VYPR

CVEs

100,082 total · page 1947 of 2,002

  • CVE-2016-5017HigSep 21, 2016
    risk 0.53cvss 8.1epss 0.08

    Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string.

  • CVE-2016-4965HigSep 21, 2016
    risk 0.58cvss 8.8epss 0.04

    Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php.

  • CVE-2016-4809HigSep 21, 2016
    risk 0.49cvss 7.5epss 0.05

    The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.

  • CVE-2016-4302HigSep 21, 2016
    risk 0.51cvss 7.8epss 0.05

    Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.

  • CVE-2016-4301HigSep 21, 2016
    risk 0.51cvss 7.8epss 0.04

    Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.

  • CVE-2016-4300HigSep 21, 2016
    risk 0.51cvss 7.8epss 0.05

    Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.

  • CVE-2016-4384HigSep 21, 2016
    risk 0.56cvss 8.6epss 0.04

    HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors.

  • CVE-2016-4382HigSep 21, 2016
    risk 0.54cvss 8.3epss 0.02

    HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to a "remote user validation failure" issue.

  • CVE-2016-0920HigSep 21, 2016
    risk 0.51cvss 7.8epss 0.00

    Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration.

  • CVE-2016-0904HigSep 21, 2016
    risk 0.56cvss 8.6epss 0.01

    Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive client-server…

  • CVE-2015-8960HigSep 21, 2016
    risk 0.53cvss 8.1epss 0.02

    The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server…

  • CVE-2016-6802HigSep 20, 2016
    risk 0.43cvss 7.5epss 0.10

    Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path.

  • CVE-2015-8931HigSep 20, 2016
    risk 0.51cvss 7.8epss 0.02

    Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.

  • CVE-2015-8930HigSep 20, 2016
    risk 0.49cvss 7.5epss 0.04

    bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.

  • CVE-2015-8921HigSep 20, 2016
    risk 0.50cvss 7.5epss 0.12

    The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.

  • CVE-2015-8919HigSep 20, 2016
    risk 0.49cvss 7.5epss 0.05

    The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.

  • CVE-2015-8918HigSep 20, 2016
    risk 0.49cvss 7.5epss 0.04

    The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."

  • CVE-2015-8917HigSep 20, 2016
    risk 0.49cvss 7.5epss 0.04

    bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file.

  • CVE-2016-6537HigSep 19, 2016
    risk 0.49cvss 7.5epss 0.01

    AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings.

  • CVE-2016-6415HigKEVSep 19, 2016
    risk 0.71cvss 7.5epss 0.88

    The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA)…

  • CVE-2016-5814HigSep 19, 2016
    risk 0.56cvss 8.6epss 0.05

    Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSLogix Micro Developer, RSLogix 500 Starter Edition, RSLogix 500 Standard Edition, and RSLogix 500 Professional Edition allows remote attackers to execute arbitrary code via a crafted RSS project file.

  • CVE-2016-4860HigSep 19, 2016
    risk 0.48cvss 7.3epss 0.03

    Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic Designer connections, which allows remote attackers to reconfigure the device or cause a denial of service via a (1) stop application program, (2) change value, or (3) modify…

  • CVE-2016-4526HigSep 19, 2016
    risk 0.49cvss 7.5epss 0.00

    ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privileges by replacing a DLL file in the package directory.

  • CVE-2016-1483HigSep 19, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco WebEx Meetings Server 2.6 allows remote attackers to cause a denial of service (CPU consumption) by repeatedly accessing the account-validation component of an unspecified service, aka Bug ID CSCuy92704.

  • CVE-2016-6402HigSep 18, 2016
    risk 0.51cvss 7.8epss 0.00

    UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d) allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263.

  • CVE-2016-4705HigSep 18, 2016
    risk 0.51cvss 7.8epss 0.00

    otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4704.

  • CVE-2016-4704HigSep 18, 2016
    risk 0.51cvss 7.8epss 0.00

    otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4705.

  • CVE-2016-6641HigSep 18, 2016
    risk 0.49cvss 7.6epss 0.01

    Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-6639HigSep 18, 2016
    risk 0.49cvss 7.5epss 0.02

    Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might…

  • CVE-2016-0929HigSep 18, 2016
    risk 0.49cvss 7.5epss 0.01

    The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry (PCF) 1.6.x before 1.6.4 logs command lines of failed commands, which might allow context-dependent attackers to obtain sensitive information by reading the log data, as demonstrated by a syslog message that…

  • CVE-2016-0928HigSep 18, 2016
    risk 0.48cvss 7.4epss 0.01

    Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

  • CVE-2016-0923HigSep 18, 2016
    risk 0.49cvss 7.5epss 0.02

    The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by…

  • CVE-2016-0896HigSep 18, 2016
    risk 0.48cvss 7.3epss 0.01

    Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254…

  • CVE-2016-7418HigSep 17, 2016
    risk 0.50cvss 7.5epss 0.11

    The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a…

  • CVE-2016-7416HigSep 17, 2016
    risk 0.49cvss 7.5epss 0.07

    ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have…

  • CVE-2016-7412HigSep 17, 2016
    risk 0.53cvss 8.1epss 0.09

    ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via…

  • CVE-2016-1482HigSep 17, 2016
    risk 0.53cvss 8.1epss 0.04

    Cisco WebEx Meetings Server 2.6 allows remote attackers to execute arbitrary commands by injecting these commands into an application script, aka Bug ID CSCuy83130.

  • CVE-2016-6407HigSep 17, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (link saturation) by making many HTTP requests for overlapping byte ranges simultaneously, aka Bug ID CSCuz27219.

  • CVE-2016-6936HigSep 16, 2016
    risk 0.49cvss 7.5epss 0.04

    Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support Android runtime-analytics transport security, which might allow remote attackers to obtain sensitive information by leveraging access to a network over which analytics data is sent.

  • CVE-2016-6302HigSep 16, 2016
    risk 0.51cvss 7.5epss 0.26

    The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.

  • CVE-2016-2181HigSep 16, 2016
    risk 0.51cvss 7.5epss 0.23

    The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records,…

  • CVE-2016-2179HigSep 16, 2016
    risk 0.51cvss 7.5epss 0.27

    The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions…

  • CVE-2016-6932HigSep 14, 2016
    risk 0.58cvss 8.8epss 0.06

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272,…

  • CVE-2016-6931HigSep 14, 2016
    risk 0.58cvss 8.8epss 0.07

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272,…

  • CVE-2016-6930HigSep 14, 2016
    risk 0.58cvss 8.8epss 0.06

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272,…

  • CVE-2016-6929HigSep 14, 2016
    risk 0.58cvss 8.8epss 0.06

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272,…

  • CVE-2016-6927HigSep 14, 2016
    risk 0.58cvss 8.8epss 0.06

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272,…

  • CVE-2016-6926HigSep 14, 2016
    risk 0.58cvss 8.8epss 0.06

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272,…

  • CVE-2016-6925HigSep 14, 2016
    risk 0.58cvss 8.8epss 0.06

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272,…

  • CVE-2016-6924HigSep 14, 2016
    risk 0.58cvss 8.8epss 0.04

    Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than…