VYPR

CVEs

100,075 total · page 1933 of 2,002

  • CVE-2016-9160HigDec 17, 2016
    risk 0.53cvss 8.1epss 0.01

    A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking…

  • CVE-2016-9158HigDec 17, 2016
    risk 0.49cvss 7.5epss 0.03

    A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7…

  • CVE-2016-7454HigDec 17, 2016
    risk 0.55cvss 8.0epss 0.03

    CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco dpc3941T) devices with firmware dpc3941-P20-18-v303r20421733-160413a-CMCST allows an attacker to change the Wi-Fi password, open the remote management interface, or reset the router.

  • CVE-2016-8825HigDec 16, 2016
    risk 0.51cvss 7.8epss 0.00

    All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges.

  • CVE-2016-8824HigDec 16, 2016
    risk 0.51cvss 7.8epss 0.00

    All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where improper access controls allow a regular user to write a part of the registry intended for privileged users only, leading to…

  • CVE-2016-8823HigDec 16, 2016
    risk 0.51cvss 7.8epss 0.01

    All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where the size of an input buffer is not validated leading to a denial of service or possible escalation of privileges

  • CVE-2016-8822HigDec 16, 2016
    risk 0.51cvss 7.8epss 0.00

    All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x600000E, 0x600000F, and 0x6000010 where a value passed from a user to the driver is used without validation as the index to an internal…

  • CVE-2016-8821HigDec 16, 2016
    risk 0.51cvss 7.8epss 0.00

    All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where improper access controls may allow a user to access arbitrary physical memory, leading to an escalation of privileges.

  • CVE-2016-8819HigDec 16, 2016
    risk 0.51cvss 7.8epss 0.00

    All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a handle to a kernel object may be returned to the user, leading to possible denial of service or escalation of privileges.

  • CVE-2016-8818HigDec 16, 2016
    risk 0.51cvss 7.8epss 0.00

    All versions of NVIDIA Windows GPU Display contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a pointer passed from a user to the driver is used without validation, leading to denial of service or potential escalation of privileges.

  • CVE-2016-8817HigDec 16, 2016
    risk 0.51cvss 7.8epss 0.00

    All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the size input to memcpy(), causing a buffer overflow, leading…

  • CVE-2016-8816HigDec 16, 2016
    risk 0.51cvss 7.8epss 0.00

    All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the index to an array, leading to denial of service or…

  • CVE-2016-8815HigDec 16, 2016
    risk 0.51cvss 7.8epss 0.00

    All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the index to an array, leading to denial of service or…

  • CVE-2016-8814HigDec 16, 2016
    risk 0.51cvss 7.8epss 0.00

    All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where multiple pointers are used without checking for NULL, leading to denial of service or potential escalation of privileges.

  • CVE-2016-8813HigDec 16, 2016
    risk 0.51cvss 7.8epss 0.00

    All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where multiple pointers are used without checking for NULL, leading to denial of service or potential escalation of privileges.

  • CVE-2016-9838HigDec 16, 2016
    risk 0.53cvss 7.5epss 0.14

    An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group…

  • CVE-2016-9837HigDec 16, 2016
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view allow users to view articles that should not be publicly accessible, as…

  • CVE-2016-6657HigDec 16, 2016
    risk 0.48cvss 7.4epss 0.01

    An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to…

  • CVE-2016-6656HigDec 16, 2016
    risk 0.47cvss 7.2epss 0.01

    An issue was discovered in Pivotal Greenplum before 4.3.10.0. Creation of external tables using GPHDFS protocol has a vulnerability whereby arbitrary commands can be injected into the system. In order to exploit this vulnerability the user must have superuser 'gpadmin' access to…

  • CVE-2016-9566HigDec 15, 2016
    risk 0.54cvss 7.8epss 0.05

    base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.

  • CVE-2015-6574HigDec 15, 2016
    risk 0.49cvss 7.5epss 0.05

    The SNAP Lite component in certain SISCO MMS-EASE and AX-S4 ICCP products allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet.

