VYPR

CVEs

31,179 total · page 479 of 624

  • CVE-2019-1182CriAug 14, 2019
    risk 0.65cvss 9.8epss 0.13

    A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and…

  • CVE-2019-1181CriAug 14, 2019
    risk 0.70cvss 9.8epss 0.75

    A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and…

  • CVE-2019-15058CriAug 14, 2019
    risk 0.59cvss 9.1epss 0.03

    stb_image.h (aka the stb image loader) 2.23 has a heap-based buffer over-read in stbi__tga_load, leading to Information Disclosure or Denial of Service.

  • CVE-2019-14527CriAug 14, 2019
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. System commands can be executed, via the web interface, after authentication.

  • CVE-2019-12103CriAug 14, 2019
    risk 0.64cvss 9.8epss 0.03

    The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by a pre-authentication command injection vulnerability.

  • CVE-2019-0736CriAug 14, 2019
    risk 0.64cvss 9.8epss 0.04

    A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine. To exploit the vulnerability, an…

  • CVE-2019-15052CriAug 14, 2019
    risk 0.00cvss 9.8epss 0.03

    The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007.

  • CVE-2019-12262CriAug 14, 2019
    risk 0.64cvss 9.8epss 0.04

    Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw).

  • CVE-2019-11652CriAug 14, 2019
    risk 0.64cvss 9.8epss 0.02

    A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate.

  • CVE-2016-10888CriAug 14, 2019
    risk 0.64cvss 9.8epss 0.02

    The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues.

  • CVE-2016-10887CriAug 14, 2019
    risk 0.64cvss 9.8epss 0.02

    The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues.

  • CVE-2016-10886CriAug 14, 2019
    risk 0.64cvss 9.8epss 0.02

    The wp-editor plugin before 1.2.6 for WordPress has incorrect permissions.

  • CVE-2015-9310CriAug 14, 2019
    risk 0.64cvss 9.8epss 0.02

    The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues.

  • CVE-2019-15025CriAug 14, 2019
    risk 0.64cvss 9.8epss 0.02

    The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page.

  • CVE-2017-18514CriAug 14, 2019
    risk 0.64cvss 9.8epss 0.02

    The simple-login-log plugin before 1.1.2 for WordPress has SQL injection.

  • CVE-2016-10889CriAug 14, 2019
    risk 0.64cvss 9.8epss 0.02

    The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name.

  • CVE-2015-9316CriAug 14, 2019
    risk 0.64cvss 9.8epss 0.03

    The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter.

  • CVE-2015-9315CriAug 14, 2019
    risk 0.64cvss 9.8epss 0.02

    The newstatpress plugin before 1.0.1 for WordPress has SQL injection.

  • CVE-2015-9313CriAug 14, 2019
    risk 0.64cvss 9.8epss 0.02

    The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element.

  • CVE-2019-0345CriAug 14, 2019
    risk 0.64cvss 9.8epss 0.02

    A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overview), versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into leaking authentication…

  • CVE-2019-0344CriKEVAug 14, 2019
    risk 0.76cvss 9.8epss 0.07

    Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.

  • CVE-2017-18515CriAug 14, 2019
    risk 0.57cvss 9.8epss 0.03

    The wp-statistics plugin before 12.0.8 for WordPress has SQL injection.

  • CVE-2019-15027CriAug 14, 2019
    risk 0.64cvss 9.8epss 0.03

    The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filename under /data, because clear_emmc_nomedia_entry in…

  • CVE-2019-14809CriAug 13, 2019
    risk 0.64cvss 9.8epss 0.08

    net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port…

  • CVE-2019-12479CriAug 13, 2019
    risk 0.59cvss 9.1epss 0.02

    An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vulnerability in the TwentyTwenty.Storage library in the LocalStorageProvider allows creating and reading files outside of the specified basepath. If the application using this library does not sanitize…

  • CVE-2019-14985CriAug 13, 2019
    risk 0.65cvss 9.8epss 0.11

    eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because this interface can access the CMD_EXEC virtual device type 28.

  • CVE-2015-9301CriAug 13, 2019
    risk 0.64cvss 9.8epss 0.02

    The liveforms plugin before 3.2.0 for WordPress has SQL injection.

  • CVE-2015-9298CriAug 13, 2019
    risk 0.64cvss 9.8epss 0.02

    The events-manager plugin before 5.6 for WordPress has code injection.

  • CVE-2019-14968CriAug 12, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action.

  • CVE-2019-14965CriAug 12, 2019
    risk 0.00cvss 9.8epss 0.03

    An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. A server side template injection (SSTI) issue exists.

  • CVE-2019-13462CriAug 12, 2019
    risk 0.60cvss 9.1epss 0.11

    Lansweeper before 7.1.117.4 allows unauthenticated SQL injection.

  • CVE-2019-12618CriAug 12, 2019
    risk 0.64cvss 9.8epss 0.02

    HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver.

  • CVE-2019-12261CriAug 9, 2019
    risk 0.64cvss 9.8epss 0.09

    Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host.

  • CVE-2019-12260CriAug 9, 2019
    risk 0.66cvss 9.8epss 0.23

    Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option.

  • CVE-2019-12255CriAug 9, 2019
    risk 0.73cvss 9.8epss 0.75

    Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow.

  • CVE-2019-11581CriKEVAug 9, 2019
    risk 0.82cvss 9.8epss 0.85

    There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions…

  • CVE-2019-5402CriAug 9, 2019
    risk 0.61cvss 9.4epss 0.04

    A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.

  • CVE-2019-5399CriAug 9, 2019
    risk 0.61cvss 9.4epss 0.02

    A remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.

  • CVE-2019-5397CriAug 9, 2019
    risk 0.61cvss 9.4epss 0.04

    A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.

  • CVE-2019-12256CriAug 9, 2019
    risk 0.66cvss 9.8epss 0.27

    Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options.

  • CVE-2019-5396CriAug 9, 2019
    risk 0.62cvss 9.4epss 0.05

    A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.

  • CVE-2019-14801CriAug 9, 2019
    risk 0.64cvss 9.8epss 0.02

    The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection.

  • CVE-2019-14234CriAug 9, 2019
    risk 0.61cvss 9.8epss 0.48

    An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField,…

  • CVE-2018-20955CriAug 8, 2019
    risk 0.64cvss 9.8epss 0.02

    Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root. NOTE: all affected customers were migrated by 2020-08-31.

  • CVE-2019-12994CriAug 8, 2019
    risk 0.60cvss 9.1epss 0.04

    Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL.

  • CVE-2019-11208CriAug 8, 2019
    risk 0.64cvss 9.9epss 0.01

    The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of…

  • CVE-2019-14754CriAug 8, 2019
    risk 0.64cvss 9.8epss 0.02

    Open-School 3.0, and Community Edition 2.3, allows SQL Injection via the index.php?r=students/students/document id parameter.

  • CVE-2019-14255CriAug 8, 2019
    risk 0.64cvss 9.8epss 0.02

    A Server Side Request Forgery (SSRF) vulnerability in go-camo up to version 1.1.4 allows a remote attacker to perform HTTP requests to internal endpoints.

  • CVE-2019-13101CriAug 8, 2019
    risk 0.72cvss 9.8epss 0.67

    An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.

  • CVE-2019-1971CriAug 8, 2019
    risk 0.64cvss 9.8epss 0.04

    A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to perform a command injection attack and execute arbitrary commands with root privileges. The vulnerability is due to insufficient input…