VYPR

CVEs

31,277 total · page 463 of 626

  • CVE-2019-11936CriDec 4, 2019
    risk 0.00cvss 9.8epss 0.01

    Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0,…

  • CVE-2019-11935CriDec 4, 2019
    risk 0.00cvss 9.8epss 0.01

    Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0,…

  • CVE-2019-11934CriDec 4, 2019
    risk 0.00cvss 9.8epss 0.02

    Improper handling of close_notify alerts can result in an out-of-bounds read in AsyncSSLSocket. This issue affects folly prior to v2019.11.04.00.

  • CVE-2019-11930CriDec 4, 2019
    risk 0.00cvss 9.8epss 0.03

    An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0,…

  • CVE-2018-0730CriDec 4, 2019
    risk 0.64cvss 9.8epss 0.02

    This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.

  • CVE-2018-0729CriDec 4, 2019
    risk 0.64cvss 9.8epss 0.02

    This command injection vulnerability in Music Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating Music Station to their latest versions.

  • CVE-2019-5096CriDec 3, 2019
    risk 0.69cvss 9.8epss 0.67

    An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the…

  • CVE-2019-19459CriDec 3, 2019
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary…

  • CVE-2019-16885CriDec 3, 2019
    risk 0.64cvss 9.8epss 0.05

    In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/ProductsView.php using the cookie price_filter, and second in api/Comparison.php via…

  • CVE-2013-4486CriDec 3, 2019
    risk 0.57cvss 9.8epss 0.01

    Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging

  • CVE-2019-19021CriDec 2, 2019
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account (with a hard-coded password) in the web administration interface, with administrator privileges. Anybody can log in with this account.

  • CVE-2019-19015CriDec 2, 2019
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service (which is typically exposed to all users) allows connections to the internal PostgreSQL database of the appliance. By connecting to the database through the proxy (without password authentication), an…

  • CVE-2019-12518CriDec 2, 2019
    risk 0.71cvss 9.8epss 0.51

    Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability.

  • CVE-2019-12503CriDec 2, 2019
    risk 0.64cvss 9.8epss 0.02

    Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST-60 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system…

  • CVE-2019-12394CriDec 2, 2019
    risk 0.64cvss 9.8epss 0.02

    Anviz access control devices allow unverified password change which allows remote attackers to change the administrator password without prior authentication.

  • CVE-2019-12392CriDec 2, 2019
    risk 0.64cvss 9.8epss 0.02

    Anviz access control devices allow remote attackers to issue commands without a password.

  • CVE-2019-19502CriDec 2, 2019
    risk 0.00cvss 9.8epss 0.02

    Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code.

  • CVE-2019-19245CriDec 2, 2019
    risk 0.67cvss 9.8epss 0.08

    NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginForm[username] field when double quotes are used.

  • CVE-2019-19492CriDec 2, 2019
    risk 0.69cvss 9.8epss 0.29

    FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.

  • CVE-2019-15631CriDec 2, 2019
    risk 0.64cvss 9.8epss 0.02

    Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.

  • CVE-2019-18609CriDec 1, 2019
    risk 0.57cvss 9.8epss 0.03

    An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller…

  • CVE-2019-19391CriNov 29, 2019
    risk 0.00cvss 9.1epss 0.01

    In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and > options are mishandled. NOTE: The LuaJIT…

  • CVE-2019-14901CriNov 29, 2019
    risk 0.65cvss 9.8epss 0.17

    A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with…

  • CVE-2019-14897CriNov 29, 2019
    risk 0.64cvss 9.8epss 0.03

    A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations…

  • CVE-2019-14895CriNov 29, 2019
    risk 0.64cvss 9.8epss 0.08

    A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This…

  • CVE-2019-18253CriNov 27, 2019
    risk 0.65cvss 10.0epss 0.02

    An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the intended directory.

