VYPR

CVEs

31,179 total · page 480 of 624

  • CVE-2019-14771CriAug 8, 2019
    risk 0.64cvss 9.8epss 0.03

    Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, potentially allowing non-configuration scripts to be…

  • CVE-2019-1895CriAug 7, 2019
    risk 0.64cvss 9.8epss 0.02

    A vulnerability in the Virtual Network Computing (VNC) console implementation of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to access the VNC console session of an administrative user on an affected device. The…

  • CVE-2019-5476CriAug 7, 2019
    risk 0.64cvss 9.8epss 0.02

    An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running on https://lookup.nextcloud.com) caused unauthenticated users to be able to execute arbitrary SQL commands.

  • CVE-2019-14537CriAug 7, 2019
    risk 0.00cvss 9.8epss 0.06

    YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass.

  • CVE-2019-14746CriAug 7, 2019
    risk 0.64cvss 9.8epss 0.01

    A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.

  • CVE-2018-20961CriAug 7, 2019
    risk 0.01cvss 9.8epss 0.06

    In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact.

  • CVE-2019-1913CriAug 7, 2019
    risk 0.69cvss 9.8epss 0.26

    Multiple vulnerabilities in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to overflow a buffer, which then allows the execution of arbitrary code with root privileges on the underlying operating…

  • CVE-2019-1912CriAug 7, 2019
    risk 0.64cvss 9.1epss 0.17

    A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to upload arbitrary files. The vulnerability is due to incomplete authorization checks in the web management interface. An attacker…

  • CVE-2019-14709CriAug 6, 2019
    risk 0.64cvss 9.8epss 0.02

    A cleartext password storage issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The file in question is /usr/local/ipsca/mipsca.db. If a camera is compromised, the attacker can gain access to passwords and abuse them to compromise further…

  • CVE-2019-14708CriAug 6, 2019
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. A buffer overflow in the action parameter leads to remote code execution in the context of the nobody account.

  • CVE-2019-14704CriAug 6, 2019
    risk 0.64cvss 9.8epss 0.02

    An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 via FTP commands following a newline character in the uploadfile field.

  • CVE-2019-14702CriAug 6, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. SQL injection vulnerabilities exist in 13 forms that are reachable through HTTPD. An attacker can, for example, create an admin account.

  • CVE-2019-14699CriAug 6, 2019
    risk 0.64cvss 9.8epss 0.06

    An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web…

  • CVE-2019-14698CriAug 6, 2019
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. In a CGI program running under the HTTPD web server, a buffer overflow in the param parameter leads to remote code execution in the context of the nobody account.

  • CVE-2019-5685CriAug 6, 2019
    risk 0.64cvss 9.8epss 0.05

    NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local temporary array, which may lead to denial of service or code execution.

  • CVE-2019-5684CriAug 6, 2019
    risk 0.65cvss 10.0epss 0.05

    NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture array, which may lead to denial of service or code execution.

  • CVE-2019-13143CriAug 6, 2019
    risk 0.64cvss 9.8epss 0.03

    An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to…

  • CVE-2019-14697CriAug 6, 2019
    risk 0.64cvss 9.8epss 0.03

    musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.

  • CVE-2019-14695CriAug 6, 2019
    risk 0.64cvss 9.8epss 0.03

    A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via com/libs/Table.php because Subscribers…

  • CVE-2019-5502CriAug 5, 2019
    risk 0.59cvss 9.1epss 0.01

    SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exploited could lead to information disclosure or addition or modification of data.

  • CVE-2019-14348CriAug 5, 2019
    risk 0.68cvss 9.8epss 0.21

    The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsport_season/new-yorkers/?action=playerlist sid parameter.

  • CVE-2019-14551CriAug 3, 2019
    risk 0.64cvss 9.8epss 0.01

    Das Q before 2019-08-02 allows web sites to execute arbitrary code on client machines, as demonstrated by a cross-origin /install request with an attacker-controlled releaseUrl, which triggers download and execution of code within a ZIP archive.

  • CVE-2019-14544CriAug 2, 2019
    risk 0.57cvss 9.8epss 0.02

    routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks.

  • CVE-2019-7163CriAug 2, 2019
    risk 0.64cvss 9.8epss 0.02

    The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 devices is vulnerable to an authentication bypass that allows an unauthenticated user to have access to the web interface without knowing the administrator's password.

  • CVE-2019-9141CriAug 2, 2019
    risk 0.64cvss 9.8epss 0.02

    ZInsVX.dll ActiveX Control 2018.02 and earlier in Zoneplayer contains a vulnerability that could allow remote attackers to execute arbitrary files by setting the arguments to the ActiveX method. This can be leveraged for remote code execution.

  • CVE-2019-14532CriAug 2, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table.

  • CVE-2019-14531CriAug 2, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out of bounds read on iso9660 while parsing System Use Sharing Protocol data in fs/iso9660.c.

  • CVE-2019-14529CriAug 2, 2019
    risk 0.02cvss 9.8epss 0.28

    OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php.

  • CVE-2019-10938CriAug 2, 2019
    risk 0.64cvss 9.8epss 0.01

    A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Meters Series 9410 (All versions < V2.2.1), Siemens Power Meters Series 9810 (All…

  • CVE-2016-10817CriAug 1, 2019
    risk 0.64cvss 9.8epss 0.02

    cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123).

  • CVE-2019-14495CriAug 1, 2019
    risk 0.00cvss 9.8epss 0.02

    webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the admin interface.

  • CVE-2016-10824CriAug 1, 2019
    risk 0.64cvss 9.8epss 0.03

    cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90).

  • CVE-2019-13572CriAug 1, 2019
    risk 0.64cvss 9.8epss 0.02

    The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection.

  • CVE-2016-10858CriAug 1, 2019
    risk 0.64cvss 9.8epss 0.03

    cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64).

  • CVE-2016-10855CriAug 1, 2019
    risk 0.64cvss 9.8epss 0.03

    cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91).

  • CVE-2018-20887CriAug 1, 2019
    risk 0.64cvss 9.8epss 0.01

    cPanel before 74.0.0 allows SQL injection during database backups (SEC-420).

  • CVE-2019-14463CriJul 31, 2019
    risk 0.00cvss 9.1epss 0.02

    An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_REGISTERS case, aka VD-1301.

  • CVE-2019-14462CriJul 31, 2019
    risk 0.00cvss 9.1epss 0.02

    An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_COILS case, aka VD-1302.

  • CVE-2019-12797CriJul 31, 2019
    risk 0.64cvss 9.8epss 0.01

    A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary commands to an OBD-II bus of a vehicle.

  • CVE-2019-14204CriJul 31, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.

  • CVE-2019-14203CriJul 31, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.

  • CVE-2019-14202CriJul 31, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply.

  • CVE-2019-14201CriJul 31, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.

  • CVE-2019-14200CriJul 31, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.

  • CVE-2019-14199CriJul 31, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call.

  • CVE-2019-14198CriJul 31, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case.

  • CVE-2019-14197CriJul 31, 2019
    risk 0.59cvss 9.1epss 0.02

    An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply.

  • CVE-2019-14196CriJul 31, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.

  • CVE-2019-14195CriJul 31, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the "else" block after calculating the new path length.

  • CVE-2019-14194CriJul 31, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.