VYPR

CVEs

100,082 total · page 1967 of 2,002

  • CVE-2016-1679HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.01

    The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote attackers to cause a denial of service (use-after-free) or possibly have…

  • CVE-2016-1678HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.02

    objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted…

  • CVE-2016-1676HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.02

    extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

  • CVE-2016-1675HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.02

    Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp.

  • CVE-2016-1674HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.02

    The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

  • CVE-2016-1673HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.02

    Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

  • CVE-2016-1672HigJun 5, 2016
    risk 0.57cvss 8.8epss 0.02

    The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via…

  • CVE-2016-4563HigJun 4, 2016
    risk 0.57cvss 8.8epss 0.03

    The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and…

  • CVE-2016-4562HigJun 4, 2016
    risk 0.57cvss 8.8epss 0.03

    The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have…

  • CVE-2016-1403HigJun 4, 2016
    risk 0.51cvss 7.8epss 0.01

    CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005.

  • CVE-2016-1391HigJun 4, 2016
    risk 0.57cvss 8.8epss 0.02

    Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) allow remote authenticated users to execute arbitrary OS commands via a…

  • CVE-2016-1390HigJun 4, 2016
    risk 0.51cvss 7.8epss 0.00

    Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow local users to obtain root access via crafted CLI input, aka Bug ID…

  • CVE-2016-3944HigJun 3, 2016
    risk 0.49cvss 7.5epss 0.02

    UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com.

  • CVE-2016-3096HigJun 3, 2016
    risk 0.44cvss 7.8epss 0.00

    The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path…

  • CVE-2016-0376HigJun 3, 2016
    risk 0.53cvss 8.1epss 0.06

    The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in…

  • CVE-2016-0363HigJun 3, 2016
    risk 0.53cvss 8.1epss 0.04

    The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the…

  • CVE-2016-5126HigJun 1, 2016
    risk 0.51cvss 7.8epss 0.01

    Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.

  • CVE-2016-4810HigJun 1, 2016
    risk 0.49cvss 7.5epss 0.01

    Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors.

  • CVE-2016-4423HigJun 1, 2016
    risk 0.49cvss 7.5epss 0.02

    The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which…

  • CVE-2016-1902HigJun 1, 2016
    risk 0.42cvss 7.5epss 0.02

    The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails,…

  • CVE-2015-8875HigJun 1, 2016
    risk 0.51cvss 7.8epss 0.03

    Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute…

  • CVE-2016-3697HigJun 1, 2016
    risk 0.44cvss 7.8epss 0.00

    libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.

  • CVE-2016-3075HigJun 1, 2016
    risk 0.49cvss 7.5epss 0.08

    Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.

  • CVE-2016-2175HigJun 1, 2016
    risk 0.51cvss 7.8epss 0.05

    Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.

  • CVE-2016-1234HigJun 1, 2016
    risk 0.49cvss 7.5epss 0.05

    Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.

  • CVE-2016-4506HigMay 31, 2016
    risk 0.52cvss 8.0epss 0.01

    Cross-site request forgery (CSRF) vulnerability on Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allows remote authenticated users to hijack the authentication of arbitrary users.

  • CVE-2016-4505HigMay 31, 2016
    risk 0.57cvss 8.8epss 0.02

    Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allow remote authenticated users to modify arbitrary passwords via unspecified vectors.

  • CVE-2016-4502HigMay 31, 2016
    risk 0.49cvss 7.5epss 0.02

    Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter.

  • CVE-2016-2295HigMay 31, 2016
    risk 0.49cvss 7.5epss 0.02

    Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices…

  • CVE-2016-2286HigMay 31, 2016
    risk 0.49cvss 7.5epss 0.01

    Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices…

  • CVE-2016-2285HigMay 31, 2016
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with…

  • CVE-2016-0879HigMay 31, 2016
    risk 0.49cvss 7.5epss 0.02

    Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL.

  • CVE-2016-0878HigMay 31, 2016
    risk 0.49cvss 7.5epss 0.02

    Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to cause a denial of service (cold start) by sending two crafted ping requests.

  • CVE-2016-0877HigMay 31, 2016
    risk 0.49cvss 7.5epss 0.02

    Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function.

  • CVE-2016-0876HigMay 31, 2016
    risk 0.49cvss 7.5epss 0.01

    Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file.

  • CVE-2016-0875HigMay 31, 2016
    risk 0.49cvss 7.5epss 0.02

    Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL.

  • CVE-2016-4118HigMay 30, 2016
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in the installer in Adobe Connect Add-In before 11.9.976.291 on Windows allows local users to gain privileges via unspecified vectors.

  • CVE-2016-2309HigMay 30, 2016
    risk 0.47cvss 7.2epss 0.01

    iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.

  • CVE-2016-2025HigMay 30, 2016
    risk 0.49cvss 7.5epss 0.04

    HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components.

  • CVE-2016-1409HigMay 29, 2016
    risk 0.49cvss 7.5epss 0.04

    The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as…

  • CVE-2016-1404HigMay 29, 2016
    risk 0.49cvss 7.5epss 0.01

    Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by sniffing network traffic…

  • CVE-2016-1410HigMay 28, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312.

  • CVE-2016-3681HigMay 26, 2016
    risk 0.51cvss 7.8epss 0.01

    Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted…

  • CVE-2016-3680HigMay 26, 2016
    risk 0.51cvss 7.8epss 0.01

    Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted…

  • CVE-2016-4791HigMay 26, 2016
    risk 0.56cvss 8.6epss 0.02

    The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via…

  • CVE-2016-4786HigMay 26, 2016
    risk 0.49cvss 7.5epss 0.02

    Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.

  • CVE-2016-4021HigMay 26, 2016
    risk 0.49cvss 7.5epss 0.02

    The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string.

  • CVE-2016-1887HigMay 25, 2016
    risk 0.54cvss 7.8epss 0.01

    Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory overwrite and kernel panic) or gain privileges via a negative buflen argument,…

  • CVE-2016-1886HigMay 25, 2016
    risk 0.54cvss 7.8epss 0.01

    Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and…

  • CVE-2015-8853HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.03

    The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."