VYPR

CVEs

11,223 total · page 208 of 225

  • CVE-2016-4256CriSep 16, 2016
    risk 0.64cvss 9.8epss 0.05

    Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, CVE-2016-4261, and CVE-2016-4262.

  • CVE-2016-2182CriSep 16, 2016
    risk 0.67cvss 9.8epss 0.44

    The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown…

  • CVE-2016-6394CriSep 12, 2016
    risk 0.59cvss 9.1epss 0.01

    Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503.

  • CVE-2016-7134CriSep 12, 2016
    risk 0.64cvss 9.8epss 0.05

    ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service (allocation error and heap-based buffer overflow) or possibly have unspecified other impact via a long string that is…

  • CVE-2016-7129CriSep 12, 2016
    risk 0.64cvss 9.8epss 0.07

    The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a…

  • CVE-2016-7127CriSep 12, 2016
    risk 0.64cvss 9.8epss 0.07

    The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different…

  • CVE-2016-7126CriSep 12, 2016
    risk 0.64cvss 9.8epss 0.09

    The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have…

  • CVE-2016-7124CriSep 12, 2016
    risk 0.65cvss 9.8epss 0.16

    ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or…

  • CVE-2016-3877CriSep 11, 2016
    risk 0.64cvss 9.8epss 0.01

    Unspecified vulnerability in Android before 2016-09-01 has unknown impact and attack vectors.

  • CVE-2016-4573CriSep 9, 2016
    risk 0.64cvss 9.8epss 0.05

    Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D-FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D,…

  • CVE-2016-1279CriSep 9, 2016
    risk 0.64cvss 9.8epss 0.03

    J-Web in Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X47-D35, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D25, 13.3 before 13.3R10, 13.3R9 before 13.3R9-S1, 14.1 before 14.1R7, 14.1X53 before 14.1X53-D35, 14.2 before 14.2R6, 15.1 before 15.1A2 or 15.1F4,…

  • CVE-2016-4375CriSep 8, 2016
    risk 0.64cvss 9.8epss 0.03

    Multiple unspecified vulnerabilities in HPE Integrated Lights-Out 3 (aka iLO 3) firmware before 1.88, Integrated Lights-Out 4 (aka iLO 4) firmware before 2.44, and Integrated Lights-Out 4 (aka iLO 4) mRCA firmware before 2.32 allow remote attackers to obtain sensitive…

  • CVE-2016-7110CriSep 7, 2016
    risk 0.64cvss 9.8epss 0.03

    Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7109.

  • CVE-2016-7109CriSep 7, 2016
    risk 0.64cvss 9.8epss 0.04

    Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7110.

  • CVE-2016-6825CriSep 7, 2016
    risk 0.64cvss 9.8epss 0.02

    Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R003C00SPC515 allow remote…

  • CVE-2016-5022CriSep 7, 2016
    risk 0.64cvss 9.8epss 0.03

    F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before…

  • CVE-2016-7112CriSep 6, 2016
    risk 0.64cvss 9.8epss 0.03

    A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03;…

  • CVE-2015-5721CriSep 3, 2016
    risk 0.57cvss 9.8epss 0.03

    Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.

  • CVE-2015-5719CriSep 3, 2016
    risk 0.57cvss 9.8epss 0.02

    app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors.

  • CVE-2016-5636CriSep 2, 2016
    risk 0.66cvss 9.8epss 0.26

    Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.

  • CVE-2016-1473CriSep 2, 2016
    risk 0.64cvss 9.8epss 0.04

    Cisco Small Business 220 devices with firmware before 1.0.1.1 have a hardcoded SNMP community, which allows remote attackers to read or modify SNMP objects by leveraging knowledge of this community, aka Bug ID CSCuz76216.

  • CVE-2016-5678CriAug 31, 2016
    risk 0.67cvss 9.8epss 0.09

    NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors.

  • CVE-2016-5675CriAug 31, 2016
    risk 0.72cvss 9.8epss 0.71

    handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.

  • CVE-2016-5674CriAug 31, 2016
    risk 0.74cvss 9.8epss 0.95

    __debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.

  • CVE-2016-5336CriAug 31, 2016
    risk 0.64cvss 9.8epss 0.03

    VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2016-5333CriAug 31, 2016
    risk 0.64cvss 9.8epss 0.03

    VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.

  • CVE-2016-6195CriAug 30, 2016
    risk 0.72cvss 9.8epss 0.68

    SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in…

  • CVE-2016-7115CriAug 30, 2016
    risk 0.64cvss 9.8epss 0.05

    Buffer overflow in the handle_packet function in mactelnet.c in the client in MAC-Telnet 0.4.3 and earlier allows remote TELNET servers to execute arbitrary code via a long string in an MT_CPTYPE_PASSSALT control packet.

  • CVE-2016-5344CriAug 30, 2016
    risk 0.64cvss 9.8epss 0.02

    Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other impact via a large size…

  • CVE-2016-5050CriAug 26, 2016
    risk 0.64cvss 9.8epss 0.03

    Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary code by uploading and requesting a .aspx file.

  • CVE-2016-5048CriAug 26, 2016
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary SQL commands via the user name field.

  • CVE-2016-4270CriAug 26, 2016
    risk 0.64cvss 9.8epss 0.06

    Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via…

  • CVE-2016-4269CriAug 26, 2016
    risk 0.64cvss 9.8epss 0.06

    Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via…

  • CVE-2016-4268CriAug 26, 2016
    risk 0.64cvss 9.8epss 0.06

    Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via…

  • CVE-2016-4267CriAug 26, 2016
    risk 0.64cvss 9.8epss 0.06

    Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via…

  • CVE-2016-4266CriAug 26, 2016
    risk 0.64cvss 9.8epss 0.06

    Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via…

  • CVE-2016-4265CriAug 26, 2016
    risk 0.64cvss 9.8epss 0.06

    Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via…

  • CVE-2016-4119CriAug 26, 2016
    risk 0.64cvss 9.8epss 0.04

    Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via…

  • CVE-2016-5681CriAug 25, 2016
    risk 0.65cvss 9.8epss 0.12

    Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14,…

  • CVE-2016-6909CriAug 24, 2016
    risk 0.71cvss 9.8epss 0.50

    Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.

  • CVE-2016-5799CriAug 24, 2016
    risk 0.64cvss 9.8epss 0.04

    Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.

  • CVE-2016-5081CriAug 24, 2016
    risk 0.64cvss 9.8epss 0.03

    ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, which makes it easier for remote attackers to obtain access via a TELNET session.

  • CVE-2016-5817CriAug 22, 2016
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2016-6493CriAug 19, 2016
    risk 0.64cvss 9.8epss 0.02

    Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission.

  • CVE-2016-6254CriAug 19, 2016
    risk 0.60cvss 9.1epss 0.06

    Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet.

  • CVE-2015-8949CriAug 19, 2016
    risk 0.57cvss 9.8epss 0.04

    Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.

  • CVE-2014-9906CriAug 19, 2016
    risk 0.57cvss 9.8epss 0.06

    Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.

  • CVE-2016-5408CriAug 10, 2016
    risk 0.64cvss 9.8epss 0.04

    Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this vulnerability exists because of an…

  • CVE-2016-3312CriAug 9, 2016
    risk 0.60cvss 9.1epss 0.10

    ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attackers to discover credentials by leveraging failure of Universal Outlook to obtain a secure connection, aka "Universal Outlook Information Disclosure Vulnerability."

  • CVE-2016-5792CriAug 8, 2016
    risk 0.64cvss 9.8epss 0.03

    SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields.