VYPR

CVEs

11,223 total · page 207 of 225

  • CVE-2016-6309CriSep 26, 2016
    risk 0.69cvss 9.8epss 0.70

    statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.

  • CVE-2016-6980CriSep 26, 2016
    risk 0.64cvss 9.8epss 0.06

    Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4263.

  • CVE-2016-4972CriSep 26, 2016
    risk 0.57cvss 9.8epss 0.03

    OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when…

  • CVE-2016-4303CriSep 26, 2016
    risk 0.64cvss 9.8epss 0.07

    The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.

  • CVE-2016-4734CriSep 25, 2016
    risk 0.63cvss 9.6epss 0.03

    WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and…

  • CVE-2016-4702CriSep 25, 2016
    risk 0.64cvss 9.8epss 0.06

    Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

  • CVE-2016-4694CriSep 25, 2016
    risk 0.59cvss 9.1epss 0.01

    The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to…

  • CVE-2016-4658CriSep 25, 2016
    risk 0.64cvss 9.8epss 0.09

    xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of…

  • CVE-2016-6532CriSep 24, 2016
    risk 0.64cvss 9.8epss 0.03

    DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXIS_DATA SQL Server session.

  • CVE-2016-6531CriSep 24, 2016
    risk 0.64cvss 9.8epss 0.02

    Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note ... is factually false ...…

  • CVE-2016-6406CriSep 22, 2016
    risk 0.64cvss 9.8epss 0.04

    Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124, and 10.0.0-125 on Email Security Appliance (ESA) devices, when Enrollment Client before 1.0.2-065 is installed, allows remote attackers to obtain root access via a connection to…

  • CVE-2016-6374CriSep 22, 2016
    risk 0.64cvss 9.8epss 0.04

    Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers to execute arbitrary code via a crafted dnslookup command in an HTTP request, aka Bug ID CSCuz89093.

  • CVE-2016-5281CriSep 22, 2016
    risk 0.64cvss 9.8epss 0.05

    Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.

  • CVE-2016-5280CriSep 22, 2016
    risk 0.64cvss 9.8epss 0.05

    Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text.

  • CVE-2016-5277CriSep 22, 2016
    risk 0.64cvss 9.8epss 0.04

    Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper…

  • CVE-2016-5276CriSep 22, 2016
    risk 0.64cvss 9.8epss 0.04

    Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory…

  • CVE-2016-5274CriSep 22, 2016
    risk 0.64cvss 9.8epss 0.04

    Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web…

  • CVE-2016-5270CriSep 22, 2016
    risk 0.64cvss 9.8epss 0.04

    Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have…

  • CVE-2016-5257CriSep 22, 2016
    risk 0.64cvss 9.8epss 0.04

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via…

  • CVE-2016-5256CriSep 22, 2016
    risk 0.64cvss 9.8epss 0.04

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2016-6525CriSep 22, 2016
    risk 0.64cvss 9.8epss 0.04

    Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array.

  • CVE-2016-4464CriSep 21, 2016
    risk 0.64cvss 9.8epss 0.04

    The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a…

  • CVE-2016-6354CriSep 21, 2016
    risk 0.64cvss 9.8epss 0.09

    Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.

  • CVE-2015-8871CriSep 21, 2016
    risk 0.57cvss 9.8epss 0.03

    Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.

  • CVE-2016-6530CriSep 21, 2016
    risk 0.64cvss 9.8epss 0.03

    Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default passwords for the sa and cdr accounts, which allows remote attackers to obtain administrative access by leveraging knowledge of these passwords.

  • CVE-2016-0917CriSep 21, 2016
    risk 0.64cvss 9.8epss 0.04

    The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE before 8.1.9.155, and Celerra (all supported versions) does not prevent duplicate…

  • CVE-2016-0903CriSep 21, 2016
    risk 0.59cvss 9.1epss 0.03

    Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data via a modified client agent.

  • CVE-2016-6662CriSep 20, 2016
    risk 0.72cvss 9.8epss 0.68

    Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary…

  • CVE-2016-6536CriSep 19, 2016
    risk 0.64cvss 9.8epss 0.03

    The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value.

  • CVE-2016-6535CriSep 19, 2016
    risk 0.64cvss 9.8epss 0.02

    AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishing a TELNET session.

  • CVE-2016-0930CriSep 18, 2016
    risk 0.64cvss 9.8epss 0.01

    Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs…

  • CVE-2016-0922CriSep 18, 2016
    risk 0.64cvss 9.8epss 0.01

    EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack.

  • CVE-2016-0897CriSep 18, 2016
    risk 0.64cvss 9.8epss 0.01

    Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote attack vectors.

  • CVE-2016-0883CriSep 18, 2016
    risk 0.64cvss 9.8epss 0.01

    Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another…

  • CVE-2016-7417CriSep 17, 2016
    risk 0.64cvss 9.8epss 0.07

    ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.

  • CVE-2016-7415CriSep 17, 2016
    risk 0.64cvss 9.8epss 0.06

    Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long locale string.

  • CVE-2016-7414CriSep 17, 2016
    risk 0.64cvss 9.8epss 0.07

    The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other…

  • CVE-2016-7413CriSep 17, 2016
    risk 0.64cvss 9.8epss 0.07

    Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a…

  • CVE-2016-7411CriSep 17, 2016
    risk 0.64cvss 9.8epss 0.06

    ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially…

  • CVE-2016-6938CriSep 17, 2016
    risk 0.64cvss 9.8epss 0.09

    Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified…

  • CVE-2016-6937CriSep 17, 2016
    risk 0.64cvss 9.8epss 0.07

    Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via…

  • CVE-2016-5843CriSep 17, 2016
    risk 0.61cvss 9.4epss 0.03

    Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters.

  • CVE-2016-6303CriSep 16, 2016
    risk 0.66cvss 9.8epss 0.32

    Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.

  • CVE-2016-4263CriSep 16, 2016
    risk 0.64cvss 9.8epss 0.06

    Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspecified vectors.

  • CVE-2016-4262CriSep 16, 2016
    risk 0.64cvss 9.8epss 0.05

    Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, and CVE-2016-4261.

  • CVE-2016-4261CriSep 16, 2016
    risk 0.64cvss 9.8epss 0.05

    Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, and CVE-2016-4262.

  • CVE-2016-4260CriSep 16, 2016
    risk 0.64cvss 9.8epss 0.05

    Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4261, and CVE-2016-4262.

  • CVE-2016-4259CriSep 16, 2016
    risk 0.64cvss 9.8epss 0.05

    Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4260, CVE-2016-4261, and CVE-2016-4262.

  • CVE-2016-4258CriSep 16, 2016
    risk 0.64cvss 9.8epss 0.05

    Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4257, CVE-2016-4259, CVE-2016-4260, CVE-2016-4261, and CVE-2016-4262.

  • CVE-2016-4257CriSep 16, 2016
    risk 0.64cvss 9.8epss 0.05

    Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, CVE-2016-4261, and CVE-2016-4262.