VYPR

CVEs

31,277 total · page 469 of 626

  • CVE-2019-13650CriOct 24, 2019
    risk 0.64cvss 9.8epss 0.03

    TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow internalPort OS Command Injection (issue 2 of 5).

  • CVE-2019-13649CriOct 24, 2019
    risk 0.64cvss 9.8epss 0.03

    TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow externalPort OS Command Injection (issue 1 of 5).

  • CVE-2019-12017CriOct 24, 2019
    risk 0.64cvss 9.8epss 0.03

    A remote code execution vulnerability exists in MapR CLDB code, specifically in the JSON framework that is used in the CLDB code that handles login and ticket issuance. An attacker can use the 'class' property of the JSON request sent to the CLDB to influence the JSON library's…

  • CVE-2019-18394CriOct 24, 2019
    risk 0.59cvss 9.8epss 0.32

    A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.

  • CVE-2019-18387CriOct 23, 2019
    risk 0.64cvss 9.8epss 0.01

    Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.

  • CVE-2019-8237CriOct 23, 2019
    risk 0.64cvss 9.8epss 0.03

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an insufficiently robust encryption vulnerability. Successful…

  • CVE-2019-8236CriOct 23, 2019
    risk 0.64cvss 9.8epss 0.03

    Creative Cloud Desktop Application version 4.6.1 and earlier versions have Security Bypass vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user.

  • CVE-2019-18370CriOct 23, 2019
    risk 0.67cvss 9.8epss 0.40

    An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the…

  • CVE-2019-18355CriOct 23, 2019
    risk 0.64cvss 9.8epss 0.02

    An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7.

  • CVE-2019-11933CriOct 23, 2019
    risk 0.64cvss 9.8epss 0.04

    A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, as used in WhatsApp for Android before version 2.19.291 could allow remote attackers to execute arbitrary code or cause a denial of service.

  • CVE-2019-18344CriOct 23, 2019
    risk 0.64cvss 9.8epss 0.01

    Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, or user page (id or classid parameter).

  • CVE-2015-9499CriOct 22, 2019
    risk 0.65cvss 9.8epss 0.15

    The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive.

  • CVE-2019-12148CriOct 22, 2019
    risk 0.64cvss 9.8epss 0.04

    The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argument injection vulnerability involving special characters in the username field. Upon successful exploitation, a remote unauthenticated user can login…

  • CVE-2019-12147CriOct 22, 2019
    risk 0.64cvss 9.8epss 0.03

    The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. Upon successful exploitation, a remote unauthenticated user can create a local system user with sudo privileges, and use that…

  • CVE-2019-18225CriOct 21, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass…

  • CVE-2019-18224CriOct 21, 2019
    risk 0.57cvss 9.8epss 0.04

    idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.

  • CVE-2019-17526CriOct 18, 2019
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an…

  • CVE-2019-17393CriOct 18, 2019
    risk 0.64cvss 9.8epss 0.02

    The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and…

  • CVE-2019-15900CriOct 18, 2019
    risk 0.00cvss 9.8epss 0.02

    An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum(3), sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if…

  • CVE-2019-8221CriOct 17, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution…

  • CVE-2019-8220CriOct 17, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions, 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2019-8215CriOct 17, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution…

  • CVE-2019-8214CriOct 17, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution…

  • CVE-2019-8213CriOct 17, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution…

  • CVE-2019-8212CriOct 17, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution…

  • CVE-2019-8211CriOct 17, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution…

  • CVE-2019-8206CriOct 17, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code…

  • CVE-2019-8205CriOct 17, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary…

  • CVE-2019-8200CriOct 17, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2019-8199CriOct 17, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code…

  • CVE-2019-8197CriOct 17, 2019
    risk 0.68cvss 9.8epss 0.17

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2019-8196CriOct 17, 2019
    risk 0.69cvss 9.8epss 0.23

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary…

  • CVE-2019-8195CriOct 17, 2019
    risk 0.69cvss 9.8epss 0.23

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary…

  • CVE-2019-8186CriOct 17, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code…

  • CVE-2019-8169CriOct 17, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2019-8167CriOct 17, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2019-8161CriOct 17, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2019-15066CriOct 17, 2019
    risk 0.65cvss 10.0epss 0.02

    An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

  • CVE-2019-15065CriOct 17, 2019
    risk 0.61cvss 9.3epss 0.01

    A service which is hosted on port 6998 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L).

  • CVE-2019-15064CriOct 17, 2019
    risk 0.64cvss 9.8epss 0.01

    HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any authentication.

  • CVE-2019-13412CriOct 17, 2019
    risk 0.61cvss 9.3epss 0.01

    A service which is hosted on port 3097 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L).

  • CVE-2019-13409CriOct 17, 2019
    risk 0.64cvss 9.8epss 0.01

    A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 (2019/08/19). An attacker can use a union based injection query string though a search meeting room feature to get databases schema and username/password.

  • CVE-2019-8071CriOct 17, 2019
    risk 0.64cvss 9.8epss 0.03

    Adobe Download Manager versions 2.0.0.363 have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation.

  • CVE-2019-13657CriOct 17, 2019
    risk 0.64cvss 9.8epss 0.03

    CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.

  • CVE-2019-10752CriOct 17, 2019
    risk 0.57cvss 9.8epss 0.01

    Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite.

  • CVE-2019-17631CriOct 17, 2019
    risk 0.59cvss 9.1epss 0.02

    From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks.

  • CVE-2019-13411CriOct 17, 2019
    risk 0.65cvss 10.0epss 0.01

    An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 3097. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

  • CVE-2019-17670CriOct 17, 2019
    risk 0.57cvss 9.8epss 0.05

    WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs.

  • CVE-2019-17669CriOct 17, 2019
    risk 0.57cvss 9.8epss 0.05

    WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.

  • CVE-2019-13116CriOct 16, 2019
    risk 0.64cvss 9.8epss 0.05

    The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections