VYPR

CVEs

11,223 total · page 201 of 225

  • CVE-2017-5543CriJan 20, 2017
    risk 0.57cvss 9.8epss 0.02

    includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request.

  • CVE-2016-7794CriJan 19, 2017
    risk 0.64cvss 9.8epss 0.04

    sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository name.

  • CVE-2015-8212CriJan 19, 2017
    risk 0.64cvss 9.8epss 0.03

    CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program.

  • CVE-2016-9679CriJan 18, 2017
    risk 0.64cvss 9.8epss 0.03

    Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer.

  • CVE-2016-9678CriJan 18, 2017
    risk 0.64cvss 9.8epss 0.03

    Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors.

  • CVE-2016-9676CriJan 18, 2017
    risk 0.64cvss 9.8epss 0.04

    Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors.

  • CVE-2016-3415CriJan 18, 2017
    risk 0.59cvss 9.1epss 0.02

    Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276.

  • CVE-2016-9584CriJan 18, 2017
    risk 0.59cvss 9.1epss 0.02

    libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file.

  • CVE-2016-7996CriJan 18, 2017
    risk 0.64cvss 9.8epss 0.04

    Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.

  • CVE-2017-5519CriJan 17, 2017
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2017-5517CriJan 17, 2017
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter.

  • CVE-2016-8205CriJan 14, 2017
    risk 0.65cvss 9.8epss 0.13

    A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.

  • CVE-2016-8204CriJan 14, 2017
    risk 0.64cvss 9.8epss 0.07

    A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.

  • CVE-2016-2090CriJan 13, 2017
    risk 0.64cvss 9.8epss 0.03

    Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.

  • CVE-2015-3188CriJan 13, 2017
    risk 0.65cvss 9.8epss 0.14

    The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2016-10141CriJan 13, 2017
    risk 0.64cvss 9.8epss 0.04

    An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS before fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045. The attack requires a regular expression with nested repetition. A successful exploitation of this issue can lead to…

  • CVE-2016-9299CriJan 12, 2017
    risk 0.68cvss 9.8epss 0.97

    The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.

  • CVE-2016-3152CriJan 12, 2017
    risk 0.64cvss 9.8epss 0.03

    Barco ClickShare CSC-1 devices with firmware before 01.09.03 allow remote attackers to obtain the root password by downloading and extracting the firmware image.

  • CVE-2016-3149CriJan 12, 2017
    risk 0.64cvss 9.8epss 0.08

    Barco ClickShare CSC-1 devices with firmware before 01.09.03 and CSM-1 devices with firmware before 01.06.02 allow remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2016-8606CriJan 12, 2017
    risk 0.64cvss 9.8epss 0.04

    The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.

  • CVE-2016-7791CriJan 12, 2017
    risk 0.64cvss 9.8epss 0.04

    Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload an evil 'exploit.tar.gz' file to the website, then extract it by visiting '/install/index.php?install_sample=../../files/exploit', which leads to arbitrary code…

  • CVE-2016-7790CriJan 12, 2017
    risk 0.64cvss 9.8epss 0.04

    Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload 'php' file to the website through uploader_paste.php, then overwrite /framework/conf/config.php, which leads to arbitrary code execution.

  • CVE-2016-8459CriJan 12, 2017
    risk 0.64cvss 9.8epss 0.02

    Possible buffer overflow in storage subsystem. Bad parameters as part of listener responses to RPMB commands could lead to buffer overflow. Product: Android. Versions: Kernel 3.18. Android ID: A-32577972. References: QC-CR#988462.

  • CVE-2016-8440CriJan 12, 2017
    risk 0.64cvss 9.8epss 0.02

    Possible buffer overflow in SMMU system call. Improper input validation in ADSP SID2CB system call may result in hypervisor memory overwrite. Product: Android. Versions: Kernel 3.18. Android ID: A-31625306. References: QC-CR#1036747.

  • CVE-2016-8439CriJan 12, 2017
    risk 0.64cvss 9.8epss 0.02

    Possible buffer overflow in trust zone access control API. Buffer overflow may occur due to lack of buffer size checking. Product: Android. Versions: Kernel 3.18. Android ID: A-31625204. References: QC-CR#1027804.

