VYPR

CVEs

31,277 total · page 467 of 626

  • CVE-2006-3100CriNov 6, 2019
    risk 0.64cvss 9.8epss 0.02

    termpkg 3.3 suffers from buffer overflow.

  • CVE-2006-0062CriNov 6, 2019
    risk 0.64cvss 9.8epss 0.01

    xlockmore 5.13 allows potential xlock bypass when FVWM switches to the same virtual desktop as a new Gaim window.

  • CVE-2006-0061CriNov 6, 2019
    risk 0.64cvss 9.8epss 0.02

    xlockmore 5.13 and 5.22 segfaults when using libpam-opensc and returns the underlying xsession. This allows unauthorized users access to the X session.

  • CVE-2019-8158CriNov 6, 2019
    risk 0.57cvss 9.8epss 0.01

    An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validation. The crafted…

  • CVE-2019-8149CriNov 6, 2019
    risk 0.57cvss 9.8epss 0.02

    Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can append arbitrary session id that will not be invalidated by subsequent authentication.

  • CVE-2019-8144CriNov 6, 2019
    risk 0.57cvss 9.8epss 0.02

    A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malicious payload through PageBuilder template methods.

  • CVE-2019-8136CriNov 6, 2019
    risk 0.57cvss 9.8epss 0.01

    An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codebase leveraged outdated versions of HTTP specification abstraction implemented in symphony component.

  • CVE-2019-8135CriNov 6, 2019
    risk 0.57cvss 9.8epss 0.02

    A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Dependency injection through Symphony framework allows service identifiers to be derived from user controlled data, which can lead to remote code execution.

  • CVE-2019-8121CriNov 5, 2019
    risk 0.57cvss 9.8epss 0.01

    An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known security vulnerabilities.

  • CVE-2011-1460CriNov 5, 2019
    risk 0.64cvss 9.8epss 0.01

    WebKit in Google Chrome before Blink M11 contains a bad cast to RenderBlock when anonymous blocks are renderblocks.

  • CVE-2011-1134CriNov 5, 2019
    risk 0.64cvss 9.8epss 0.03

    Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.

  • CVE-2019-18780CriNov 5, 2019
    risk 0.64cvss 9.8epss 0.06

    An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance…

  • CVE-2005-2354CriNov 5, 2019
    risk 0.64cvss 9.8epss 0.02

    Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues.

  • CVE-2019-17211CriNov 5, 2019
    risk 0.64cvss 9.8epss 0.03

    An integer overflow was discovered in the CoAP library in Arm Mbed OS 5.14.0. The function sn_coap_builder_calc_needed_packet_data_size_2() is used to calculate the required memory for the CoAP message from the sn_coap_hdr_s data structure. Both returned_byte_count and…

  • CVE-2019-17212CriNov 5, 2019
    risk 0.64cvss 9.8epss 0.03

    Buffer overflows were discovered in the CoAP library in Arm Mbed OS 5.14.0. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the…

  • CVE-2015-8980CriNov 4, 2019
    risk 0.64cvss 9.8epss 0.07

    The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.

  • CVE-2013-4409CriNov 4, 2019
    risk 0.64cvss 9.8epss 0.03

    An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.

  • CVE-2019-18663CriNov 4, 2019
    risk 0.64cvss 9.8epss 0.01

    A SQL injection vulnerability in a /login/forgot1 POST request in ARP-GUARD 4.0.0-5 allows unauthenticated remote attackers to execute arbitrary SQL commands via the user_id parameter.

  • CVE-2013-2260CriNov 4, 2019
    risk 0.64cvss 9.8epss 0.02

    Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness

  • CVE-2013-2259CriNov 4, 2019
    risk 0.64cvss 9.8epss 0.04

    Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conversation Overview

  • CVE-2013-4103CriNov 4, 2019
    risk 0.67cvss 9.8epss 0.07

    Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input

  • CVE-2013-4102CriNov 4, 2019
    risk 0.59cvss 9.1epss 0.02

    Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness

  • CVE-2019-18662CriNov 2, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized (in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php) before being used to construct a SQL query.…

  • CVE-2013-1666CriNov 1, 2019
    risk 0.64cvss 9.8epss 0.02

    Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro.

