, 2016
    risk 0.57cvss 7.5epss 0.69

    The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7288, CVE-2016-7296,…

  • CVE-2016-7283HigDec 20, 2016
    risk 0.59cvss 8.8epss 0.18

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

  • CVE-2016-7279HigDec 20, 2016
    risk 0.50cvss 7.5epss 0.15

    Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."

  • CVE-2016-7276HigDec 20, 2016
    risk 0.48cvss 7.1epss 0.25

    Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office…

  • CVE-2016-7275HigDec 20, 2016
    risk 0.51cvss 7.8epss 0.01

    Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."

  • CVE-2016-7274HigDec 20, 2016
    risk 0.64cvss 8.8epss 0.42

    Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web…

  • CVE-2016-7273HigDec 20, 2016
    risk 0.59cvss 8.8epss 0.19

    The Graphics component in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Remote Code Execution Vulnerability."

  • CVE-2016-7272HigDec 20, 2016
    risk 0.60cvss 8.8epss 0.39

    The Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via…

  • CVE-2016-7271HigDec 20, 2016
    risk 0.51cvss 7.8epss 0.01

    The Secure Kernel Mode implementation in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to bypass the virtual trust level (VTL) protection mechanism via a crafted application, aka "Secure Kernel Mode Elevation of Privilege Vulnerability."

  • CVE-2016-7270HigDec 20, 2016
    risk 0.50cvss 7.5epss 0.20

    The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET…

  • CVE-2016-7268HigDec 20, 2016
    risk 0.48cvss 7.1epss 0.23

    Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory…

  • CVE-2016-7266HigDec 20, 2016
    risk 0.52cvss 7.8epss 0.22

    Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded…

  • CVE-2016-7265HigDec 20, 2016
    risk 0.48cvss 7.1epss 0.23

    Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to obtain sensitive…

  • CVE-2016-7264HigDec 20, 2016
    risk 0.48cvss 7.1epss 0.23

    Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft…

  • CVE-2016-7263HigDec 20, 2016
    risk 0.52cvss 7.8epss 0.19

    Microsoft Excel for Mac 2011 and Excel 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

  • CVE-2016-7262HigKEVDec 20, 2016
    risk 0.67cvss 7.8epss 0.58

    Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka "Microsoft Office…

  • CVE-2016-7260HigDec 20, 2016
    risk 0.51cvss 7.8epss 0.02

    The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted…

  • CVE-2016-7259HigDec 20, 2016
    risk 0.51cvss 7.8epss 0.02

    The Graphics Component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain…

  • CVE-2016-7181HigDec 20, 2016
    risk 0.50cvss 7.5epss 0.14

    Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."

  • CVE-2016-10005HigDec 19, 2016
    risk 0.49cvss 7.5epss 0.02

    Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd requests, aka SAP Security Note 2344524.

  • CVE-2016-5185HigDec 18, 2016
    risk 0.57cvss 8.8epss 0.01

    Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.

  • CVE-2016-5184HigDec 18, 2016
    risk 0.57cvss 8.8epss 0.01

    PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption via crafted PDF files.

  • CVE-2016-5183HigDec 18, 2016
    risk 0.57cvss 8.8epss 0.01

    A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files.

  • CVE-2016-5182HigDec 18, 2016
    risk 0.57cvss 8.8epss 0.01

    Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages.

  • CVE-2016-9950HigDec 17, 2016
    risk 0.54cvss 7.8epss 0.07

    An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker…

  • CVE-2016-9949HigDec 17, 2016
    risk 0.55cvss 7.8epss 0.18

    An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.