VYPR

CVEs

31,277 total · page 460 of 626

  • CVE-2019-15597CriDec 18, 2019
    risk 0.64cvss 9.8epss 0.03

    A code injection exists in node-df v0.1.4 that can allow an attacker to remote code execution by unsanitized input.

  • CVE-2019-5081CriDec 18, 2019
    risk 0.64cvss 9.8epss 0.05

    An exploitable heap buffer overflow vulnerability exists in the iocheckd service ''I/O-Chec'' functionality of WAGO PFC 200 Firmware version 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer…

  • CVE-2019-5077CriDec 18, 2019
    risk 0.59cvss 9.1epss 0.02

    An exploitable denial-of-service vulnerability exists in the iocheckd service ‘’I/O-Chec’’ functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC 100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial…

  • CVE-2019-5074CriDec 18, 2019
    risk 0.64cvss 9.8epss 0.03

    An exploitable stack buffer overflow vulnerability exists in the iocheckd service ''I/O-Check'' functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12) and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets…

  • CVE-2019-19690CriDec 18, 2019
    risk 0.64cvss 9.8epss 0.01

    Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature.

  • CVE-2019-19844CriDec 18, 2019
    risk 0.62cvss 9.8epss 0.35

    Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token…

  • CVE-2019-8849CriDec 18, 2019
    risk 0.57cvss 9.8epss 0.02

    The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1. A SwiftNIO application using TLS may be able to execute arbitrary code.

  • CVE-2019-8779CriDec 18, 2019
    risk 0.65cvss 10.0epss 0.01

    A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS 13.1.1 and iPadOS 13.1.1. Third party app extensions may not receive the correct sandbox restrictions.

  • CVE-2019-8750CriDec 18, 2019
    risk 0.64cvss 9.8epss 0.02

    Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Multiple issues in libxslt.

  • CVE-2019-8662CriDec 18, 2019
    risk 0.67cvss 9.8epss 0.10

    This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary.

  • CVE-2019-8661CriDec 18, 2019
    risk 0.67cvss 9.8epss 0.10

    A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.6. A remote attacker may be able to cause arbitrary code execution.

  • CVE-2019-8660CriDec 18, 2019
    risk 0.68cvss 9.8epss 0.14

    A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

  • CVE-2019-8648CriDec 18, 2019
    risk 0.64cvss 9.8epss 0.03

    A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause arbitrary code execution.

  • CVE-2019-8647CriDec 18, 2019
    risk 0.68cvss 9.8epss 0.13

    A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.4, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause arbitrary code execution.

  • CVE-2019-8641CriDec 18, 2019
    risk 0.68cvss 9.8epss 0.17

    An out-of-bounds read was addressed with improved input validation.

  • CVE-2019-8617CriDec 18, 2019
    risk 0.62cvss 9.6epss 0.01

    An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.3. A sandboxed process may be able to circumvent sandbox restrictions.

  • CVE-2019-8613CriDec 18, 2019
    risk 0.68cvss 9.8epss 0.13

    A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A remote attacker may be able to cause arbitrary code execution.

  • CVE-2019-8600CriDec 18, 2019
    risk 0.65cvss 9.8epss 0.20

    A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution.

  • CVE-2019-8562CriDec 18, 2019
    risk 0.63cvss 9.6epss 0.01

    A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows. A sandboxed process may be able to circumvent sandbox restrictions.

  • CVE-2019-8527CriDec 18, 2019
    risk 0.59cvss 9.1epss 0.03

    A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.

  • CVE-2019-7290CriDec 18, 2019
    risk 0.65cvss 10.0epss 0.01

    An access issue was addressed with additional sandbox restrictions. This issue is fixed in Shortcuts 2.1.3 for iOS. A sandboxed process may be able to circumvent sandbox restrictions.

  • CVE-2019-4716CriKEVDec 18, 2019
    risk 0.86cvss 9.8epss 0.86

    IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094.

  • CVE-2019-11400CriDec 18, 2019
    risk 0.65cvss 9.8epss 0.17

    An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. A buffer overflow occurs through the get_set.ccp ccp_act parameter.

  • CVE-2019-11399CriDec 18, 2019
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. OS command injection occurs through the get_set.ccp lanHostCfg_HostName_1.1.1.0.0 parameter.

