VYPR

CVEs

31,174 total · page 487 of 624

  • CVE-2019-2006CriJun 19, 2019
    risk 0.64cvss 9.8epss 0.01

    In serviceDied of HalDeathHandlerHidl.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2019-12890CriJun 19, 2019
    risk 0.64cvss 9.8epss 0.06

    RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insert_one call.

  • CVE-2018-17388CriJun 19, 2019
    risk 0.64cvss 9.8epss 0.02

    SQL Injection exists in Twilio WEB To Fax Machine System 1.0 via the email or password parameter to login_check.php, or the id parameter to add_email.php or edit_content.php.

  • CVE-2018-17386CriJun 19, 2019
    risk 0.64cvss 9.8epss 0.02

    SQL Injection exists in the Micro Deal Factory 2.4.0 component for Joomla! via the id parameter, or the PATH_INFO to mydeals/ or listdeals/.

  • CVE-2018-17381CriJun 19, 2019
    risk 0.64cvss 9.8epss 0.02

    SQL Injection exists in the Dutch Auction Factory 2.0.2 component for Joomla! via the filter_order_Dir or filter_order parameter.

  • CVE-2018-17374CriJun 19, 2019
    risk 0.64cvss 9.8epss 0.02

    SQL Injection exists in the Auction Factory 4.5.5 component for Joomla! via the filter_order_Dir or filter_order parameter.

  • CVE-2018-17148CriJun 19, 2019
    risk 0.64cvss 9.8epss 0.04

    An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials.

  • CVE-2018-16618CriJun 19, 2019
    risk 0.64cvss 9.8epss 0.08

    VTech Storio Max before 56.D3JM6 allows remote command execution via shell metacharacters in an Android activity name. It exposes the storeintenttranslate.x service on port 1668 listening for requests on localhost. Requests submitted to this service are checked for a string of…

  • CVE-2018-16613CriJun 19, 2019
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. A registered forum is able to escalate privilege to the forum administrator without any form of user interaction.

  • CVE-2019-11232CriJun 19, 2019
    risk 0.64cvss 9.8epss 0.02

    EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user information (Password) without being authenticated, by sending an EMP_NO element to the kws_login/asp/query_user.asp URI, and then reading the PWD element.

  • CVE-2018-17842CriJun 19, 2019
    risk 0.64cvss 9.8epss 0.02

    SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels h_room_type parameter.

  • CVE-2018-17841CriJun 19, 2019
    risk 0.64cvss 9.8epss 0.02

    SQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the site-search sortBy or sortDir parameter.

  • CVE-2018-17840CriJun 19, 2019
    risk 0.64cvss 9.8epss 0.02

    SQL injection exists in Scriptzee Education Website 1.0 via the college_list.html subject, city, or country parameter.

  • CVE-2018-17399CriJun 19, 2019
    risk 0.64cvss 9.8epss 0.02

    SQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via the id parameter.

  • CVE-2018-17398CriJun 19, 2019
    risk 0.64cvss 9.8epss 0.02

    SQL Injection exists in the AMGallery 1.2.3 component for Joomla! via the filter_category_id parameter.

  • CVE-2018-17393CriJun 19, 2019
    risk 0.64cvss 9.8epss 0.02

    SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/Patient/patientdetails.php.

  • CVE-2018-15506CriJun 19, 2019
    risk 0.64cvss 9.8epss 0.05

    In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same…

  • CVE-2018-18758CriJun 19, 2019
    risk 0.64cvss 9.8epss 0.02

    Open Faculty Evaluation System 7 for PHP 7 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18757.

  • CVE-2018-18757CriJun 19, 2019
    risk 0.64cvss 9.8epss 0.02

    Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18758.

  • CVE-2018-18472CriJun 19, 2019
    risk 0.66cvss 9.8epss 0.30

    Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device,…

  • CVE-2018-18471CriJun 19, 2019
    risk 0.64cvss 9.8epss 0.08

    /api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and MEDION LifeCloud, has an XXE vulnerability that can be chained with an SSRF bug to gain remote command execution as root. It can be triggered by anyone who knows the IP address of…

  • CVE-2018-18406CriJun 19, 2019
    risk 0.65cvss 9.9epss 0.02

    An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179(Final). The Audit Report module is affected by a blind XXE vulnerability when a new Best Practices Report is saved using a special payload inside the xml input field. The XXE vulnerability is blind…

  • CVE-2019-6971CriJun 19, 2019
    risk 0.68cvss 9.8epss 0.14

    An issue was discovered on TP-Link TL-WR1043ND V2 devices. An attacker can send a cookie in an HTTP authentication packet to the router management web interface, and fully control the router without knowledge of the credentials.

