VYPR

CVEs

31,277 total · page 468 of 626

  • CVE-2018-21029CriOct 30, 2019
    risk 0.00cvss 9.8epss 0.03

    systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability…

  • CVE-2012-0694CriOct 29, 2019
    risk 0.72cvss 9.8epss 0.67

    SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.

  • CVE-2019-8287CriOct 29, 2019
    risk 0.65cvss 9.8epss 0.19

    TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.

  • CVE-2019-18624CriOct 29, 2019
    risk 0.64cvss 9.8epss 0.01

    Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of malicious%E2%80%AEtxt.apk as maliciouskpa.txt. This affects 44.1.2254.142553,…

  • CVE-2019-18604CriOct 29, 2019
    risk 0.57cvss 9.8epss 0.02

    In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled.

  • CVE-2019-15683CriOct 29, 2019
    risk 0.02cvss 9.8epss 0.19

    TurboVNC server code contains stack buffer overflow vulnerability in commit prior to cea98166008301e614e0d36776bf9435a536136e. This could possibly result into remote code execution, since stack frame is not protected with stack canary. This attack appear to be exploitable via…

  • CVE-2019-15679CriOct 29, 2019
    risk 0.65cvss 9.8epss 0.13

    TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.

  • CVE-2019-15678CriOct 29, 2019
    risk 0.65cvss 9.8epss 0.13

    TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity.

  • CVE-2019-10749CriOct 29, 2019
    risk 0.57cvss 9.8epss 0.01

    sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect.

  • CVE-2019-10748CriOct 29, 2019
    risk 0.57cvss 9.8epss 0.01

    Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects.

  • CVE-2019-10211CriOct 29, 2019
    risk 0.64cvss 9.8epss 0.02

    Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory.

  • CVE-2012-1187CriOct 29, 2019
    risk 0.64cvss 9.8epss 0.02

    Bitlbee does not drop extra group privileges correctly in unix.c

  • CVE-2010-3375CriOct 29, 2019
    risk 0.64cvss 9.8epss 0.02

    qtparted has insecure library loading which may allow arbitrary code execution

  • CVE-2009-3887CriOct 29, 2019
    risk 0.64cvss 9.8epss 0.03

    ytnef has directory traversal

  • CVE-2019-18189CriOct 28, 2019
    risk 0.64cvss 9.8epss 0.05

    A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not…

  • CVE-2019-17181CriOct 28, 2019
    risk 0.71cvss 9.8epss 0.49

    A remote SEH buffer overflow has been discovered in IntraSrv 1.0 (2007-06-03). An attacker may send a crafted HTTP GET or HEAD request that can result in a compromise of the hosting system.

  • CVE-2019-14450CriOct 28, 2019
    risk 0.65cvss 9.8epss 0.10

    A directory traversal vulnerability was discovered in RepetierServer.exe in Repetier-Server 0.8 through 0.91 that allows for the creation of a user controlled XML file at an unintended location. When this is combined with CVE-2019-14451, an attacker can upload an "external…

  • CVE-2019-16897CriOct 28, 2019
    risk 0.64cvss 9.8epss 0.02

    In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security 16.0.xxx through 16.0.0120; and K7 Ultimate Security 16.0.xxx through 16.0.0120, the module K7TSHlpr.dll improperly validates the administrative privileges of the user, allowing arbitrary registry writes in…

  • CVE-2010-4239CriOct 28, 2019
    risk 0.65cvss 9.8epss 0.13

    Tiki Wiki CMS Groupware 5.2 has Local File Inclusion

  • CVE-2009-4899CriOct 28, 2019
    risk 0.64cvss 9.8epss 0.01

    pixelpost 1.7.1 has SQL injection

  • CVE-2002-2444CriOct 28, 2019
    risk 0.57cvss 9.8epss 0.02

    Snoopy before 2.0.0 has a security hole in exec cURL

  • CVE-2019-14931CriOct 28, 2019
    risk 0.71cvss 9.8epss 0.58

    An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user…

  • CVE-2019-14930CriOct 28, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the…

  • CVE-2019-14929CriOct 28, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak…

  • CVE-2019-14926CriOct 28, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial…

  • CVE-2019-16662CriOct 28, 2019
    risk 0.75cvss 9.8epss 0.98

    An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.

  • CVE-2017-14742CriOct 25, 2019
    risk 0.64cvss 9.8epss 0.03

    Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to execute code remotely.

  • CVE-2019-5129CriOct 25, 2019
    risk 0.67cvss 9.8epss 0.39

    A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The…

  • CVE-2019-5128CriOct 25, 2019
    risk 0.66cvss 9.8epss 0.30

    A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The…

  • CVE-2019-5127CriOct 25, 2019
    risk 0.67cvss 9.8epss 0.45

    A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The…

  • CVE-2019-5114CriOct 25, 2019
    risk 0.64cvss 9.9epss 0.01

    An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability,…

  • CVE-2019-13553CriOct 25, 2019
    risk 0.64cvss 9.8epss 0.02

    Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary operations of the…

  • CVE-2019-16265CriOct 25, 2019
    risk 0.64cvss 9.8epss 0.02

    CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow.

  • CVE-2019-14451CriOct 25, 2019
    risk 0.64cvss 9.8epss 0.04

    RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configuration as a printer…

  • CVE-2013-4658CriOct 25, 2019
    risk 0.64cvss 9.8epss 0.09

    Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share.

  • CVE-2019-8088CriOct 25, 2019
    risk 0.64cvss 9.8epss 0.06

    Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2013-4857CriOct 25, 2019
    risk 0.64cvss 9.8epss 0.02

    D-Link DIR-865L has PHP File Inclusion in the router xml file.

  • CVE-2016-5202CriOct 25, 2019
    risk 0.59cvss 9.1epss 0.01

    browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase…

  • CVE-2016-2360CriOct 25, 2019
    risk 0.64cvss 9.8epss 0.02

    Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations.

  • CVE-2016-2359CriOct 25, 2019
    risk 0.64cvss 9.8epss 0.03

    Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource.

  • CVE-2016-2358CriOct 25, 2019
    risk 0.64cvss 9.8epss 0.02

    Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts.

  • CVE-2016-2357CriOct 25, 2019
    risk 0.64cvss 9.8epss 0.02

    Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory.

  • CVE-2016-2356CriOct 25, 2019
    risk 0.64cvss 9.8epss 0.03

    Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password.

  • CVE-2015-0270CriOct 25, 2019
    risk 0.57cvss 9.8epss 0.01

    Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter.

  • CVE-2019-18418CriOct 24, 2019
    risk 0.67cvss 9.8epss 0.04

    clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management.

  • CVE-2019-15929CriOct 24, 2019
    risk 0.64cvss 9.8epss 0.02

    In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.

  • CVE-2019-18200CriOct 24, 2019
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, they are prone to keystroke injection attacks.

  • CVE-2019-13653CriOct 24, 2019
    risk 0.64cvss 9.8epss 0.02

    TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow triggerPort OS Command Injection (issue 5 of 5).

  • CVE-2019-13652CriOct 24, 2019
    risk 0.64cvss 9.8epss 0.03

    TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow serviceName OS Command Injection (issue 4 of 5).

  • CVE-2019-13651CriOct 24, 2019
    risk 0.64cvss 9.8epss 0.03

    TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow portMappingProtocol OS Command Injection (issue 3 of 5).