VYPR

CVEs

31,277 total · page 459 of 626

  • CVE-2019-12568CriDec 23, 2019
    risk 0.64cvss 9.8epss 0.02

    Stack-based overflow vulnerability in the logMess function in Open TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2018-10387 and CVE-2019-12567.

  • CVE-2019-12567CriDec 23, 2019
    risk 0.64cvss 9.8epss 0.02

    Stack-based overflow vulnerability in the logMess function in Open TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2018-10387 and CVE-2019-12568.

  • CVE-2018-10389CriDec 23, 2019
    risk 0.64cvss 9.8epss 0.02

    Format string vulnerability in the logMess function in TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet.

  • CVE-2018-10388CriDec 23, 2019
    risk 0.64cvss 9.8epss 0.04

    Format string vulnerability in the logMess function in TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet.

  • CVE-2018-10387CriDec 23, 2019
    risk 0.64cvss 9.8epss 0.03

    Heap-based overflow vulnerability in TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or possibly execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2008-2161.

  • CVE-2019-8293CriDec 23, 2019
    risk 0.57cvss 9.8epss 0.03

    Due to a logic error in the code, upload-image-with-ajax v1.0 allows arbitrary files to be uploaded to the web root allowing code execution.

  • CVE-2019-7489CriDec 23, 2019
    risk 0.64cvss 9.8epss 0.05

    A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier.

  • CVE-2019-7488CriDec 23, 2019
    risk 0.64cvss 9.8epss 0.02

    Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance version 10.0.2 and earlier.

  • CVE-2019-3431CriDec 23, 2019
    risk 0.64cvss 9.8epss 0.00

    All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Attackers could sniff unencrypted account and password through the network for front-end system access.

  • CVE-2019-18234CriDec 23, 2019
    risk 0.64cvss 9.8epss 0.02

    Equinox Control Expert all versions, is vulnerable to an SQL injection attack, which may allow an attacker to remotely execute arbitrary code.

  • CVE-2019-19919CriDec 20, 2019
    risk 0.57cvss 9.8epss 0.07

    Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.

  • CVE-2019-19747CriDec 20, 2019
    risk 0.64cvss 9.8epss 0.01

    NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any valid LDAP user by providing a valid username and an empty password (provided that…

  • CVE-2019-17571CriDec 20, 2019
    risk 0.62cvss 9.8epss 0.69

    Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects…

  • CVE-2019-15913CriDec 20, 2019
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Because of insecure key transport in ZigBee communication, causing attackers to gain sensitive information and denial of service attack, take over smart home devices, and tamper with…

  • CVE-2019-15911CriDec 20, 2019
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Because of insecure key transport in ZigBee communication, attackers can obtain sensitive information, cause the multiple denial of service attacks, take over smart…

  • CVE-2019-17440CriDec 20, 2019
    risk 0.65cvss 10.0epss 0.02

    Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS. This issue affects PAN-OS 9.0 versions prior to…

  • CVE-2012-6094CriDec 20, 2019
    risk 0.64cvss 9.8epss 0.02

    cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system

  • CVE-2019-19915CriDec 19, 2019
    risk 0.59cvss 9.0epss 0.01

    The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or inject redirect rules, and exploit XSS, with the /admin-ajax.php?action=eps_redirect_save and…

  • CVE-2019-17527CriDec 19, 2019
    risk 0.64cvss 9.8epss 0.01

    dataForDepandantField in models/custormfields.php in the JS JOBS FREE extension before 1.2.7 for Joomla! allows SQL Injection via the index.php?option=com_jsjobs&task=customfields.getfieldtitlebyfieldandfieldfo child parameter.

  • CVE-2019-16871CriDec 19, 2019
    risk 0.64cvss 9.8epss 0.05

    Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol.

  • CVE-2019-8256CriDec 19, 2019
    risk 0.64cvss 9.8epss 0.04

    ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability. Successful exploitation could lead to privilege escalation.

