VYPR

CVEs

100,075 total · page 1934 of 2,002

  • CVE-2016-6277HigKEVDec 14, 2016
    risk 0.80cvss 8.8epss 1.00

    NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly…

  • CVE-2016-9215HigDec 14, 2016
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Cisco IOS XR Software could allow an authenticated, local attacker to log in to the device with the privileges of the root user. More Information: CSCva38434. Known Affected Releases: 6.1.1.BASE.

  • CVE-2016-9212HigDec 14, 2016
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer (SSL) or Transport Layer Security…

  • CVE-2016-9211HigDec 14, 2016
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in TCP port management in Cisco ONS 15454 Series Multiservice Provisioning Platforms could allow an unauthenticated, remote attacker to cause the controller card to unexpectedly reload. More Information: CSCuw26032. Known Affected Releases: 10.51.

  • CVE-2016-9210HigDec 14, 2016
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Releases: 11.5(1.11007.2).…

  • CVE-2016-9205HigDec 14, 2016
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting in a denial of service (DoS) condition. More Information: CSCvb14425. Known…

  • CVE-2016-9203HigDec 14, 2016
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the ipsecmgr process. More Information: CSCvb38398. Known Affected Releases: 20.2.3 20.2.3.65026. Known…

  • CVE-2016-9201HigDec 14, 2016
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based on the configuration. More Information: CSCuz21015. Known Affected Releases:…

  • CVE-2016-9198HigDec 14, 2016
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the Active Directory integration component of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack. More Information: CSCuw15041. Known Affected Releases: 1.2(1.199).

  • CVE-2016-9193HigDec 14, 2016
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco…

  • CVE-2016-9192HigDec 14, 2016
    risk 0.51cvss 7.8epss 0.03

    A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. More Information:…

  • CVE-2016-6474HigDec 14, 2016
    risk 0.48cvss 7.3epss 0.01

    A vulnerability in the implementation of X.509 Version 3 for SSH authentication functionality in Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on an affected system. More Information: CSCuv89417. Known Affected Releases:…

  • CVE-2016-6470HigDec 14, 2016
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the installation procedure of the Cisco Hybrid Media Service could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSCvb81344. Known Affected Releases: 1.0.

  • CVE-2016-6469HigDec 14, 2016
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) vulnerability due to the proxy process unexpectedly restarting. More Information: CSCvb04312. Known…

  • CVE-2016-6468HigDec 14, 2016
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvb06663. Known…

  • CVE-2016-6467HigDec 14, 2016
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit (NPU) process. More Information: CSCva84552.…

  • CVE-2016-6464HigDec 14, 2016
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted. More Information: CSCva49629. Known Affected Releases:…

  • CVE-2016-6449HigDec 14, 2016
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the system management of certain FireAMP system processes in Cisco FireAMP Connector Endpoint software could allow an authenticated, local attacker to stop certain protected FireAMP processes without requiring a password. Stopping certain critical processes…

  • CVE-2016-2334HigDec 13, 2016
    risk 0.52cvss 7.8epss 0.15

    Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.

  • CVE-2016-6664HigDec 13, 2016
    risk 0.49cvss 7.0epss 0.03

    mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before…

  • CVE-2016-6663HigDec 13, 2016
    risk 0.49cvss 7.0epss 0.04

    Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and…

  • CVE-2016-7952HigDec 13, 2016
    risk 0.49cvss 7.5epss 0.02

    X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data.

  • CVE-2016-7946HigDec 13, 2016
    risk 0.49cvss 7.5epss 0.03

    X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields.

  • CVE-2016-7945HigDec 13, 2016
    risk 0.49cvss 7.5epss 0.03

    Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.

  • CVE-2016-6706HigDec 13, 2016
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain…

  • CVE-2016-6699HigDec 13, 2016
    risk 0.51cvss 7.8epss 0.01

    A remote code execution vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the…

  • CVE-2016-5647HigDec 13, 2016
    risk 0.51cvss 7.8epss 0.01

    The igdkmd64 module in the Intel Graphics Driver through 15.33.42.435, 15.36.x through 15.36.30.4385, and 15.40.x through 15.40.4404 on Windows allows local users to cause a denial of service (crash) or gain privileges via a crafted D3DKMTEscape request.

  • CVE-2015-3418HigDec 13, 2016
    risk 0.49cvss 7.5epss 0.02

    The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request.

  • CVE-2015-3217HigDec 13, 2016
    risk 0.49cvss 7.5epss 0.06

    PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.

  • CVE-2016-6491HigDec 13, 2016
    risk 0.58cvss 8.8epss 0.05

    Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.

  • CVE-2016-5842HigDec 13, 2016
    risk 0.49cvss 7.5epss 0.06

    MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.

  • CVE-2016-5688HigDec 13, 2016
    risk 0.53cvss 8.1epss 0.05

    The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex…

  • CVE-2016-9937HigDec 12, 2016
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call…

  • CVE-2016-9429HigDec 12, 2016
    risk 0.58cvss 8.8epss 0.04

    An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Buffer overflow in the formUpdateBuffer function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.

  • CVE-2016-9428HigDec 12, 2016
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.

  • CVE-2016-9426HigDec 12, 2016
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Integer overflow vulnerability in the renderTable function in w3m allows remote attackers to cause a denial of service (OOM) and possibly execute arbitrary code due to bdwgc's bug (CVE-2016-9427) via a…

  • CVE-2016-9425HigDec 12, 2016
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.

  • CVE-2016-9424HigDec 12, 2016
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m doesn't properly validate the value of tag attribute, which allows remote attackers to cause a denial of service (heap buffer overflow crash) and possibly execute arbitrary code via a crafted HTML…

  • CVE-2016-9423HigDec 12, 2016
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.

  • CVE-2016-9422HigDec 12, 2016
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. The feed_table_tag function in w3m doesn't properly validate the value of table span, which allows remote attackers to cause a denial of service (stack and/or heap buffer overflow) and possibly execute…

  • CVE-2016-9864HigDec 11, 2016
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration…

  • CVE-2016-9863HigDec 11, 2016
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is possible to invoke a Denial of Service (DoS) attack. All 4.6.x versions (prior to 4.6.5) are affected.

  • CVE-2016-9862HigDec 11, 2016
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected.

  • CVE-2016-9861HigDec 11, 2016
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

  • CVE-2016-6633HigDec 11, 2016
    risk 0.53cvss 8.1epss 0.04

    An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior…

  • CVE-2016-6631HigDec 11, 2016
    risk 0.49cvss 7.5epss 0.05

    An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the…

  • CVE-2016-6619HigDec 11, 2016
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17)…

  • CVE-2016-6617HigDec 11, 2016
    risk 0.53cvss 8.1epss 0.02

    An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4) are affected.

  • CVE-2016-6616HigDec 11, 2016
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected.

  • CVE-2016-6611HigDec 11, 2016
    risk 0.53cvss 8.1epss 0.02

    An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17)…