VYPR

CVEs

31,277 total · page 456 of 626

  • CVE-2019-14017CriJan 21, 2020
    risk 0.64cvss 9.8epss 0.01

    Heap buffer overflow can occur while parsing invalid MKV clip which is not standard and have invalid vorbis codec data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,…

  • CVE-2019-14016CriJan 21, 2020
    risk 0.64cvss 9.8epss 0.01

    Integer overflow occurs while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009,…

  • CVE-2019-14014CriJan 21, 2020
    risk 0.64cvss 9.8epss 0.01

    Possible buffer overflow when byte array receives incorrect input from reading source as array is not null terminated in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Nicobar, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR2130

  • CVE-2019-14013CriJan 21, 2020
    risk 0.64cvss 9.8epss 0.01

    While parsing invalid super index table, elements within super index table may exceed total chunk size and invalid data is read into the table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,…

  • CVE-2019-14006CriJan 21, 2020
    risk 0.64cvss 9.8epss 0.01

    Buffer overflow occur while playing the clip which is nonstandard due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music,…

  • CVE-2019-14005CriJan 21, 2020
    risk 0.64cvss 9.8epss 0.01

    Buffer overflow occur while playing the clip which is nonstandard due to lack of check of size duration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &…

  • CVE-2019-14004CriJan 21, 2020
    risk 0.64cvss 9.8epss 0.01

    Buffer overflow occurs while processing invalid MKV clip, which has invalid EBML size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon…

  • CVE-2019-10611CriJan 21, 2020
    risk 0.64cvss 9.8epss 0.01

    Buffer overflow can occur while processing clip due to lack of check of object size before parsing in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music,…

  • CVE-2019-10581CriJan 21, 2020
    risk 0.64cvss 9.8epss 0.01

    NULL is assigned to local instance of audio device pointer after free instead of global static pointer and can lead to use after free issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables…

  • CVE-2019-10579CriJan 21, 2020
    risk 0.59cvss 9.1epss 0.01

    Buffer over-read can occur while playing the video clip which is not standard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in…

  • CVE-2019-10532CriJan 21, 2020
    risk 0.64cvss 9.8epss 0.01

    Null-pointer dereference issue can occur while calculating string length when source string length is zero in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon…

  • CVE-2020-7233CriJan 19, 2020
    risk 0.64cvss 9.8epss 0.02

    KMS Controls BAC-A1616BC BACnet devices have a cleartext password of snowman in the BACKDOOR_NAME variable in the BC_Logon.swf file.

  • CVE-2014-5007CriJan 17, 2020
    risk 0.70cvss 9.8epss 0.37

    Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot…

  • CVE-2019-17634CriJan 17, 2020
    risk 0.59cvss 9.0epss 0.02

    Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. The user must chose todownload, open the malicious heap dump and generate an HTML report for the problem to…

  • CVE-2019-15855CriJan 17, 2020
    risk 0.59cvss 9.1epss 0.02

    An issue was discovered in Maarch RM before 2.5. A path traversal vulnerability allows an unauthenticated remote attacker to overwrite any files with a crafted POST request if the default installation procedure was followed. This results in a permanent Denial of Service.

  • CVE-2019-17361CriJan 17, 2020
    risk 0.65cvss 9.8epss 0.15

    In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.

  • CVE-2020-7048CriJan 16, 2020
    risk 0.61cvss 9.1epss 0.23

    The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a…

  • CVE-2019-10940CriJan 16, 2020
    risk 0.64cvss 9.9epss 0.01

    A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. The…

  • CVE-2009-1120CriJan 15, 2020
    risk 0.64cvss 9.8epss 0.07

    EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remote Code Execution Vulnerability. The flaw exists within the DoRcvRpcCall RPC function -exposed via the rep_srv.exe process- where the vulnerability is caused by an error when the rep_srv.exe handles a…

  • CVE-2020-2587CriJan 15, 2020
    risk 0.64cvss 9.9epss 0.02

    Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via…

  • CVE-2020-2586CriJan 15, 2020
    risk 0.64cvss 9.9epss 0.02

    Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via…

  • CVE-2020-2555CriKEVJan 15, 2020
    risk 0.86cvss 9.8epss 0.97

    Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with…

  • CVE-2020-2551CriKEVJan 15, 2020
    risk 0.83cvss 9.8epss 0.93

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with…

  • CVE-2020-2546CriJan 15, 2020
    risk 0.64cvss 9.8epss 0.05

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Application Container - JavaEE). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access…

  • CVE-2015-5952CriJan 15, 2020
    risk 0.64cvss 9.8epss 0.03

    Directory traversal vulnerability in Thomson Reuters for FATCA before 5.2 allows remote attackers to execute arbitrary files via the item parameter.