  • CVE-2011-3923CriNov 1, 2019
    risk 0.74cvss 9.8epss 0.89

    Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.

  • CVE-2013-2739CriNov 1, 2019
    risk 0.67cvss 9.8epss 0.05

    MiniDLNA has heap-based buffer overflow

  • CVE-2005-3056CriNov 1, 2019
    risk 0.64cvss 9.8epss 0.03

    TWiki allows arbitrary shell command execution via the Include function

  • CVE-2013-2738CriNov 1, 2019
    risk 0.64cvss 9.8epss 0.02

    minidlna has SQL Injection that may allow retrieval of arbitrary files

  • CVE-2019-18226CriOct 31, 2019
    risk 0.64cvss 9.8epss 0.01

    Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products.

  • CVE-2019-13551CriOct 31, 2019
    risk 0.64cvss 9.8epss 0.05

    Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an…

  • CVE-2019-13547CriOct 31, 2019
    risk 0.64cvss 9.8epss 0.03

    Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication.

  • CVE-2019-13508CriOct 31, 2019
    risk 0.64cvss 9.8epss 0.02

    FreeTDS through 1.1.11 has a Buffer Overflow.

  • CVE-2018-4031CriOct 31, 2019
    risk 0.65cvss 10.0epss 0.03

    An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua…

  • CVE-2012-6125CriOct 31, 2019
    risk 0.64cvss 9.8epss 0.02

    Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions.

  • CVE-2010-2783CriOct 31, 2019
    risk 0.59cvss 9.1epss 0.02

    IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services.

  • CVE-2010-2548CriOct 31, 2019
    risk 0.59cvss 9.1epss 0.02

    IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files.

  • CVE-2019-5151CriOct 31, 2019
    risk 0.65cvss 10.0epss 0.02

    An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to…

  • CVE-2019-5049CriOct 31, 2019
    risk 0.65cvss 10.0epss 0.02

    An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A specially crafted pixel shader can cause an out-of-bounds memory write. An attacker can provide a specially crafted shader file to trigger this…

  • CVE-2013-1910CriOct 31, 2019
    risk 0.64cvss 9.8epss 0.03

    yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository.

  • CVE-2019-18465CriOct 31, 2019
    risk 0.64cvss 9.8epss 0.01

    In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL…

  • CVE-2019-18464CriOct 31, 2019
    risk 0.64cvss 9.8epss 0.02

    In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the…

  • CVE-2009-5043CriOct 31, 2019
    risk 0.64cvss 9.8epss 0.01

    burn allows file names to escape via mishandled quotation marks

  • CVE-2009-5042CriOct 31, 2019
    risk 0.59cvss 9.1epss 0.01

    python-docutils allows insecure usage of temporary files

  • CVE-2009-5041CriOct 31, 2019
    risk 0.64cvss 9.8epss 0.01

    overkill has buffer overflow via long player names that can corrupt data on the server machine

  • CVE-2019-18364CriOct 31, 2019
    risk 0.64cvss 9.8epss 0.03

    In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.

  • CVE-2019-18425CriOct 31, 2019
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table…

  • CVE-2010-0748CriOct 30, 2019
    risk 0.64cvss 9.8epss 0.02

    Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link.

  • CVE-2019-18633CriOct 30, 2019
    risk 0.64cvss 9.8epss 0.01

    European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate Validation because a certain ExplicitKeyTrustEvaluator return value is not checked. NOTE: only 2.1 is confirmed to be affected.

  • CVE-2019-18632CriOct 30, 2019
    risk 0.57cvss 9.8epss 0.01

    European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because an attacker can sign a manipulated SAML response with a forged certificate.

  • CVE-2019-10762CriOct 30, 2019
    risk 0.57cvss 9.8epss 0.01

    columnQuote in medoo before 1.7.5 allows remote attackers to perform a SQL Injection due to improper escaping.