  • CVE-2016-8438CriJan 12, 2017
    risk 0.64cvss 9.8epss 0.02

    Integer overflow leading to a TOCTOU condition in hypervisor PIL. An integer overflow exposes a race condition that may be used to bypass (Peripheral Image Loader) PIL authentication. Product: Android. Versions: Kernel 3.18. Android ID: A-31624565. References: QC-CR#1023638.

  • CVE-2016-8437CriJan 12, 2017
    risk 0.64cvss 9.8epss 0.02

    Improper input validation in Access Control APIs. Access control API may return memory range checking incorrectly. Product: Android. Versions: Kernel 3.18. Android ID: A-31623057. References: QC-CR#1009695.

  • CVE-2016-8398CriJan 12, 2017
    risk 0.64cvss 9.8epss 0.02

    Unauthenticated messages processed by the UE. Certain NAS messages are processed when no EPS security context exists in the UE. Product: Android. Versions: Kernel 3.18. Android ID: A-31548486. References: QC-CR#877705.

  • CVE-2016-10131CriJan 12, 2017
    risk 0.57cvss 9.8epss 0.03

    system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments.

  • CVE-2016-7479CriJan 12, 2017
    risk 0.67cvss 9.8epss 0.42

    In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.

  • CVE-2017-5209CriJan 11, 2017
    risk 0.59cvss 9.1epss 0.03

    The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data.

  • CVE-2016-7480CriJan 11, 2017
    risk 0.67cvss 9.8epss 0.42

    The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.

  • CVE-2017-5340CriJan 11, 2017
    risk 0.65cvss 9.8epss 0.17

    Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary…

  • CVE-2016-6830CriJan 10, 2017
    risk 0.64cvss 9.8epss 0.02

    The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This…

  • CVE-2015-4594CriJan 10, 2017
    risk 0.67cvss 9.8epss 0.06

    eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID.

  • CVE-2016-10126CriJan 10, 2017
    risk 0.64cvss 9.8epss 0.04

    Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token…

  • CVE-2016-9885CriJan 6, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly accessible. Because…

  • CVE-2016-8705CriJan 6, 2017
    risk 0.65cvss 9.8epss 0.20

    Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.

  • CVE-2016-8704CriJan 6, 2017
    risk 0.66cvss 9.8epss 0.23

    An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.

  • CVE-2016-4336CriJan 6, 2017
    risk 0.64cvss 9.8epss 0.04

    An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted Bzip2 document can lead to a stack-based buffer overflow causing an out-of-bounds write which under the right circumstance could…

  • CVE-2016-2339CriJan 6, 2017
    risk 0.64cvss 9.8epss 0.05

    An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element…

  • CVE-2016-2337CriJan 6, 2017
    risk 0.64cvss 9.8epss 0.06

    Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.

  • CVE-2016-2336CriJan 6, 2017
    risk 0.64cvss 9.8epss 0.03

    Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.

  • CVE-2015-2868CriJan 6, 2017
    risk 0.64cvss 9.8epss 0.07

    An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that can overflow a fixed size stack…

  • CVE-2015-2867CriJan 6, 2017
    risk 0.64cvss 9.8epss 0.05

    A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system.

  • CVE-2016-6890CriJan 5, 2017
    risk 0.64cvss 9.8epss 0.06

    Heap-based buffer overflow in MatrixSSL before 3.8.6 allows remote attackers to execute arbitrary code via a crafted Subject Alt Name in an X.509 certificate.

  • CVE-2016-7399CriJan 4, 2017
    risk 0.64cvss 9.8epss 0.05

    scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense.

  • CVE-2016-9936CriJan 4, 2017
    risk 0.64cvss 9.8epss 0.04

    The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete…

  • CVE-2016-9935CriJan 4, 2017
    risk 0.64cvss 9.8epss 0.07

    The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket…

  • CVE-2016-9138CriJan 4, 2017
    risk 0.64cvss 9.8epss 0.04

    PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with…