  • CVE-2019-2242CriDec 18, 2019
    risk 0.64cvss 9.8epss 0.01

    Device memory may get corrupted because of buffer overflow/underflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon…

  • CVE-2019-10614CriDec 18, 2019
    risk 0.64cvss 9.8epss 0.01

    Out of boundary access is possible as there is no validation of data accessed against the received size of the packet in case of malicious firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer…

  • CVE-2019-10572CriDec 18, 2019
    risk 0.64cvss 9.8epss 0.01

    Improper check in video driver while processing data from video firmware can lead to integer overflow and then buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon…

  • CVE-2019-10557CriDec 18, 2019
    risk 0.64cvss 9.8epss 0.01

    Out-of-bound read in the wireless driver in the Linux kernel due to lack of check of buffer length. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009,…

  • CVE-2019-10525CriDec 18, 2019
    risk 0.64cvss 9.8epss 0.01

    Buffer overflow during SIB read when network configures complete sib list along with first and last segment of other SIB in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music,…

  • CVE-2019-10516CriDec 18, 2019
    risk 0.64cvss 9.8epss 0.01

    Multiple read overflows in MM while decoding service accept,service reject,attach reject and MT detach in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in…

  • CVE-2019-10500CriDec 18, 2019
    risk 0.64cvss 9.8epss 0.01

    While processing MT Secondary PDP request, Buffer overflow will happen due to incorrect calculation of buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon…

  • CVE-2019-10487CriDec 18, 2019
    risk 0.64cvss 9.8epss 0.01

    Buffer over read can happen while parsing SMS OTA messages at transport layer if network sends un-intended values in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon…

  • CVE-2019-19846CriDec 18, 2019
    risk 0.64cvss 9.8epss 0.02

    In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.

  • CVE-2019-18257CriDec 17, 2019
    risk 0.64cvss 9.8epss 0.03

    In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple stack-based buffer overflow vulnerabilities exist in the file transfer service listening on the TCP port. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code with the…

  • CVE-2019-19634CriDec 17, 2019
    risk 0.64cvss 9.8epss 0.04

    class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576.

  • CVE-2019-18956CriDec 17, 2019
    risk 0.64cvss 9.8epss 0.06

    Divisa Proxia Suite 9 < 9.12.16, 9.11.19, 9.10.26, 9.9.8, 9.8.43 and 9.7.10, 10.0 < 10.0.32, and 10.1 < 10.1.5, SparkSpace 1.0 < 1.0.30, 1.1 < 1.1.2, and 1.2 < 1.2.4, and Proxia PHR 1.0 < 1.0.30 and 1.1 < 1.1.2 allows remote code execution via untrusted Java deserialization. The…

  • CVE-2019-19826CriDec 16, 2019
    risk 0.64cvss 9.8epss 0.02

    The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/views_handler_filter_dynamic_fields.inc, as demonstrated by PHP object injection, involving a field_names object and an Archive_Tar object, for file deletion. Code…

  • CVE-2019-18269CriDec 16, 2019
    risk 0.64cvss 9.8epss 0.01

    Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability.

  • CVE-2019-18261CriDec 16, 2019
    risk 0.64cvss 9.8epss 0.01

    In Omron PLC CS series, all versions, Omron PLC CJ series, all versions, and Omron PLC NJ series, all versions, the software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to…

  • CVE-2019-18259CriDec 16, 2019
    risk 0.64cvss 9.8epss 0.02

    In Omron PLC CJ series, all versions and Omron PLC CS series, all versions, an attacker could spoof arbitrary messages or execute commands.

  • CVE-2019-18830CriDec 16, 2019
    risk 0.64cvss 9.8epss 0.04

    Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could…

  • CVE-2019-18826CriDec 16, 2019
    risk 0.64cvss 9.8epss 0.01

    Barco ClickShare Button R9861500D01 devices before 1.9.0 have Improper Following of a Certificate's Chain of Trust. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, does not properly validate the whole certificate…

  • CVE-2014-8650CriDec 15, 2019
    risk 0.57cvss 9.8epss 0.04

    python-requests-Kerberos through 0.5 does not handle mutual authentication

  • CVE-2014-3699CriDec 15, 2019
    risk 0.64cvss 9.8epss 0.02

    eDeploy has RCE via cPickle deserialization of untrusted data

  • CVE-2019-17364CriDec 13, 2019
    risk 0.64cvss 9.8epss 0.04

    The processCommandUploadLog() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.

  • CVE-2019-16737CriDec 13, 2019
    risk 0.64cvss 9.8epss 0.04

    The processCommandSetMac() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.

  • CVE-2019-16736CriDec 13, 2019
    risk 0.64cvss 9.8epss 0.03

    A stack-based buffer overflow in processCommandUploadSnapshot in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user.

  • CVE-2019-16735CriDec 13, 2019
    risk 0.64cvss 9.8epss 0.03

    A stack-based buffer overflow in processCommandUploadLog in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user.

  • CVE-2019-16734CriDec 13, 2019
    risk 0.64cvss 9.8epss 0.03

    Use of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.

  • CVE-2019-16733CriDec 13, 2019
    risk 0.64cvss 9.8epss 0.04

    processCommandSetUid() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.