  • CVE-2016-7892HigKEVDec 15, 2016
    risk 0.71cvss 8.8epss 0.19

    Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-7890HigDec 15, 2016
    risk 0.58cvss 8.8epss 0.05

    Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have security bypass vulnerability in the implementation of the same origin policy.

  • CVE-2016-7889HigDec 15, 2016
    risk 0.49cvss 7.5epss 0.06

    Adobe Digital Editions versions 4.5.2 and earlier has an issue with parsing crafted XML entries that could lead to information disclosure.

  • CVE-2016-7887HigDec 15, 2016
    risk 0.49cvss 7.5epss 0.05

    Adobe ColdFusion Builder versions 2016 update 2 and earlier, 3.0.3 and earlier have an important vulnerability that could lead to information disclosure.

  • CVE-2016-7885HigDec 15, 2016
    risk 0.57cvss 8.8epss 0.03

    Adobe Experience Manager versions 6.2 and earlier have a vulnerability that could be used in Cross-Site Request Forgery attacks.

  • CVE-2016-7881HigDec 15, 2016
    risk 0.58cvss 8.8epss 0.06

    Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class when handling conversion to an object. Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-7880HigDec 15, 2016
    risk 0.58cvss 8.8epss 0.06

    Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability when setting the length property of an array object. Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-7879HigDec 15, 2016
    risk 0.58cvss 8.8epss 0.08

    Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the NetConnection class when handling an attached script object. Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-7878HigDec 15, 2016
    risk 0.58cvss 8.8epss 0.08

    Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the PSDK's MediaPlayer class. Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-7877HigDec 15, 2016
    risk 0.58cvss 8.8epss 0.06

    Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the Action Message Format serialization (AFM0). Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-7876HigDec 15, 2016
    risk 0.58cvss 8.8epss 0.05

    Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Clipboard class related to data handling functionality. Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-7875HigDec 15, 2016
    risk 0.58cvss 8.8epss 0.08

    Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable integer overflow vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-7874HigDec 15, 2016
    risk 0.58cvss 8.8epss 0.05

    Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the NetConnection class when handling the proxy types. Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-7873HigDec 15, 2016
    risk 0.58cvss 8.8epss 0.05

    Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the PSDK class related to ad policy functionality method. Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-7872HigDec 15, 2016
    risk 0.58cvss 8.8epss 0.08

    Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class related to objects at multiple presentation levels. Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-7871HigDec 15, 2016
    risk 0.58cvss 8.8epss 0.07

    Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Worker class. Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-7870HigDec 15, 2016
    risk 0.58cvss 8.8epss 0.11

    Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class for specific search strategies. Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-7869HigDec 15, 2016
    risk 0.58cvss 8.8epss 0.11

    Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to backtrack search functionality. Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-7868HigDec 15, 2016
    risk 0.58cvss 8.8epss 0.11

    Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to alternation functionality. Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-7867HigDec 15, 2016
    risk 0.58cvss 8.8epss 0.11

    Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to bookmarking in searches. Successful exploitation could lead to arbitrary code execution.

  • CVE-2016-4028HigDec 15, 2016
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle by responding with different error codes depending on whether the provided…

  • CVE-2016-3174HigDec 15, 2016
    risk 0.48cvss 7.4epss 0.01

    An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The "defer" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be provided as redirection target. Users can be tricked to follow a link to a…

  • CVE-2015-8542HigDec 15, 2016
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The "getprivkeybyid" API call is used to download a PGP Private Key for a specific user after providing authentication credentials. Clients provide the "id" and "cid" parameter to specify the current user by its…

  • CVE-2016-9035HigDec 14, 2016
    risk 0.46cvss 7.0epss 0.01

    An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a…

  • CVE-2016-9034HigDec 14, 2016
    risk 0.46cvss 7.0epss 0.01

    An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a…

  • CVE-2016-9033HigDec 14, 2016
    risk 0.46cvss 7.0epss 0.01

    An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a…

  • CVE-2016-9032HigDec 14, 2016
    risk 0.46cvss 7.0epss 0.01

    An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a…

  • CVE-2016-9031HigDec 14, 2016
    risk 0.51cvss 7.8epss 0.00

    An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a…

  • CVE-2016-8733HigDec 14, 2016
    risk 0.57cvss 8.8epss 0.01

    An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a…