  • CVE-2019-8255CriDec 19, 2019
    risk 0.64cvss 9.8epss 0.07

    Brackets versions 1.14 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-19907CriDec 19, 2019
    risk 0.64cvss 9.8epss 0.02

    HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core before 8.7.7 allows out-of-bounds access, as demonstrated by mishandling of an array copy during parsing of ICal data.

  • CVE-2019-19905CriDec 19, 2019
    risk 0.57cvss 9.8epss 0.03

    NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own configuration files.

  • CVE-2019-16464CriDec 19, 2019
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code…

  • CVE-2019-16463CriDec 19, 2019
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to…

  • CVE-2019-16462CriDec 19, 2019
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code…

  • CVE-2019-16460CriDec 19, 2019
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to…

  • CVE-2019-16459CriDec 19, 2019
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code…

  • CVE-2019-16455CriDec 19, 2019
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to…

  • CVE-2019-16454CriDec 19, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary…

  • CVE-2019-16453CriDec 19, 2019
    risk 0.64cvss 9.8epss 0.06

    Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary code…

  • CVE-2019-16452CriDec 19, 2019
    risk 0.64cvss 9.8epss 0.06

    Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code…

  • CVE-2019-16451CriDec 19, 2019
    risk 0.69cvss 9.8epss 0.35

    Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code…

  • CVE-2019-16450CriDec 19, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary…

  • CVE-2019-16448CriDec 19, 2019
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code…

  • CVE-2019-16446CriDec 19, 2019
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to…

  • CVE-2019-16445CriDec 19, 2019
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code…

  • CVE-2019-16444CriDec 19, 2019
    risk 0.64cvss 9.8epss 0.03

    Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a binary planting (default folder privilege escalation) vulnerability. Successful…

  • CVE-2019-7482CriDec 19, 2019
    risk 0.64cvss 9.8epss 0.09

    Stack-based buffer overflow in SonicWall SMA100 allows an unauthenticated user to execute arbitrary code in function libSys.so. This vulnerability impacted SMA100 version 9.0.0.3 and earlier.

  • CVE-2019-19899CriDec 19, 2019
    risk 0.00cvss 9.8epss 0.01

    Pebble Templates 3.1.2 allows attackers to bypass a protection mechanism (intended to block access to instances of java.lang.Class) because getClass is accessible via the public static java.lang.Class java.lang.Class.forName(java.lang.Module,java.lang.String) signature.

  • CVE-2019-11131CriDec 18, 2019
    risk 0.64cvss 9.8epss 0.02

    Logic issue in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

  • CVE-2019-11107CriDec 18, 2019
    risk 0.64cvss 9.8epss 0.02

    Insufficient input validation in the subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

  • CVE-2019-5080CriDec 18, 2019
    risk 0.59cvss 9.1epss 0.02

    An exploitable denial-of-service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A single packet can cause a denial of service and weaken…

  • CVE-2019-5079CriDec 18, 2019
    risk 0.64cvss 9.8epss 0.03

    An exploitable heap buffer overflow vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer…

  • CVE-2019-5078CriDec 18, 2019
    risk 0.59cvss 9.1epss 0.02

    An exploitable denial of service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial of…

  • CVE-2019-5075CriDec 18, 2019
    risk 0.64cvss 9.8epss 0.04

    An exploitable stack buffer overflow vulnerability exists in the command line utility getcouplerdetails of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets sent to the iocheckd service…

  • CVE-2019-18572CriDec 18, 2019
    risk 0.64cvss 9.8epss 0.02

    The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain an Improper Authentication vulnerability. A Java JMX agent running on the remote host is configured with plain text password authentication. An unauthenticated…

  • CVE-2019-15599CriDec 18, 2019
    risk 0.57cvss 9.8epss 0.03

    A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command.

  • CVE-2019-15598CriDec 18, 2019
    risk 0.57cvss 9.8epss 0.03

    A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command.