VYPR

CVEs

31,277 total · page 465 of 626

  • CVE-2019-19012CriNov 17, 2019
    risk 0.65cvss 9.8epss 0.11

    An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a…

  • CVE-2019-19010CriNov 16, 2019
    risk 0.57cvss 9.8epss 0.02

    Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.

  • CVE-2019-13582CriNov 15, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A stack overflow could lead to denial of service or arbitrary code execution.

  • CVE-2019-13581CriNov 15, 2019
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service…

  • CVE-2011-0703CriNov 15, 2019
    risk 0.64cvss 9.8epss 0.01

    In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session.

  • CVE-2013-7088CriNov 15, 2019
    risk 0.57cvss 9.8epss 0.03

    ClamAV before 0.97.7 has buffer overflow in the libclamav component

  • CVE-2013-7087CriNov 15, 2019
    risk 0.57cvss 9.8epss 0.03

    ClamAV before 0.97.7 has WWPack corrupt heap memory

  • CVE-2019-14345CriNov 15, 2019
    risk 0.64cvss 9.8epss 0.02

    TemaTres 3.0 allows remote unprivileged users to create an administrator account

  • CVE-2019-18985CriNov 15, 2019
    risk 0.57cvss 9.8epss 0.01

    Pimcore before 6.2.2 lacks brute force protection for the 2FA token.

  • CVE-2019-18981CriNov 15, 2019
    risk 0.57cvss 9.8epss 0.01

    Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.

  • CVE-2019-18928CriNov 15, 2019
    risk 0.57cvss 9.8epss 0.02

    Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.

  • CVE-2019-15803CriNov 14, 2019
    risk 0.59cvss 9.1epss 0.01

    An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by…

  • CVE-2019-15800CriNov 14, 2019
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firmware, an attacker could…

  • CVE-2019-14678CriNov 14, 2019
    risk 0.65cvss 10.0epss 0.03

    SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This…

  • CVE-2013-4108CriNov 14, 2019
    risk 0.64cvss 9.8epss 0.02

    Multiple unspecified vulnerabilities in Cryptocat Project Cryptocat 2.0.18 have unknown impact and attack vectors.

  • CVE-2019-18939CriNov 14, 2019
    risk 0.67cvss 9.8epss 0.41

    eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi and exec1.cgi scripts, which execute TCL script content from an HTTP POST…

  • CVE-2019-18938CriNov 14, 2019
    risk 0.66cvss 9.8epss 0.34

    eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi script for payload upload and the testtcl.cgi script for its execution.

  • CVE-2019-18937CriNov 14, 2019
    risk 0.66cvss 9.8epss 0.34

    eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser AddOn through 1.8 installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi script, which executes TCL script content from an HTTP POST request.

  • CVE-2013-3072CriNov 14, 2019
    risk 0.64cvss 9.8epss 0.02

    An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration…

  • CVE-2013-3073CriNov 14, 2019
    risk 0.64cvss 9.8epss 0.04

    A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34.

  • CVE-2019-11171CriNov 14, 2019
    risk 0.64cvss 9.8epss 0.02

    Heap corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via network access.

  • CVE-2019-11168CriNov 14, 2019
    risk 0.59cvss 9.1epss 0.01

    Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.

  • CVE-2019-8248CriNov 14, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Illustrator CC versions 23.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2019-8247CriNov 14, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Illustrator CC versions 23.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2019-8246CriNov 14, 2019
    risk 0.64cvss 9.8epss 0.05

    Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2011-1930CriNov 14, 2019
    risk 0.68cvss 9.8epss 0.21

    In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP…

  • CVE-2019-3663CriNov 14, 2019
    risk 0.64cvss 9.8epss 0.01

    Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system. This was originally published with a CVSS rating of High, further…

  • CVE-2019-5029CriNov 13, 2019
    risk 0.71cvss 9.8epss 0.57

    An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $() can be inserted into the editor and will be executed by the Exhibitor process when it launches…

  • CVE-2019-18952CriNov 13, 2019
    risk 0.67cvss 9.8epss 0.45

    SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP.

  • CVE-2019-18240CriNov 13, 2019
    risk 0.65cvss 9.8epss 0.14

    In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer overflows have been identified, which may allow an attacker to remotely execute arbitrary code.

  • CVE-2013-3367CriNov 13, 2019
    risk 0.64cvss 9.8epss 0.03

    Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3.

  • CVE-2010-4533CriNov 13, 2019
    risk 0.57cvss 9.8epss 0.01

    offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies.

  • CVE-2019-2205CriNov 13, 2019
    risk 0.64cvss 9.8epss 0.03

    In ProxyResolverV8::SetPacScript of proxy_resolver_v8.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2019-2204CriNov 13, 2019
    risk 0.64cvss 9.8epss 0.01

    In FindSharedFunctionInfo of objects.cc, there is a possible out of bounds read due to a mistake in AST traversal. This could lead to remote code execution in the pacprocessor with no additional execution privileges needed. User interaction is not needed for exploitation.…

  • CVE-2019-2036CriNov 13, 2019
    risk 0.64cvss 9.8epss 0.02

    In okToConnect of HidHostService.java, there is a possible permission bypass due to an incorrect state check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2013-4657CriNov 13, 2019
    risk 0.64cvss 9.8epss 0.02

    Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service.

  • CVE-2019-16948CriNov 13, 2019
    risk 0.64cvss 9.8epss 0.01

    An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can replace the port number at WebServiceLocation=http://localhost:8085/UCWebServices/ with a range of ports to determine what is visible on the internal network (as opposed to what general…

  • CVE-2013-4654CriNov 13, 2019
    risk 0.64cvss 9.8epss 0.03

    Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND..

  • CVE-2019-18839CriNov 13, 2019
    risk 0.59cvss 9.0epss 0.05

    FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will…

  • CVE-2013-4656CriNov 13, 2019
    risk 0.64cvss 9.8epss 0.02

    Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service.

  • CVE-2019-6188CriNov 12, 2019
    risk 0.64cvss 9.8epss 0.01

    The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access.

  • CVE-2019-17330CriNov 12, 2019
    risk 0.62cvss 9.6epss 0.01

    The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected…

  • CVE-2010-3438CriNov 12, 2019
    risk 0.64cvss 9.8epss 0.02

    libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server.

  • CVE-2019-1449CriNov 12, 2019
    risk 0.64cvss 9.8epss 0.06

    A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this…

  • CVE-2019-1384CriNov 12, 2019
    risk 0.65cvss 9.9epss 0.06

    A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass…

  • CVE-2019-1373CriNov 12, 2019
    risk 0.65cvss 9.8epss 0.18

    A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'.

  • CVE-2019-12719CriNov 12, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Picture_Manage_mvc.aspx in AUO SunVeillance Monitoring System before v1.1.9e. There is an incorrect access control vulnerability that can allow an unauthenticated user to upload files via a modified authority parameter.

  • CVE-2019-0721CriNov 12, 2019
    risk 0.60cvss 9.1epss 0.10

    A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0719.

  • CVE-2019-0719CriNov 12, 2019
    risk 0.60cvss 9.1epss 0.11

    A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0721.

  • CVE-2019-18925CriNov 12, 2019
    risk 0.64cvss 9.8epss 0.01

    Systematic IRIS WebForms 5.4 and its functionalities can be accessed and used without any form of authentication.