VYPR

CVEs

100,075 total · page 1986 of 2,002

  • CVE-2015-7521HigJan 29, 2016
    risk 0.54cvss 8.3epss 0.06

    The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations.

  • CVE-2016-1882HigJan 29, 2016
    risk 0.49cvss 7.5epss 0.02

    FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remote attackers to cause a denial of service (kernel crash) via vectors related to creating a TCP connection with the TCP_MD5SIG and TCP_NOOPT socket options.

  • CVE-2016-1879HigJan 29, 2016
    risk 0.53cvss 7.5epss 0.14

    The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service (assertion failure or NULL pointer dereference and kernel panic)…

  • CVE-2015-8770HigJan 29, 2016
    risk 0.54cvss 7.5epss 0.22

    Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a ..…

  • CVE-2015-7464HigJan 29, 2016
    risk 0.49cvss 7.5epss 0.01

    Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote attackers to cause a denial of service (Report Builder server outage) via a crafted request to a Report Builder instance URL.

  • CVE-2015-6421HigJan 27, 2016
    risk 0.49cvss 7.5epss 0.02

    cifs-ao in the CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) devices 5.x before 5.3.5d and 5.4 and 5.5 before 5.5.3 allows remote attackers to cause a denial of service (resource consumption and device reload) via crafted…

  • CVE-2016-1983HigJan 27, 2016
    risk 0.49cvss 7.5epss 0.03

    The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header.

  • CVE-2016-1982HigJan 27, 2016
    risk 0.49cvss 7.5epss 0.03

    The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content.

  • CVE-2015-8618HigJan 27, 2016
    risk 0.49cvss 7.5epss 0.03

    The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.

  • CVE-2016-1567HigJan 26, 2016
    risk 0.53cvss 8.1epss 0.03

    chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."

  • CVE-2016-1491HigJan 26, 2016
    risk 0.57cvss 8.8epss 0.02

    The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.

  • CVE-2016-1489HigJan 26, 2016
    risk 0.52cvss 8.0epss 0.02

    Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors.

  • CVE-2016-1233HigJan 26, 2016
    risk 0.51cvss 7.8epss 0.00

    An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in…

  • CVE-2015-8379HigJan 26, 2016
    risk 0.50cvss 8.8epss 0.01

    CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.

  • CVE-2015-7974HigJan 26, 2016
    risk 0.51cvss 7.7epss 0.06

    NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."

  • CVE-2016-2052HigJan 25, 2016
    risk 0.42cvss 7.6epss 0.01

    Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check…

  • CVE-2016-1620HigJan 25, 2016
    risk 0.57cvss 8.8epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2016-1619HigJan 25, 2016
    risk 0.49cvss 7.6epss 0.01

    Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have…

  • CVE-2016-1613HigJan 25, 2016
    risk 0.49cvss 7.6epss 0.01

    Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper…

  • CVE-2016-1612HigJan 25, 2016
    risk 0.49cvss 7.6epss 0.01

    The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have…

  • CVE-2016-1572HigJan 22, 2016
    risk 0.55cvss 8.4epss 0.00

    mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.

  • CVE-2016-1570HigJan 22, 2016
    risk 0.55cvss 8.5epss 0.01

    The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1)…

  • CVE-2015-6925HigJan 22, 2016
    risk 0.49cvss 7.5epss 0.03

    wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial of service (resource consumption or traffic amplification) via a crafted DTLS cookie in a ClientHello message.

  • CVE-2016-1134HigJan 22, 2016
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices…

  • CVE-2015-7909HigJan 22, 2016
    risk 0.48cvss 7.3epss 0.01

    Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5.07, Plum A+ Infusion System 13.40, and Plum A+3 Infusion System 13.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via…

  • CVE-2015-8472HigJan 21, 2016
    risk 0.48cvss 7.3epss 0.06

    Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified…

  • CVE-2015-5516HigJan 20, 2016
    risk 0.49cvss 7.5epss 0.03

    Memory leak in the last hop kernel module in F5 BIG-IP LTM, GTM, and Link Controller 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.x before HF6, BIG-IP AAM 11.4.x, 11.5.x before 11.5.3 HF2 and 11.6.0 before HF6,…

  • CVE-2015-8705HigJan 20, 2016
    risk 0.46cvss 7.0epss 0.08

    buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option.

  • CVE-2016-1296HigJan 20, 2016
    risk 0.49cvss 7.5epss 0.02

    The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848.

  • CVE-2016-1904HigJan 19, 2016
    risk 0.41cvss 7.3epss 0.03

    Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php_escape_shell_cmd or (2) php_escape_shell_arg function, leading to a heap-based…

  • CVE-2015-8616HigJan 19, 2016
    risk 0.56cvss 8.6epss 0.02

    Use-after-free vulnerability in the Collator::sortWithSortKeys function in ext/intl/collator/collator_sort.c in PHP 7.x before 7.0.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging the relationships…

  • CVE-2015-6836HigJan 19, 2016
    risk 0.48cvss 7.3epss 0.10

    The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the…

  • CVE-2015-6833HigJan 19, 2016
    risk 0.49cvss 7.5epss 0.05

    Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.

  • CVE-2015-6832HigJan 19, 2016
    risk 0.48cvss 7.3epss 0.05

    Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.

  • CVE-2015-6831HigJan 19, 2016
    risk 0.48cvss 7.3epss 0.07

    Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled…

  • CVE-2015-6527HigJan 19, 2016
    risk 0.48cvss 7.3epss 0.04

    The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplace function.

  • CVE-2015-5590HigJan 19, 2016
    risk 0.48cvss 7.3epss 0.05

    Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as…

  • CVE-2015-4988HigJan 18, 2016
    risk 0.56cvss 8.6epss 0.03

    Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to…

  • CVE-2015-7470HigJan 17, 2016
    risk 0.49cvss 7.5epss 0.01

    Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors, as demonstrated by login information.

  • CVE-2015-6863HigJan 16, 2016
    risk 0.48cvss 7.3epss 0.02

    HPE ArcSight Logger before 6.1P1 allows remote attackers to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.

  • CVE-2016-0860HigJan 15, 2016
    risk 0.49cvss 7.5epss 0.05

    Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request.

  • CVE-2016-0858HigJan 15, 2016
    risk 0.53cvss 8.1epss 0.05

    Race condition in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted request.

  • CVE-2016-0855HigJan 15, 2016
    risk 0.49cvss 7.5epss 0.05

    Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors.

  • CVE-2016-0853HigJan 15, 2016
    risk 0.49cvss 7.5epss 0.02

    Advantech WebAccess before 8.1 allows remote attackers to obtain sensitive information via crafted input.

  • CVE-2016-0852HigJan 15, 2016
    risk 0.49cvss 7.5epss 0.02

    Advantech WebAccess before 8.1 allows remote attackers to bypass an intended administrative requirement and obtain file or folder access via unspecified vectors.

  • CVE-2016-0851HigJan 15, 2016
    risk 0.49cvss 7.5epss 0.02

    Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service (out-of-bounds memory access) via unspecified vectors.

  • CVE-2015-8281HigJan 15, 2016
    risk 0.49cvss 7.5epss 0.04

    Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows attackers to bypass filesystem encryption via XOR calculations.

  • CVE-2015-8280HigJan 15, 2016
    risk 0.49cvss 7.5epss 0.06

    Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to discover credentials by reading detailed error messages.

  • CVE-2015-8279HigJan 15, 2016
    risk 0.63cvss 8.6epss 0.51

    Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script.

  • CVE-2015-6467HigJan 15, 2016
    risk 0.53cvss 8.1epss 0.04

    Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin.