VYPR

CVEs

31,174 total · page 486 of 624

  • CVE-2019-10979CriJul 1, 2019
    risk 0.64cvss 9.8epss 0.03

    SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password.

  • CVE-2019-7276CriJul 1, 2019
    risk 0.74cvss 9.8epss 0.93

    Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console.

  • CVE-2019-7668CriJul 1, 2019
    risk 0.64cvss 9.8epss 0.02

    Prima Systems FlexAir devices have Default Credentials.

  • CVE-2019-7667CriJul 1, 2019
    risk 0.64cvss 9.8epss 0.04

    Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name. A malicious actor can exploit this issue to download the database file and…

  • CVE-2019-13131CriJul 1, 2019
    risk 0.64cvss 9.8epss 0.04

    Super Micro SuperDoctor 5, when restrictions are not implemented in agent.cfg, allows remote attackers to execute arbitrary commands via NRPE.

  • CVE-2019-4336CriJul 1, 2019
    risk 0.64cvss 9.8epss 0.02

    IBM Robotic Process Automation with Automation Anywhere 11 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161411.

  • CVE-2019-13107CriJun 30, 2019
    risk 0.00cvss 9.8epss 0.02

    Multiple integer overflows exist in MATIO before 1.5.16, related to mat.c, mat4.c, mat5.c, mat73.c, and matvar_struct.c

  • CVE-2019-13086CriJun 30, 2019
    risk 0.66cvss 9.8epss 0.32

    core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_csz parameter.

  • CVE-2019-13082CriJun 30, 2019
    risk 0.64cvss 9.8epss 0.04

    Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_upload.php unauthenticated file upload feature. It extracts a ZIP archive before checking its content, and once it has been extracted, does not check files in a recursive way. This means that by putting a .php…

  • CVE-2019-13067CriJun 30, 2019
    risk 0.64cvss 9.8epss 0.02

    njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place.

  • CVE-2019-10993CriJun 28, 2019
    risk 0.65cvss 9.8epss 0.11

    In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code.

  • CVE-2019-10991CriJun 28, 2019
    risk 0.64cvss 9.8epss 0.09

    In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.

  • CVE-2019-10989CriJun 28, 2019
    risk 0.64cvss 9.8epss 0.09

    In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Note: A different vulnerability…

  • CVE-2019-10985CriJun 28, 2019
    risk 0.59cvss 9.1epss 0.03

    In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator.

  • CVE-2018-20813CriJun 28, 2019
    risk 0.64cvss 9.8epss 0.03

    An input validation issue has been found with login_meeting.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2.

  • CVE-2018-20810CriJun 28, 2019
    risk 0.64cvss 9.8epss 0.02

    Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices.

  • CVE-2018-14916CriJun 28, 2019
    risk 0.61cvss 9.1epss 0.17

    LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion.

  • CVE-2018-14885CriJun 28, 2019
    risk 0.64cvss 9.8epss 0.02

    Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without knowing the super-admin password. An arbitrary password succeeds.

  • CVE-2018-15519CriJun 28, 2019
    risk 0.64cvss 9.8epss 0.01

    Various Lexmark devices have a Buffer Overflow (issue 1 of 2).

  • CVE-2018-15520CriJun 28, 2019
    risk 0.64cvss 9.8epss 0.01

    Various Lexmark devices have a Buffer Overflow (issue 2 of 2).

  • CVE-2018-15555CriJun 28, 2019
    risk 0.64cvss 9.8epss 0.03

    On Telus Actiontec WEB6000Q v1.1.02.22 devices, an attacker can login with root level access with the user "root" and password "admin" by using the enabled onboard UART headers.

  • CVE-2018-15556CriJun 27, 2019
    risk 0.64cvss 9.8epss 0.03

    The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 allows login with root level access with the user "root" and an empty password by using the enabled onboard UART headers.

  • CVE-2019-12583CriJun 27, 2019
    risk 0.63cvss 9.1epss 0.44

    Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.

