VYPR

CVEs

100,082 total · page 1966 of 2,002

  • CVE-2016-4523HigKEVJun 9, 2016
    risk 0.63cvss 7.5epss 0.31

    The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified vectors.

  • CVE-2016-4370HigJun 9, 2016
    risk 0.57cvss 8.8epss 0.02

    HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before 9.32.0002 allows remote authenticated users to execute arbitrary commands or obtain sensitive information via unspecified vectors.

  • CVE-2016-3738HigJun 8, 2016
    risk 0.57cvss 8.8epss 0.02

    Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod.

  • CVE-2016-3708HigJun 8, 2016
    risk 0.46cvss 7.1epss 0.01

    Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder…

  • CVE-2016-2160HigJun 8, 2016
    risk 0.51cvss 8.8epss 0.04

    Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.

  • CVE-2016-4369HigJun 8, 2016
    risk 0.57cvss 8.8epss 0.02

    HPE Discovery and Dependency Mapping Inventory (DDMi) 9.30, 9.31, 9.32, 9.32 update 1, 9.32 update 2, and 9.32 update 3 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

  • CVE-2016-4367HigJun 8, 2016
    risk 0.49cvss 7.5epss 0.08

    The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 10.10, 10.11, 10.20, and 10.21 allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2016-4365HigJun 8, 2016
    risk 0.49cvss 7.5epss 0.04

    HPE Insight Control server deployment allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2016-4364HigJun 8, 2016
    risk 0.55cvss 8.4epss 0.01

    HPE Insight Control server deployment allows local users to gain privileges via unspecified vectors.

  • CVE-2016-4362HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE Insight Control server deployment allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

  • CVE-2016-4361HigJun 8, 2016
    risk 0.49cvss 7.5epss 0.08

    HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.20 through patch 2, and 12.50 through patch 1 allow…

  • CVE-2016-4358HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.01

    HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2029.

  • CVE-2016-4357HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2028.

  • CVE-2016-2030HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2022.

  • CVE-2016-2028HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE Matrix Operating Environment before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4357.

  • CVE-2016-2027HigJun 8, 2016
    risk 0.49cvss 7.5epss 0.04

    HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2026.

  • CVE-2016-2026HigJun 8, 2016
    risk 0.49cvss 7.5epss 0.04

    HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-2027.

  • CVE-2016-2022HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.02

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2030.

  • CVE-2016-2021HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.03

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2022, and CVE-2016-2030.

  • CVE-2016-2020HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.03

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.

  • CVE-2016-2019HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.03

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.

  • CVE-2016-2017HigJun 8, 2016
    risk 0.53cvss 8.1epss 0.03

    HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030.

  • CVE-2016-1418HigJun 8, 2016
    risk 0.51cvss 7.8epss 0.00

    Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, 1850i, 2800, and 3800 access points allows local users to obtain Linux root access via crafted CLI command parameters, aka Bug ID CSCuy64037.

  • CVE-2016-1405HigJun 8, 2016
    risk 0.49cvss 7.5epss 0.03

    libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial…

  • CVE-2015-8800HigJun 8, 2016
    risk 0.48cvss 7.3epss 0.01

    Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced…

  • CVE-2015-8799HigJun 8, 2016
    risk 0.50cvss 7.6epss 0.06

    Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection…

  • CVE-2015-8798HigJun 8, 2016
    risk 0.52cvss 8.0epss 0.03

    Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection…

  • CVE-2015-8157HigJun 8, 2016
    risk 0.57cvss 8.8epss 0.02

    SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP)…

  • CVE-2016-4545HigJun 7, 2016
    risk 0.49cvss 7.5epss 0.02

    Virtual servers in F5 BIG-IP 11.5.4, when SSL profiles are enabled, allow remote attackers to cause a denial of service (resource consumption and Traffic Management Microkernel restart) via an SSL alert during the handshake.

  • CVE-2016-3072HigJun 7, 2016
    risk 0.50cvss 8.8epss 0.02

    Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter.

  • CVE-2016-4450HigJun 7, 2016
    risk 0.50cvss 7.5epss 0.16

    os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.

  • CVE-2016-2335HigJun 7, 2016
    risk 0.58cvss 8.8epss 0.10

    The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file.

  • CVE-2015-7611HigJun 7, 2016
    risk 0.61cvss 8.1epss 0.69

    Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.

  • CVE-2015-5723HigJun 7, 2016
    risk 0.51cvss 7.8epss 0.00

    Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories,…

  • CVE-2015-5261HigJun 7, 2016
    risk 0.46cvss 7.1epss 0.00

    Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

  • CVE-2015-5260HigJun 7, 2016
    risk 0.51cvss 7.8epss 0.01

    Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.

  • CVE-2015-5228HigJun 7, 2016
    risk 0.51cvss 7.8epss 0.00

    The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path.

  • CVE-2014-9747HigJun 7, 2016
    risk 0.49cvss 7.5epss 0.03

    The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font.

  • CVE-2016-1703HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2016-1701HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.01

    The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other…

  • CVE-2016-1700HigJun 5, 2016
    risk 0.49cvss 7.5epss 0.01

    extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other…

  • CVE-2016-1697HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.02

    The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via…

  • CVE-2016-1696HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.01

    The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

  • CVE-2016-1695HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2016-1691HigJun 5, 2016
    risk 0.49cvss 7.5epss 0.01

    Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincidence runs, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted curves, related to SkOpCoincidence.cpp and…

  • CVE-2016-1690HigJun 5, 2016
    risk 0.49cvss 7.5epss 0.01

    The Autofill implementation in Google Chrome before 51.0.2704.63 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other…

  • CVE-2016-1684HigJun 5, 2016
    risk 0.49cvss 7.5epss 0.02

    numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact…

  • CVE-2016-1683HigJun 5, 2016
    risk 0.49cvss 7.5epss 0.02

    numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.

  • CVE-2016-1681HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.02

    Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.

  • CVE-2016-1680HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.01

    Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via unknown vectors.