VYPR

CVEs

31,174 total · page 483 of 624

  • CVE-2019-13575CriJul 18, 2019
    risk 0.00cvss 9.8epss 0.03

    A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.php

  • CVE-2019-13640CriJul 17, 2019
    risk 0.57cvss 9.8epss 0.08

    In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name…

  • CVE-2019-1917CriJul 17, 2019
    risk 0.60cvss 9.1epss 0.05

    A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this…

  • CVE-2019-11772CriJul 17, 2019
    risk 0.64cvss 9.8epss 0.02

    In Eclipse OpenJ9 prior to 0.15, the String.getBytes(int, int, byte[], int) method does not verify that the provided byte array is non-null nor that the provided index is in bounds when compiled by the JIT. This allows arbitrary writes to any 32-bit address or beyond the end of…

  • CVE-2019-1010275CriJul 17, 2019
    risk 0.57cvss 9.8epss 0.01

    helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed client certs were aloowed. The component is: helm (many files updated, see https://github.com/helm/helm/pull/3152/files/…

  • CVE-2019-1010263CriJul 17, 2019
    risk 0.00cvss 9.8epss 0.01

    Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. The impact is: allow attackers to bypass authentication by providing a token by crafting with hmac(). The component is: JWT.pm, line 614. The attack vector is: network connectivity. The fixed version is:…

  • CVE-2019-13577CriJul 17, 2019
    risk 0.69cvss 9.8epss 0.24

    SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthenticated Remote Buffer Overflow via a long string to the CE Remote feature listening on Port 987.

  • CVE-2019-13447CriJul 17, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could access the backend database via SQL injection.

  • CVE-2019-11535CriJul 17, 2019
    risk 0.64cvss 9.8epss 0.05

    Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. An attacker can access system OS configurations and commands that are not intended for use beyond the web UI.

  • CVE-2019-13585CriJul 17, 2019
    risk 0.65cvss 9.8epss 0.15

    The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 has a Buffer Overflow via a forged HTTP request.

  • CVE-2019-13614CriJul 17, 2019
    risk 0.64cvss 9.8epss 0.03

    CMD_SET_CONFIG_COUNTRY in the TP-Link Device Debug protocol in TP-Link Archer C1200 1.0.0 Build 20180502 rel.45702 and earlier is prone to a stack-based buffer overflow, which allows a remote attacker to achieve code execution or denial of service by sending a crafted payload to…

  • CVE-2019-13613CriJul 17, 2019
    risk 0.64cvss 9.8epss 0.03

    CMD_FTEST_CONFIG in the TP-Link Device Debug protocol in TP-Link Wireless Router Archer Router version 1.0.0 Build 20180502 rel.45702 (EU) and earlier is prone to a stack-based buffer overflow, which allows a remote attacker to achieve code execution or denial of service by…

  • CVE-2019-13573CriJul 17, 2019
    risk 0.64cvss 9.8epss 0.04

    A SQL injection vulnerability exists in the FolioVision FV Flowplayer Video Player plugin before 7.3.19.727 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.

  • CVE-2019-9848CriJul 17, 2019
    risk 0.66cvss 9.8epss 0.31

    LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into…

  • CVE-2019-13625CriJul 17, 2019
    risk 0.59cvss 9.1epss 0.02

    NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrated by a project.prp file.

  • CVE-2019-13624CriJul 17, 2019
    risk 0.64cvss 9.8epss 0.02

    In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command.

  • CVE-2019-12990CriJul 16, 2019
    risk 0.67cvss 9.8epss 0.39

    Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal.

  • CVE-2019-12989CriKEVJul 16, 2019
    risk 0.86cvss 9.8epss 0.94

    Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.

  • CVE-2019-12988CriJul 16, 2019
    risk 0.67cvss 9.8epss 0.40

    Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6).

  • CVE-2019-12987CriJul 16, 2019
    risk 0.67cvss 9.8epss 0.43

    Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6).

  • CVE-2019-12986CriJul 16, 2019
    risk 0.67cvss 9.8epss 0.40

    Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6).

  • CVE-2019-12985CriJul 16, 2019
    risk 0.67cvss 9.8epss 0.40

    Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6).

  • CVE-2019-13360CriJul 16, 2019
    risk 0.69cvss 9.8epss 0.24

    In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username.

  • CVE-2019-1010292CriJul 16, 2019
    risk 0.64cvss 9.8epss 0.02

    Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0.

  • CVE-2019-1010043CriJul 16, 2019
    risk 0.64cvss 9.8epss 0.02

    Quake3e < 5ed740d is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Argument string creation.