  • CVE-2019-1620CriJun 27, 2019
    risk 0.73cvss 9.8epss 0.84

    A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software.…

  • CVE-2019-1619CriJun 27, 2019
    risk 0.73cvss 9.8epss 0.83

    A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due…

  • CVE-2019-9039CriJun 26, 2019
    risk 0.57cvss 9.8epss 0.03

    In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey" on the "_all_docs" endpoint.…

  • CVE-2019-6168CriJun 26, 2019
    risk 0.64cvss 9.8epss 0.02

    A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.

  • CVE-2019-6167CriJun 26, 2019
    risk 0.64cvss 9.8epss 0.02

    A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.

  • CVE-2019-12966CriJun 26, 2019
    risk 0.64cvss 9.8epss 0.02

    FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as demonstrated by the {"a":(function(){confirm(1)})()} input.

  • CVE-2019-12960CriJun 25, 2019
    risk 0.64cvss 9.8epss 0.01

    LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d.

  • CVE-2019-12951CriJun 24, 2019
    risk 0.00cvss 9.8epss 0.02

    An issue was discovered in Mongoose before 6.15. The parse_mqtt() function in mg_mqtt.c has a critical heap-based buffer overflow.

  • CVE-2017-17945CriJun 24, 2019
    risk 0.59cvss 9.1epss 0.01

    The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation.

  • CVE-2019-12939CriJun 24, 2019
    risk 0.64cvss 9.8epss 0.01

    LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in server.php via the p_ext_rse parameter.

  • CVE-2019-12292CriJun 24, 2019
    risk 0.64cvss 9.8epss 0.01

    Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control.

  • CVE-2019-12929CriJun 24, 2019
    risk 0.64cvss 9.8epss 0.05

    The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a…

  • CVE-2019-12928CriJun 24, 2019
    risk 0.69cvss 9.8epss 0.23

    The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been…

  • CVE-2019-11011CriJun 21, 2019
    risk 0.64cvss 9.8epss 0.03

    Akamai CloudTest before 58.30 allows remote code execution.

  • CVE-2018-15868CriJun 21, 2019
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in ChronoScan version 1.5.4.3 and earlier allows an unauthenticated attacker to execute arbitrary SQL commands via the wcr_machineid cookie.

  • CVE-2018-15747CriJun 21, 2019
    risk 0.64cvss 9.8epss 0.04

    The default configuration of glot-www through 2018-05-19 allows remote attackers to execute arbitrary code because glot-code-runner supports os.system within a "python" "files" "content" JSON file.

  • CVE-2016-7404CriJun 21, 2019
    risk 0.57cvss 9.8epss 0.02

    OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to…

  • CVE-2019-12920CriJun 20, 2019
    risk 0.64cvss 9.8epss 0.02

    On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the network can login remotely to the camera and gain root access. The device ships with a hardcoded 12345678 password for the root account, accessible from a TELNET login prompt.

  • CVE-2019-8459CriJun 20, 2019
    risk 0.64cvss 9.8epss 0.01

    Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one.

  • CVE-2018-15890CriJun 20, 2019
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in EthereumJ 1.8.2. There is Unsafe Deserialization in ois.readObject in mine/Ethash.java and decoder.readObject in crypto/ECKey.java. When a node syncs and mines a new block, arbitrary OS commands can be run on the server.

  • CVE-2017-17944CriJun 20, 2019
    risk 0.59cvss 9.1epss 0.01

    The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation.

  • CVE-2019-1848CriJun 20, 2019
    risk 0.61cvss 9.3epss 0.01

    A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system…

  • CVE-2019-2729CriJun 19, 2019
    risk 0.74cvss 9.8epss 0.89

    Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access…

  • CVE-2019-12900CriJun 19, 2019
    risk 0.64cvss 9.8epss 0.08

    BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

  • CVE-2019-12899CriJun 19, 2019
    risk 0.64cvss 9.8epss 0.02

    Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at ntdll!RtlQueueWorkItem+0x00000000000005e3.

  • CVE-2019-12898CriJun 19, 2019
    risk 0.64cvss 9.8epss 0.02

    Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at image00400000+0x000000000017a45e.

  • CVE-2019-2007CriJun 19, 2019
    risk 0.64cvss 9.8epss 0.01

    In getReadIndex and getWriteIndex of FifoControllerBase.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction is not needed…