VYPR

CVEs

31,277 total · page 464 of 626

  • CVE-2019-18374CriNov 25, 2019
    risk 0.64cvss 9.8epss 0.02

    Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & 8.0 MP1, may be susceptible to an authentication bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing authentication controls.

  • CVE-2019-5870CriNov 25, 2019
    risk 0.63cvss 9.6epss 0.01

    Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2019-5866CriNov 25, 2019
    risk 0.64cvss 9.8epss 0.01

    Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-5850CriNov 25, 2019
    risk 0.62cvss 9.6epss 0.01

    Use after free in offline mode in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2012-5582CriNov 25, 2019
    risk 0.57cvss 9.8epss 0.02

    opendnssec misuses libcurl API

  • CVE-2019-18622CriNov 22, 2019
    risk 0.57cvss 9.8epss 0.03

    An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.

  • CVE-2019-13566CriNov 22, 2019
    risk 0.00cvss 9.8epss 0.03

    An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. A buffer overflow allows attackers to cause a denial of service and possibly execute arbitrary code via an IP address with a long hostname.

  • CVE-2014-6311CriNov 22, 2019
    risk 0.64cvss 9.8epss 0.02

    generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges.

  • CVE-2014-6310CriNov 22, 2019
    risk 0.64cvss 9.8epss 0.05

    Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.

  • CVE-2014-3585CriNov 22, 2019
    risk 0.64cvss 9.8epss 0.01

    redhat-upgrade-tool: Does not check GPG signatures when upgrading versions

  • CVE-2019-18933CriNov 21, 2019
    risk 0.57cvss 9.8epss 0.01

    In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an organization that also allows password authentication could have their personal…

  • CVE-2019-18889CriNov 21, 2019
    risk 0.59cvss 9.8epss 0.33

    An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.

  • CVE-2019-11325CriNov 21, 2019
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.

  • CVE-2019-19033CriNov 21, 2019
    risk 0.64cvss 9.8epss 0.03

    Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password.

  • CVE-2019-19006CriKEVNov 21, 2019
    risk 0.72cvss 9.8epss 0.37

    Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.

  • CVE-2019-18349CriNov 21, 2019
    risk 0.64cvss 9.8epss 0.02

    HotkeyP through 4.9 r96 allows privilege escalation in the privilege function in Commands.cpp.

  • CVE-2019-5509CriNov 21, 2019
    risk 0.64cvss 9.8epss 0.02

    ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account.

  • CVE-2018-8879CriNov 21, 2019
    risk 0.65cvss 9.8epss 0.17

    Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to execute arbitrary code by providing a long string to the blocking.asp page via a GET or POST request.…

  • CVE-2019-2303CriNov 21, 2019
    risk 0.64cvss 9.8epss 0.01

    SNDCP module may access array out side its boundary when it receives malformed XID message. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009,…

  • CVE-2019-2289CriNov 21, 2019
    risk 0.64cvss 9.8epss 0.01

    Lack of integrity check allows MODEM to accept any NAS messages which can result into authentication bypass of NAS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon…

  • CVE-2019-2271CriNov 21, 2019
    risk 0.64cvss 9.8epss 0.01

    Buffer over read can happen while parsing downlink session management OTA messages if network sends un-intended values in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music,…

  • CVE-2019-2268CriNov 21, 2019
    risk 0.64cvss 9.8epss 0.01

    Possible OOB read issue in P2P action frames while handling WLAN management frame in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8017, APQ8053,…

  • CVE-2019-16541CriNov 21, 2019
    risk 0.57cvss 9.9epss 0.02

    Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope.

  • CVE-2019-16340CriNov 21, 2019
    risk 0.65cvss 9.8epss 0.19

    Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI.