  • CVE-2019-3954CriJun 19, 2019
    risk 0.64cvss 9.8epss 0.04

    Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call.

  • CVE-2019-11040CriJun 19, 2019
    risk 0.59cvss 9.1epss 0.04

    When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This…

  • CVE-2019-11039CriJun 19, 2019
    risk 0.59cvss 9.1epss 0.03

    Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.

  • CVE-2019-3953CriJun 18, 2019
    risk 0.64cvss 9.8epss 0.04

    Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call.

  • CVE-2019-12874CriJun 18, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.

  • CVE-2019-5016CriJun 17, 2019
    risk 0.59cvss 9.1epss 0.04

    An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause…

  • CVE-2019-7158CriJun 17, 2019
    risk 0.64cvss 9.8epss 0.02

    OX App Suite 7.10.0 and earlier has Incorrect Access Control.

  • CVE-2017-9385CriJun 17, 2019
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT interface in addition to the standard web interface which allows the highest privileges a user can obtain on the device. This web interface uses root as the username and the password…

  • CVE-2017-9383CriJun 17, 2019
    risk 0.65cvss 9.9epss 0.03

    An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "wget" as one of the service…

  • CVE-2019-12550CriJun 17, 2019
    risk 0.64cvss 9.8epss 0.03

    WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET.

  • CVE-2019-12549CriJun 17, 2019
    risk 0.64cvss 9.8epss 0.03

    WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key.

  • CVE-2019-6327CriJun 17, 2019
    risk 0.64cvss 9.8epss 0.02

    HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an IPP Parser potentially vulnerable to Buffer Overflow.

  • CVE-2018-20469CriJun 17, 2019
    risk 0.68cvss 9.8epss 0.19

    An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions.

  • CVE-2019-12835CriJun 15, 2019
    risk 0.64cvss 9.8epss 0.02

    formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping.

  • CVE-2019-2259CriJun 14, 2019
    risk 0.64cvss 9.8epss 0.01

    Resource allocation error while playing the video whose dimensions are more than supported dimension in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon…

  • CVE-2019-2256CriJun 14, 2019
    risk 0.64cvss 9.8epss 0.02

    An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,…

  • CVE-2019-2255CriJun 14, 2019
    risk 0.64cvss 9.8epss 0.02

    An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,…

  • CVE-2018-6350CriJun 14, 2019
    risk 0.64cvss 9.8epss 0.02

    An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Business for iOS prior to…

  • CVE-2018-6349CriJun 14, 2019
    risk 0.64cvss 9.8epss 0.02

    When receiving calls using WhatsApp for Android, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for Android prior to 2.18.248 and WhatsApp Business for Android prior to 2.18.132.

  • CVE-2018-6339CriJun 14, 2019
    risk 0.64cvss 9.8epss 0.02

    When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in…

  • CVE-2018-20655CriJun 14, 2019
    risk 0.64cvss 9.8epss 0.02

    When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for iOS prior to v2.18.90.24 and WhatsApp Business for iOS prior to v2.18.90.24.

  • CVE-2018-13911CriJun 14, 2019
    risk 0.64cvss 9.8epss 0.01

    Out of bounds memory read and access may lead to unexpected behavior in GNSS XTRA Parser in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150,…

  • CVE-2018-13906CriJun 14, 2019
    risk 0.59cvss 9.1epss 0.01

    The HMAC authenticating the message from QSEE is vulnerable to timing side channel analysis leading to potentially forged application message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,…

  • CVE-2018-13898CriJun 14, 2019
    risk 0.64cvss 9.8epss 0.01

    Out-of-Bounds write due to incorrect array index check in PMIC in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607,…

  • CVE-2018-11955CriJun 14, 2019
    risk 0.64cvss 9.8epss 0.01

    Lack of check on length of reason-code fetched from payload may lead driver access the memory not allocated to the frame and results in out of bound read in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,…

  • CVE-2019-10126CriJun 14, 2019
    risk 0.64cvss 9.8epss 0.07

    A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.

  • CVE-2019-10959CriJun 13, 2019
    risk 0.65cvss 10.0epss 0.03

    BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does not impact the latest firmware Versions 1.3.2 and 1.6.1, Additionally, the following products using software Version 2.3.6 and below, Alaris GS,…