VYPR

CVEs

31,185 total · page 478 of 624

  • CVE-2019-8031CriAug 20, 2019
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead…

  • CVE-2019-8030CriAug 20, 2019
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead…

  • CVE-2019-8029CriAug 20, 2019
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead…

  • CVE-2019-8028CriAug 20, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead…

  • CVE-2019-8026CriAug 20, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead…

  • CVE-2019-8025CriAug 20, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead…

  • CVE-2019-8024CriAug 20, 2019
    risk 0.68cvss 9.8epss 0.15

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead…

  • CVE-2019-8023CriAug 20, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could…

  • CVE-2019-8022CriAug 20, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could…

  • CVE-2019-8017CriAug 20, 2019
    risk 0.68cvss 9.8epss 0.13

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an untrusted pointer dereference vulnerability. Successful…

  • CVE-2019-8016CriAug 20, 2019
    risk 0.68cvss 9.8epss 0.22

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could…

  • CVE-2019-8015CriAug 20, 2019
    risk 0.64cvss 9.8epss 0.06

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to…

  • CVE-2019-8009CriAug 20, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could…

  • CVE-2019-8006CriAug 20, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an untrusted pointer dereference vulnerability. Successful…

  • CVE-2019-8003CriAug 20, 2019
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead…

  • CVE-2019-7965CriAug 20, 2019
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could…

  • CVE-2019-2130CriAug 20, 2019
    risk 0.64cvss 9.8epss 0.02

    In CompilationJob::FinalizeJob of compiler.cc, there is a possible remote code execution due to type confusion. This could lead to escalation of privilege from a malicious proxy configuration with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2019-4483CriAug 20, 2019
    risk 0.64cvss 9.8epss 0.02

    IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the…

  • CVE-2019-4481CriAug 20, 2019
    risk 0.64cvss 9.8epss 0.02

    IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the…

  • CVE-2015-9330CriAug 20, 2019
    risk 0.64cvss 9.8epss 0.02

    The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection.

  • CVE-2019-15232CriAug 20, 2019
    risk 0.64cvss 9.8epss 0.02

    Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.

  • CVE-2019-15224CriAug 19, 2019
    risk 0.64cvss 9.8epss 0.04

    The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions <=1.6.9 and >=1.6.14 are unaffected.

  • CVE-2019-15151CriAug 18, 2019
    risk 0.57cvss 9.8epss 0.02

    AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h.

  • CVE-2019-15149CriAug 18, 2019
    risk 0.57cvss 9.8epss 0.02

    core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. The Ansible extension is unaffected. NOTE: the vendor disputes this issue because it is exploitable only in…

  • CVE-2019-15130CriAug 18, 2019
    risk 0.64cvss 9.8epss 0.02

    The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted recruitment_online/personalData/act_personaltab.cfm multiple-part POST request with a…

  • CVE-2018-20973CriAug 16, 2019
    risk 0.64cvss 9.8epss 0.02

    The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion.

  • CVE-2017-18543CriAug 16, 2019
    risk 0.64cvss 9.8epss 0.02

    The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations.

  • CVE-2015-9324CriAug 16, 2019
    risk 0.64cvss 9.8epss 0.02

    The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection.

  • CVE-2015-9323CriAug 16, 2019
    risk 0.70cvss 9.8epss 0.46

    The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.

  • CVE-2014-10376CriAug 16, 2019
    risk 0.64cvss 9.8epss 0.02

    The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection.

  • CVE-2019-7964CriAug 16, 2019
    risk 0.65cvss 9.8epss 0.10

    Adobe Experience Manager versions 6.5, and 6.4 have an authentication bypass vulnerability. Successful exploitation could lead to remote code execution.

  • CVE-2019-7959CriAug 16, 2019
    risk 0.64cvss 9.8epss 0.07

    Creative Cloud Desktop Application versions 4.6.1 and earlier have a using components with known vulnerabilities vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-7958CriAug 16, 2019
    risk 0.64cvss 9.8epss 0.04

    Creative Cloud Desktop Application versions 4.6.1 and earlier have an insecure inherited permissions vulnerability. Successful exploitation could lead to privilege escalation.

  • CVE-2019-5477CriAug 16, 2019
    risk 0.57cvss 9.8epss 0.06

    A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input…

  • CVE-2017-18548CriAug 16, 2019
    risk 0.64cvss 9.8epss 0.02

    The note-press plugin before 0.1.2 for WordPress has SQL injection.

  • CVE-2016-10904CriAug 16, 2019
    risk 0.64cvss 9.8epss 0.02

    The olimometer plugin before 2.57 for WordPress has SQL injection.

  • CVE-2015-9326CriAug 16, 2019
    risk 0.64cvss 9.8epss 0.02

    The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection.

  • CVE-2015-9325CriAug 16, 2019
    risk 0.64cvss 9.8epss 0.02

    The visitors-online plugin before 0.4 for WordPress has SQL injection.

  • CVE-2019-15091CriAug 16, 2019
    risk 0.64cvss 9.8epss 0.02

    filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload.

  • CVE-2019-15107CriKEVAug 16, 2019
    risk 0.93cvss 9.8epss 1.00

    An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.

  • CVE-2019-15106CriAug 16, 2019
    risk 0.69cvss 9.8epss 0.25

    An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. One can bypass the user password requirement and execute commands on the server. The "username+'@opm' string is used for the password. For example, if the username is admin, the password is admin@opm.

  • CVE-2019-9851CriAug 15, 2019
    risk 0.73cvss 9.8epss 0.78

    LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document…

  • CVE-2019-9850CriAug 15, 2019
    risk 0.64cvss 9.8epss 0.03

    LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can…

  • CVE-2018-14062CriAug 15, 2019
    risk 0.59cvss 9.1epss 0.02

    The COSPAS-SARSAT protocol allows remote attackers to forge messages, replay encrypted messages, conduct denial of service attacks, and send private messages (unrelated to distress alerts) via a crafted 406 MHz digital signal.

  • CVE-2019-9010CriAug 15, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are…

  • CVE-2018-14671CriAug 15, 2019
    risk 0.57cvss 9.8epss 0.03

    In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability.

  • CVE-2018-14670CriAug 15, 2019
    risk 0.57cvss 9.8epss 0.02

    Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database.

  • CVE-2019-11187CriAug 15, 2019
    risk 0.64cvss 9.8epss 0.02

    Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided.

  • CVE-2019-13578CriAug 15, 2019
    risk 0.00cvss 9.8epss 0.03

    A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php.

  • CVE-2019-9585CriAug 14, 2019
    risk 0.64cvss 9.8epss 0.03

    eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.***Metadata related operations, resulting in the ability to read, set and deletion of Metadata.