VYPR

CVEs

31,277 total · page 466 of 626

  • CVE-2019-18655CriNov 12, 2019
    risk 0.65cvss 9.8epss 0.15

    File Sharing Wizard version 1.5.0 build 2008 is affected by a Structured Exception Handler based buffer overflow vulnerability. An unauthenticated attacker is able to perform remote command execution and obtain a command shell by sending a HTTP GET request including the…

  • CVE-2019-18658CriNov 12, 2019
    risk 0.64cvss 9.8epss 0.02

    In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as…

  • CVE-2011-2936CriNov 12, 2019
    risk 0.64cvss 9.8epss 0.02

    Elgg through 1.7.10 has a SQL injection vulnerability

  • CVE-2011-2897CriNov 12, 2019
    risk 0.64cvss 9.8epss 0.02

    gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw

  • CVE-2019-18873CriNov 12, 2019
    risk 0.62cvss 9.0epss 0.08

    FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control…

  • CVE-2019-18852CriNov 11, 2019
    risk 0.64cvss 9.8epss 0.02

    Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01,…

  • CVE-2019-18623CriNov 8, 2019
    risk 0.64cvss 9.8epss 0.01

    Escalation of privileges in EnergyCAP 7 through 7.5.6 allows an attacker to access data. If an unauthenticated user clicks on a link on the public dashboard, the resource opens in EnergyCAP with access rights matching the user who created the dashboard.

  • CVE-2019-18835CriNov 8, 2019
    risk 0.57cvss 9.8epss 0.01

    Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers.

  • CVE-2008-7291CriNov 8, 2019
    risk 0.64cvss 9.8epss 0.01

    gri before 2.12.18 generates temporary files in an insecure way.

  • CVE-2007-6745CriNov 7, 2019
    risk 0.64cvss 9.8epss 0.02

    clamav 0.91.2 suffers from a floating point exception when using ScanOLE2.

  • CVE-2019-18818CriNov 7, 2019
    risk 0.11cvss 9.8epss 0.98

    strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.

  • CVE-2013-1751CriNov 7, 2019
    risk 0.64cvss 9.8epss 0.05

    TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters.

  • CVE-2007-3915CriNov 7, 2019
    risk 0.59cvss 9.1epss 0.01

    Mondo 2.24 has insecure handling of temporary files.

  • CVE-2010-2476CriNov 7, 2019
    risk 0.64cvss 9.8epss 0.02

    syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot.

  • CVE-2010-2447CriNov 7, 2019
    risk 0.57cvss 9.8epss 0.02

    gitolite before 1.4.1 does not filter src/ or hooks/ from path names.

  • CVE-2019-11996CriNov 7, 2019
    risk 0.64cvss 9.8epss 0.01

    Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent…

  • CVE-2011-2337CriNov 7, 2019
    risk 0.64cvss 9.8epss 0.01

    A wrong type is used for a return value from strlen in WebKit in Google Chrome before Blink M12 on 64-bit platforms.

  • CVE-2019-18814CriNov 7, 2019
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c.

  • CVE-2019-16872CriNov 7, 2019
    risk 0.57cvss 9.9epss 0.01

    Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4).

  • CVE-2019-18805CriNov 7, 2019
    risk 0.00cvss 9.8epss 0.03

    An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of…

  • CVE-2019-12419CriNov 6, 2019
    risk 0.65cvss 9.8epss 0.14

    Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the…

  • CVE-2014-3180CriNov 6, 2019
    risk 0.59cvss 9.1epss 0.01

    In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable

  • CVE-2019-5644CriNov 6, 2019
    risk 0.65cvss 10.0epss 0.01

    Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may alter several facets of a user account, including promoting any user…

  • CVE-2019-5617CriNov 6, 2019
    risk 0.65cvss 10.0epss 0.01

    Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.4 and earlier suffers from an instance of CWE-284, "Improper Access Control." As a result, an unauthenticated user may change the password of any administrator-level user.

  • CVE-2019-2332CriNov 6, 2019
    risk 0.64cvss 9.8epss 0.01

    Memory corruption while accessing the memory as payload size is not validated before access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150,…

  • CVE-2019-2331CriNov 6, 2019
    risk 0.64cvss 9.8epss 0.01

    Possible Integer overflow because of subtracting two integers without checking if the result would overflow or not in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon…

  • CVE-2019-2325CriNov 6, 2019
    risk 0.64cvss 9.8epss 0.01

    Out of boundary access due to token received from ADSP and is used without validation as an index into the array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon…

  • CVE-2019-2324CriNov 6, 2019
    risk 0.64cvss 9.8epss 0.01

    When ADSP is compromised, the audio port index that`s returned from ADSP might be out of the valid range and leads to out of boundary access in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,…

  • CVE-2019-2323CriNov 6, 2019
    risk 0.64cvss 9.8epss 0.01

    Lack of check to ensure crypto engine data passed by user is initialized can result in bus error in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206,…

  • CVE-2019-2302CriNov 6, 2019
    risk 0.64cvss 9.8epss 0.01

    While processing vendor command which contains corrupted channel count, an integer overflow occurs and finally will lead to heap overflow. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,…

  • CVE-2019-2285CriNov 6, 2019
    risk 0.64cvss 9.8epss 0.01

    Out of bound write issue is observed while giving information about properties that have been set so far for playing video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &…

  • CVE-2019-2283CriNov 6, 2019
    risk 0.64cvss 9.8epss 0.01

    Improper validation of read and write index of tx and rx fifo`s before calculating pointer can lead to out-of-bound access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon…

  • CVE-2019-2258CriNov 6, 2019
    risk 0.64cvss 9.8epss 0.01

    Improper validation of array index causes OOB write and then leads to memory corruption in MMCP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in…

  • CVE-2019-2249CriNov 6, 2019
    risk 0.64cvss 9.8epss 0.01

    Kernel can do a memory read from arbitrary address passed by user during execution of a syscall in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9205,…

  • CVE-2019-10565CriNov 6, 2019
    risk 0.64cvss 9.8epss 0.01

    Double free issue can happen when sensor power settings is freed by some thread while another thread try to access. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,…

  • CVE-2019-10542CriNov 6, 2019
    risk 0.64cvss 9.8epss 0.01

    Buffer over-read may occur when downloading a corrupted firmware file that has chunk length in header which doesn`t match the contents in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,…

  • CVE-2019-10541CriNov 6, 2019
    risk 0.64cvss 9.8epss 0.01

    Dereference on uninitialized buffer can happen when parsing FLV clip with corrupted codec specific data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206,…

  • CVE-2019-10534CriNov 6, 2019
    risk 0.64cvss 9.8epss 0.01

    Null-pointer dereference can occur while accessing the super index entry when it is not been allocated in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206,…

  • CVE-2019-10533CriNov 6, 2019
    risk 0.64cvss 9.8epss 0.01

    Out of bound access due to improper validation of array index cause the index table entry to get corrupt in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206,…

  • CVE-2019-10531CriNov 6, 2019
    risk 0.64cvss 9.8epss 0.01

    Incorrect reading of system image resulting in buffer overflow when size of system image is increased in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SDM439

  • CVE-2019-10528CriNov 6, 2019
    risk 0.64cvss 9.8epss 0.01

    Use after free issue in kernel while accessing freed mdlog session info and its attributes after closing the session in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables…

  • CVE-2019-10522CriNov 6, 2019
    risk 0.64cvss 9.8epss 0.01

    While playing the clip which is nonstandard buffer overflow can occur while parsing in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607,…

  • CVE-2019-10505CriNov 6, 2019
    risk 0.64cvss 9.8epss 0.01

    Out of bound access while processing a non-standard IE measurement request with length crossing past the size of frame in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,…

  • CVE-2011-4628CriNov 6, 2019
    risk 0.64cvss 9.8epss 0.02

    TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request.

  • CVE-2010-2446CriNov 6, 2019
    risk 0.64cvss 9.8epss 0.03

    Rbot Reaction plugin allows command execution

  • CVE-2019-12918CriNov 6, 2019
    risk 0.64cvss 9.8epss 0.01

    Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. The affected file is software_library.php and affected parameters are order[0][column] and order[0][dir].

  • CVE-2016-4401CriNov 6, 2019
    risk 0.64cvss 9.8epss 0.01

    Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials.

  • CVE-2007-0899CriNov 6, 2019
    risk 0.64cvss 9.8epss 0.02

    There is a possible heap overflow in libclamav/fsg.c before 0.100.0.

  • CVE-2019-18784CriNov 6, 2019
    risk 0.57cvss 9.8epss 0.01

    SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection.

  • CVE-2006-4243CriNov 6, 2019
    risk 0.64cvss 9.8epss 0.02

    linux vserver 2.6 before 2.6.17 suffers from privilege escalation in remount code.