VYPR

CVEs

100,075 total · page 1988 of 2,002

  • CVE-2015-8765HigJan 8, 2016
    risk 0.54cvss 8.3epss 0.03

    Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix 1106041 allow remote attackers to execute arbitrary code via a crafted serialized Java object, related to the Apache Commons Collections (ACC)…

  • CVE-2015-4694HigJan 8, 2016
    risk 0.57cvss 8.6epss 0.16

    Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the za_file parameter.

  • CVE-2014-8886HigJan 8, 2016
    risk 0.53cvss 8.1epss 0.06

    AVM FRITZ!OS before 6.30 extracts the contents of firmware updates before verifying their cryptographic signature, which allows remote attackers to create symlinks or overwrite critical files, and consequently execute arbitrary code, via a crafted firmware image.

  • CVE-2015-8754HigJan 8, 2016
    risk 0.49cvss 7.5epss 0.01

    The Mollom module 6.x-2.7 before 6.x-2.15 for Drupal allows remote attackers to bypass intended access restrictions and modify the mollom blacklist via unspecified vectors.

  • CVE-2015-8612HigJan 8, 2016
    risk 0.58cvss 8.4epss 0.06

    The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcp_handler argument.

  • CVE-2015-8597HigJan 8, 2016
    risk 0.48cvss 7.4epss 0.02

    Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a "clear text" one in…

  • CVE-2015-8547HigJan 8, 2016
    risk 0.42cvss 7.5epss 0.03

    The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query.

  • CVE-2015-7754HigJan 8, 2016
    risk 0.53cvss 8.1epss 0.04

    Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation.

  • CVE-2015-7362HigJan 8, 2016
    risk 0.51cvss 7.8epss 0.00

    Fortinet FortiClient Linux SSLVPN before build 2313, when installed on Linux in a home directory that is world readable and executable, allows local users to gain privileges via the helper/subroc setuid program.

  • CVE-2015-6856HigJan 8, 2016
    risk 0.51cvss 7.8epss 0.01

    Dell Pre-Boot Authentication Driver (PBADRV.sys) 1.0.1.5 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x0022201c IOCTL call.

  • CVE-2015-5259HigJan 8, 2016
    risk 0.60cvss 8.6epss 0.57

    Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read.

  • CVE-2016-1131HigJan 8, 2016
    risk 0.51cvss 7.8epss 0.02

    Buffer overflow in the CL_vsprintf function in Takumi Yamada DX Library before 3.16 allows remote attackers to execute arbitrary code via a crafted string.

  • CVE-2015-6862HigJan 8, 2016
    risk 0.55cvss 8.4epss 0.01

    HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors.

  • CVE-2015-6647HigJan 6, 2016
    risk 0.51cvss 7.8epss 0.01

    The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554.

  • CVE-2015-6640HigJan 6, 2016
    risk 0.51cvss 7.8epss 0.01

    The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service (vma list corruption)…

  • CVE-2015-6639HigJan 6, 2016
    risk 0.54cvss 7.8epss 0.07

    The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.

  • CVE-2015-6638HigJan 6, 2016
    risk 0.51cvss 7.8epss 0.00

    The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908.

  • CVE-2015-6637HigJan 6, 2016
    risk 0.51cvss 7.8epss 0.01

    The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013.

  • CVE-2015-6861HigJan 5, 2016
    risk 0.49cvss 7.5epss 0.01

    HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated users to bypass an intended AssumeRole permission requirement and assume an IAM role by leveraging a policy setting for a user's account.

  • CVE-2015-6860HigJan 5, 2016
    risk 0.55cvss 8.4epss 0.01

    HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859.

  • CVE-2015-6859HigJan 5, 2016
    risk 0.51cvss 7.8epss 0.00

    HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6860.

  • CVE-2015-5446HigJan 5, 2016
    risk 0.49cvss 7.5epss 0.03

    HP StoreOnce Backup system software before 3.13.1 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2015-5445HigJan 5, 2016
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

  • CVE-2015-6432HigJan 5, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service (device reload) via a crafted…

  • CVE-2015-5038HigJan 3, 2016
    risk 0.49cvss 7.5epss 0.01

    IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 does not properly detect recursion during XML entity expansion, which allows remote attackers to cause a denial of service (CPU consumption and application crash) via a crafted XML…

  • CVE-2015-5003HigJan 3, 2016
    risk 0.56cvss 8.5epss 0.03

    The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input.