  • CVE-2019-6665CriNov 27, 2019
    risk 0.61cvss 9.4epss 0.01

    On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, an attacker with access to the device communication between the BIG-IP ASM Central Policy Builder and the…

  • CVE-2011-2717CriNov 27, 2019
    risk 0.64cvss 9.8epss 0.04

    The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message.

  • CVE-2011-2523CriNov 27, 2019
    risk 0.74cvss 9.8epss 0.96

    vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.

  • CVE-2019-19330CriNov 27, 2019
    risk 0.64cvss 9.8epss 0.04

    The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.

  • CVE-2019-18184CriNov 27, 2019
    risk 0.64cvss 9.8epss 0.08

    Crestron DMC-STRO 1.0 devices allow remote command execution as root via shell metacharacters to the ping function.

  • CVE-2019-14896CriNov 27, 2019
    risk 0.64cvss 9.8epss 0.09

    A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called…

  • CVE-2011-1939CriNov 26, 2019
    risk 0.67cvss 9.8epss 0.04

    SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.

  • CVE-2011-1933CriNov 26, 2019
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in Jifty::DBI before 0.68.

  • CVE-2019-17392CriNov 26, 2019
    risk 0.64cvss 9.8epss 0.01

    Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.

  • CVE-2019-18580CriNov 26, 2019
    risk 0.65cvss 10.0epss 0.05

    Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host.

  • CVE-2019-12526CriNov 26, 2019
    risk 0.65cvss 9.8epss 0.20

    An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to…

  • CVE-2019-12523CriNov 26, 2019
    risk 0.59cvss 9.1epss 0.04

    An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to…

  • CVE-2019-19307CriNov 26, 2019
    risk 0.67cvss 9.8epss 0.42

    An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS (infinite loop), or possibly cause an out-of-bounds write, by sending a crafted MQTT protocol packet.

  • CVE-2019-14842CriNov 26, 2019
    risk 0.64cvss 9.8epss 0.02

    Structured reply is a feature of the newstyle NBD protocol allowing the server to send a reply in chunks. A bounds check which was supposed to test for chunk offsets smaller than the beginning of the request did not work because of signed/unsigned confusion. If one of these…

  • CVE-2019-6675CriNov 26, 2019
    risk 0.64cvss 9.8epss 0.01

    BIG-IP configurations using Active Directory, LDAP, or Client Certificate LDAP for management authentication with multiple servers are exposed to a vulnerability which allows an authentication bypass. This can result in a complete compromise of the system. This issue only…

  • CVE-2019-12489CriNov 26, 2019
    risk 0.64cvss 9.8epss 0.06

    An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Askey 2018-10-02 18:08:18 devices. By using the usb_remove service through an HTTP request, it is possible to inject and execute a command between two & characters in the mount parameter.

  • CVE-2011-4121CriNov 26, 2019
    risk 0.57cvss 9.8epss 0.03

    The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private…

  • CVE-2011-4120CriNov 26, 2019
    risk 0.57cvss 9.8epss 0.02

    Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and…

  • CVE-2019-15958CriNov 26, 2019
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability is due to…

  • CVE-2019-18250CriNov 26, 2019
    risk 0.64cvss 9.8epss 0.02

    In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass authentication and extract credentials from the affected device.

  • CVE-2011-3584CriNov 26, 2019
    risk 0.64cvss 9.8epss 0.01

    The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input.

  • CVE-2011-3583CriNov 26, 2019
    risk 0.64cvss 9.8epss 0.01

    It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two…

  • CVE-2019-19250CriNov 25, 2019
    risk 0.00cvss 9.8epss 0.01

    OpenTrade before 2019-11-23 allows SQL injection, related to server/modules/api/v1.js and server/utils.js.

  • CVE-2019-19249CriNov 25, 2019
    risk 0.57cvss 9.8epss 0.01

    Controllers/InvitationsController.cs in QueryTree before 3.0.99-beta mishandles invitations.