  • CVE-2007-4773CriJan 15, 2020
    risk 0.64cvss 9.8epss 0.02

    Systrace before 1.6.0 has insufficient escape policy enforcement.

  • CVE-2005-4891CriJan 15, 2020
    risk 0.67cvss 9.8epss 0.02

    Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.

  • CVE-2015-7874CriJan 15, 2020
    risk 0.68cvss 9.8epss 0.14

    Buffer overflow in the chat server in KiTTY Portable 0.65.0.2p and earlier allows remote attackers to execute arbitrary code via a long nickname.

  • CVE-2020-0654CriJan 14, 2020
    risk 0.59cvss 9.1epss 0.03

    A security feature bypass vulnerability exists in Microsoft OneDrive App for Android.This could allow an attacker to bypass the passcode or fingerprint requirements of the App.The security update addresses the vulnerability by correcting the way Microsoft OneDrive App for…

  • CVE-2020-0646CriKEVJan 14, 2020
    risk 0.87cvss 9.8epss 0.99

    A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.

  • CVE-2020-0610CriJan 14, 2020
    risk 0.72cvss 9.8epss 0.65

    A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution…

  • CVE-2020-0609CriJan 14, 2020
    risk 0.73cvss 9.8epss 0.75

    A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution…

  • CVE-2011-2715CriJan 14, 2020
    risk 0.64cvss 9.8epss 0.01

    An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.

  • CVE-2011-3203CriJan 14, 2020
    risk 0.64cvss 9.8epss 0.02

    A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2.

  • CVE-2020-5505CriJan 14, 2020
    risk 0.67cvss 9.8epss 0.44

    Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64 substring (in conjunction with "type":"application/x-php"} to the /api/files/ URI.

  • CVE-2015-8367CriJan 14, 2020
    risk 0.64cvss 9.8epss 0.05

    The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.

  • CVE-2015-8366CriJan 14, 2020
    risk 0.64cvss 9.8epss 0.05

    Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes.

  • CVE-2019-0219CriJan 14, 2020
    risk 0.64cvss 9.8epss 0.08

    A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI.

  • CVE-2020-6958CriJan 14, 2020
    risk 0.59cvss 9.1epss 0.02

    An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service.

  • CVE-2012-4750CriJan 13, 2020
    risk 0.67cvss 9.8epss 0.09

    A Code Execution vulnerability exists in the memcpy function when processing AMF requests in Ezhometech EzServer 7.0, which could let a remote malicious user execute arbitrary code or cause a Denial of Service

  • CVE-2020-6948CriJan 13, 2020
    risk 0.57cvss 9.8epss 0.04

    A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and password.

  • CVE-2013-6225CriJan 13, 2020
    risk 0.69cvss 9.8epss 0.27

    LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability

  • CVE-2014-5381CriJan 13, 2020
    risk 0.67cvss 9.8epss 0.07

    Grand MA 300 allows a brute-force attack on the PIN.

  • CVE-2020-6840CriJan 11, 2020
    risk 0.64cvss 9.8epss 0.02

    In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mruby-hash-ext/src/hash-ext.c.

  • CVE-2020-6839CriJan 11, 2020
    risk 0.64cvss 9.8epss 0.01

    In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_to_dbl in string.c.

  • CVE-2020-6838CriJan 11, 2020
    risk 0.64cvss 9.8epss 0.01

    In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems/mruby-hash-ext/src/hash-ext.c.

  • CVE-2020-6836CriJan 11, 2020
    risk 0.57cvss 9.8epss 0.02

    grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the formula is taken from…

  • CVE-2020-6835CriJan 10, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Bftpd before 5.4. There is a heap-based off-by-one error during file-transfer error checking.

  • CVE-2012-4284CriJan 10, 2020
    risk 0.72cvss 9.8epss 0.70

    A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code

  • CVE-2011-5020CriJan 10, 2020
    risk 0.64cvss 9.8epss 0.01

    An SQL Injection vulnerability exists in the ID parameter in Online TV Database 2011.