  • CVE-2015-8027HigJan 2, 2016
    risk 0.49cvss 7.5epss 0.05

    Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP request.

  • CVE-2015-7430HigJan 2, 2016
    risk 0.55cvss 8.4epss 0.01

    The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via unspecified vectors.

  • CVE-2015-7407HigJan 2, 2016
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Lotus Mashups in IBM Mashup Center 3.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

  • CVE-2015-7400HigJan 2, 2016
    risk 0.50cvss 7.7epss 0.03

    The Lotus Mashups component in IBM Mashup Center 3.0.0.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

  • CVE-2015-2023HigJan 2, 2016
    risk 0.60cvss 8.8epss 0.02

    Buffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified vectors.

  • CVE-2015-7442HigJan 2, 2016
    risk 0.46cvss 7.0epss 0.00

    consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utility before 1.7.4.4 and 1.8.x before 1.8.4 allows local users to gain privileges via a Trojan horse program that is located in /tmp with a name based on a predicted PID value.

  • CVE-2015-7429HigJan 2, 2016
    risk 0.55cvss 8.5epss 0.01

    The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1…

  • CVE-2015-5018HigJan 2, 2016
    risk 0.52cvss 8.0epss 0.03

    IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands by leveraging Local Management Interface (LMI) access.

  • CVE-2015-7410HigJan 1, 2016
    risk 0.48cvss 7.4epss 0.01

    The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.

  • CVE-2015-7489HigJan 1, 2016
    risk 0.51cvss 7.8epss 0.00

    IBM SPSS Statistics 22.0.0.2 before IF10 and 23.0.0.2 before IF7 uses weak permissions (Everyone: Write) for Python scripts, which allows local users to gain privileges by modifying a script.

  • CVE-2015-5990HigDec 31, 2015
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users.

  • CVE-2015-5987HigDec 31, 2015
    risk 0.56cvss 8.6epss 0.01

    Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value.

  • CVE-2015-1947HigDec 31, 2015
    risk 0.48cvss 7.4epss 0.00

    Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, allows local users to gain privileges via a Trojan horse library that is loaded by a setuid or setgid program.

  • CVE-2015-7284HigDec 31, 2015
    risk 0.52cvss 8.0epss 0.01

    Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 allows remote attackers to hijack the authentication of arbitrary users.

  • CVE-2015-7283HigDec 31, 2015
    risk 0.53cvss 8.1epss 0.04

    The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a default password of 1234 for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.

  • CVE-2015-7281HigDec 31, 2015
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability on ReadyNet WRT300N-DD devices with firmware 1.0.26 allows remote attackers to hijack the authentication of arbitrary users.

  • CVE-2015-7278HigDec 31, 2015
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability on Amped Wireless R10000 devices with firmware 2.5.2.11 allows remote attackers to hijack the authentication of arbitrary users.

  • CVE-2015-6020HigDec 31, 2015
    risk 0.52cvss 8.0epss 0.02

    ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account.

  • CVE-2015-6019HigDec 31, 2015
    risk 0.55cvss 8.5epss 0.03

    The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.

  • CVE-2015-5996HigDec 31, 2015
    risk 0.60cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users.

  • CVE-2015-2912HigDec 31, 2015
    risk 0.57cvss 8.8epss 0.01

    The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information,…

  • CVE-2015-2895HigDec 31, 2015
    risk 0.48cvss 7.3epss 0.02

    Buffer overflow in the up.time client in Idera Uptime Infrastructure Monitor 7.4 might allow remote attackers to execute arbitrary code via long command input.

  • CVE-2015-2876HigDec 31, 2015
    risk 0.57cvss 8.8epss 0.03

    Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2…

  • CVE-2015-2875HigDec 31, 2015
    risk 0.49cvss 7.5epss 0.03

    Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download…