VYPR

CVEs

31,277 total · page 461 of 626

  • CVE-2019-16730CriDec 13, 2019
    risk 0.64cvss 9.8epss 0.04

    processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.

  • CVE-2019-19790CriDec 13, 2019
    risk 0.64cvss 9.8epss 0.03

    Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor…

  • CVE-2019-18802CriDec 13, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat "header-value " as a different string from "header-value" so for example with the Host header "example.com " one…

  • CVE-2019-18801CriDec 13, 2019
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents (leading to a query-of-death scenario) or may be used…

  • CVE-2014-0175CriDec 13, 2019
    risk 0.64cvss 9.8epss 0.02

    mcollective has a default password set at install

  • CVE-2019-19782CriDec 13, 2019
    risk 0.64cvss 9.8epss 0.03

    The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long EHLO response from an FTP server.

  • CVE-2019-3951CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.04

    Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages.

  • CVE-2019-18342CriDec 12, 2019
    risk 0.65cvss 9.9epss 0.02

    A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an…

  • CVE-2019-18339CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.03

    A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A…

  • CVE-2019-18337CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.03

    A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote…

  • CVE-2019-18330CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.03

    A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to…

  • CVE-2019-18329CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.03

    A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp.…

  • CVE-2019-18328CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.03

    A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp.…

  • CVE-2019-18327CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.03

    A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp.…

  • CVE-2019-18326CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.03

    A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp.…

  • CVE-2019-18325CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.03

    A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp.…

  • CVE-2019-18324CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.03

    A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp.…

  • CVE-2019-18323CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.03

    A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to…

  • CVE-2019-18322CriDec 12, 2019
    risk 0.59cvss 9.1epss 0.01

    A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This…

  • CVE-2019-18321CriDec 12, 2019
    risk 0.59cvss 9.1epss 0.01

    A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This…

  • CVE-2019-18316CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.03

    A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted packets to 1099/tcp. Please note that an…

  • CVE-2019-18315CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.02

    A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted packets to 8888/tcp. Please note that an…

  • CVE-2019-18314CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.02

    A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted objects via RMI. Please note that an attacker…

  • CVE-2019-18313CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.03

    A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could gain remote code execution by sending specifically crafted objects to one of the RPC services. Please note that an attacker needs…

  • CVE-2019-18296CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.05

    A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port…

  • CVE-2019-18295CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.05

    A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port…

  • CVE-2019-18293CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.05

    A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port…

  • CVE-2019-18289CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.05

    A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port…

  • CVE-2019-18284CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.02

    A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The AdminService is available without authentication on the Application Server. An attacker can use methods exposed via this interface to receive password hashes of other…

  • CVE-2019-18283CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.05

    A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The AdminService is available without authentication on the Application Server. An attacker can gain remote code execution by sending specifically crafted objects to one…

  • CVE-2019-13932CriDec 12, 2019
    risk 0.59cvss 9.1epss 0.01

    A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web application requests could be manipulated, causing the the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated. A…

  • CVE-2019-19750CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.01

    minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product.

  • CVE-2019-18345CriDec 12, 2019
    risk 0.61cvss 9.3epss 0.02

    A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the…

  • CVE-2019-16246CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.03

    Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution.

  • CVE-2019-15936CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.02

    Intesync Solismed 3.3sp allows Insecure File Upload.

  • CVE-2019-15933CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.02

    Intesync Solismed 3.3sp has SQL Injection.

  • CVE-2019-15932CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.02

    Intesync Solismed 3.3sp has Incorrect Access Control.

  • CVE-2019-15931CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.03

    Intesync Solismed 3.3sp allows Directory Traversal, a different vulnerability than CVE-2019-16246.

  • CVE-2019-2320CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.01

    Possible out of bounds write in a MT SMS/SS scenario due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in…

  • CVE-2019-10559CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.01

    Accessing data buffer beyond the available data while parsing ogg clip can lead to null-pointer dereference and then memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon…

  • CVE-2019-10511CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.01

    Possibility of memory overflow while decoding GSNDCP compressed mode PDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053,…

  • CVE-2019-10493CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.01

    Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9625,…

  • CVE-2019-19740CriDec 12, 2019
    risk 0.67cvss 9.8epss 0.06

    Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get is vulnerable.

  • CVE-2019-5093CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.03

    An exploitable code execution vulnerability exists in the DICOM network response functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this…

  • CVE-2019-5085CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.03

    An exploitable code execution vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this…

  • CVE-2019-10694CriDec 12, 2019
    risk 0.64cvss 9.8epss 0.01

    The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise…

  • CVE-2019-3989CriDec 11, 2019
    risk 0.64cvss 9.8epss 0.04

    Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data.

  • CVE-2019-0403CriDec 11, 2019
    risk 0.64cvss 9.8epss 0.02

    SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection.

  • CVE-2019-19374CriDec 11, 2019
    risk 0.59cvss 9.1epss 0.03

    An issue was discovered in core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete…

  • CVE-2014-7257CriDec 11, 2019
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in DBD::PgPP 0.05 and earlier