  • CVE-2019-1010062CriJul 16, 2019
    risk 0.00cvss 9.8epss 0.02

    PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The component is: data/inc/images.php line36. The attack vector is: modify the MIME TYPE on HTTP request to upload a php file. The fixed version is:…

  • CVE-2019-1010060CriJul 16, 2019
    risk 0.01cvss 9.8epss 0.07

    NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact is: arbitrary code execution. The component is: over 40 source code files were changed. The attack vector is: remote unauthenticated attacker. The fixed version is: 3.43. NOTE: this CVE refers to the issues…

  • CVE-2019-6824CriJul 15, 2019
    risk 0.64cvss 9.8epss 0.04

    A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.

  • CVE-2019-6823CriJul 15, 2019
    risk 0.64cvss 9.8epss 0.05

    A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.

  • CVE-2019-1109CriJul 15, 2019
    risk 0.59cvss 9.1epss 0.04

    A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents.An attacker who successfully exploited this vulnerability could read or write information in Office documents.The security update…

  • CVE-2019-1072CriJul 15, 2019
    risk 0.65cvss 9.8epss 0.12

    A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'.

  • CVE-2019-0785CriJul 15, 2019
    risk 0.68cvss 9.8epss 0.50

    A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.

  • CVE-2019-1010308CriJul 15, 2019
    risk 0.00cvss 9.8epss 0.02

    Aquaverde GmbH Aquarius CMS prior to version 4.1.1 is affected by: Incorrect Access Control. The impact is: The access to the log file is not restricted. It contains sensitive information like passwords etc. The component is: log file. The attack vector is: open the file.

  • CVE-2019-1010298CriJul 15, 2019
    risk 0.64cvss 9.8epss 0.04

    Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.

  • CVE-2019-1010297CriJul 15, 2019
    risk 0.64cvss 9.8epss 0.03

    Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later.

  • CVE-2019-1010296CriJul 15, 2019
    risk 0.64cvss 9.8epss 0.03

    Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.

  • CVE-2019-1010295CriJul 15, 2019
    risk 0.64cvss 9.8epss 0.02

    Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content. The component is: optee_os. The fixed version is: 3.4.0 and later.

  • CVE-2019-1010293CriJul 15, 2019
    risk 0.64cvss 9.8epss 0.02

    Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later.

  • CVE-2019-1010044CriJul 15, 2019
    risk 0.64cvss 9.8epss 0.02

    borg-reducer c6d5240 is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Output parameter within the executable.

  • CVE-2019-1010306CriJul 15, 2019
    risk 0.00cvss 9.8epss 0.04

    Slanger 0.6.0 is affected by: Remote Code Execution (RCE). The impact is: A remote attacker can execute arbitrary commands by sending a crafted request to the server. The component is: Message handler & request validator. The attack vector is: Remote unauthenticated. The fixed…

  • CVE-2019-1010039CriJul 15, 2019
    risk 0.64cvss 9.8epss 0.02

    uLaunchELF < commit 170827a is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Loader program (loader.c) overly trusts the arguments provided via command line.

  • CVE-2019-1010038CriJul 15, 2019
    risk 0.64cvss 9.8epss 0.03

    OpenModelica OMCompiler is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: OPENMODELICAHOME parameter changeable via environment variable. The attack vector is: Changing an environment variable.

  • CVE-2019-1010022CriJul 15, 2019
    risk 0.64cvss 9.8epss 0.03

    GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream…

  • CVE-2019-1010009CriJul 15, 2019
    risk 0.64cvss 9.8epss 0.03

    DGLogik Inc DGLux Server All Versions is affected by: Insecure Permissions. The impact is: Remote Execution, Credential Leaks. The component is: IoT API. The attack vector is: Any Accessible Server.

  • CVE-2019-13598CriJul 14, 2019
    risk 0.64cvss 9.8epss 0.04

    LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port_3480/data_request because the "No unsafe lua allowed" code block is skipped.

  • CVE-2019-13597CriJul 14, 2019
    risk 0.68cvss 9.8epss 0.14

    _s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run ".sah" scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the _execute() function.

  • CVE-2019-13589CriJul 14, 2019
    risk 0.64cvss 9.8epss 0.04

    The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.1.5.

  • CVE-2019-13027CriJul 12, 2019
    risk 0.64cvss 9.8epss 0.03

    Realization Concerto Critical Chain Planner (aka CCPM) 5.10.8071 has SQL Injection in at least in the taskupdt/taskdetails.aspx webpage via the projectname parameter.

  • CVE-2019-12751CriJul 11, 2019
    risk 0.64cvss 9.8epss 0.02

    Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an…

  • CVE-2019-10970CriJul 11, 2019
    risk 0.64cvss 9.8epss 0.05

    In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote, unauthenticated threat actor with access to an affected PanelView 5510 Graphic Display, upon successful exploit, may…