  • CVE-2019-10627CriNov 21, 2019
    risk 0.64cvss 9.8epss 0.01

    Integer overflow to buffer overflow vulnerability in PostScript image handling code used by the PostScript- and PDF-compatible interpreters due to incorrect buffer size calculation. in PostScript and PDF printers that use IPS versions prior to 2019.2 in PostScript and PDF…

  • CVE-2014-3700CriNov 21, 2019
    risk 0.64cvss 9.8epss 0.03

    eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data

  • CVE-2012-3460CriNov 21, 2019
    risk 0.64cvss 9.8epss 0.01

    cumin: At installation postgresql database user created without password

  • CVE-2013-7171CriNov 21, 2019
    risk 0.64cvss 9.8epss 0.06

    Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable permissions on the /tmp directory which could allow remote attackers to execute arbitrary code with root privileges.

  • CVE-2015-3166CriNov 20, 2019
    risk 0.57cvss 9.8epss 0.05

    The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via…

  • CVE-2013-2093CriNov 20, 2019
    risk 0.57cvss 9.8epss 0.05

    Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands.

  • CVE-2013-2091CriNov 20, 2019
    risk 0.57cvss 9.8epss 0.03

    SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.

  • CVE-2019-18858CriNov 20, 2019
    risk 0.64cvss 9.8epss 0.02

    CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.

  • CVE-2019-5541CriNov 20, 2019
    risk 0.59cvss 9.1epss 0.01

    VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an out-of-bounds write vulnerability in the e1000e virtual network adapter. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to…

  • CVE-2019-10765CriNov 20, 2019
    risk 0.57cvss 9.8epss 0.02

    iobroker.admin before 3.6.12 allows attacker to include file contents from outside the `/log/file1/` directory.

  • CVE-2010-4660CriNov 20, 2019
    risk 0.64cvss 9.8epss 0.01

    Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes..

  • CVE-2016-9652CriNov 20, 2019
    risk 0.64cvss 9.8epss 0.02

    Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883.75.

  • CVE-2016-5194CriNov 20, 2019
    risk 0.64cvss 9.8epss 0.01

    Unspecified vulnerabilities in Google Chrome before 54.0.2840.59.

  • CVE-2011-1028CriNov 20, 2019
    risk 0.57cvss 9.8epss 0.02

    The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.

  • CVE-2011-3350CriNov 19, 2019
    risk 0.64cvss 9.8epss 0.02

    masqmail 0.2.21 through 0.2.30 improperly calls seteuid() in src/log.c and src/masqmail.c that results in improper privilege dropping.

  • CVE-2019-10766CriNov 19, 2019
    risk 0.57cvss 9.8epss 0.01

    Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL Injection in the limit() function due to improper sanitization.

  • CVE-2011-2921CriNov 19, 2019
    risk 0.73cvss 9.8epss 0.83

    ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges.

  • CVE-2012-0824CriNov 19, 2019
    risk 0.64cvss 9.8epss 0.02

    gnusound 0.7.5 has format string issue

  • CVE-2016-1000006CriNov 19, 2019
    risk 0.57cvss 9.8epss 0.02

    hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions.

  • CVE-2019-12409CriNov 18, 2019
    risk 0.65cvss 9.8epss 0.22

    The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring…

  • CVE-2019-12271CriNov 18, 2019
    risk 0.64cvss 9.8epss 0.02

    Sandline Centraleyezer (On Premises) allows unrestricted File Upload with a dangerous type, because the feature of adding ".jpg" to any uploaded filename is not enforced on the server side.

  • CVE-2018-20687CriNov 18, 2019
    risk 0.64cvss 9.8epss 0.03

    An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML…

  • CVE-2011-5331CriNov 18, 2019
    risk 0.64cvss 9.8epss 0.03

    Distributed Ruby (aka DRuby) 1.8 mishandles instance_eval.

  • CVE-2011-5330CriNov 18, 2019
    risk 0.64cvss 9.8epss 0.02

    Distributed Ruby (aka DRuby) 1.8 mishandles the sending of syscalls.

  • CVE-2019-19113CriNov 18, 2019
    risk 0.64cvss 9.8epss 0.02

    main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyword= SQL Injection.

  • CVE-2019-17058CriNov 18, 2019
    risk 0.59cvss 9.1epss 0.02

    Footy Tipping Software AFL Web Edition 2019 allows arbitrary file upload and resultant remote code execution because a whitelist can be bypassed by an Administrator who uploads a crafted upload.dat file.