VYPR

CVEs

31,173 total · page 492 of 624

  • CVE-2019-12272CriMay 23, 2019
    risk 0.01cvss 9.8epss 0.07

    In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability.

  • CVE-2017-5212CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.01

    Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control.

  • CVE-2017-5210CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.01

    Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure.

  • CVE-2017-17060CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.01

    OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions.

  • CVE-2019-12297CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1.01. There is a Use of an Externally Controlled Format String, reachable via TCP port 8010 or UDP port 8080.

  • CVE-2019-12042CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.04

    Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global\PandaDevicesAgentSharedMemoryChange in Panda products before 18.07.03 allow attackers to queue an event (as an encrypted JSON string) to the system service AgentSvc.exe, which…

  • CVE-2019-11873CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.09

    wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a crafted hello client packet over the network to a TLSv1.3 wolfSSL server. The length fields of the packet: record length,…

  • CVE-2019-6808CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.08

    A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a remote code execution by overwriting configuration settings of the controller over Modbus.

  • CVE-2019-6816CriMay 22, 2019
    risk 0.59cvss 9.1epss 0.01

    In Modicon Quantum all firmware versions, a CWE-94: Code Injection vulnerability could cause an unauthorized firmware modification with possible Denial of Service when using Modbus protocol.

  • CVE-2019-6815CriMay 22, 2019
    risk 0.59cvss 9.1epss 0.01

    In Modicon Quantum all firmware versions, CWE-264: Permissions, Privileges, and Access Control vulnerabilities could cause a denial of service or unauthorized modifications of the PLC configuration when using Ethernet/IP protocol.

  • CVE-2019-6814CriMay 22, 2019
    risk 0.70cvss 9.8epss 0.37

    A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI.

  • CVE-2018-7847CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.04

    A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus.

  • CVE-2018-7846CriMay 22, 2019
    risk 0.66cvss 9.8epss 0.30

    A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the…

  • CVE-2018-7842CriMay 22, 2019
    risk 0.67cvss 9.8epss 0.35

    A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller.

  • CVE-2018-7841CriKEVMay 22, 2019
    risk 0.84cvss 9.8epss 0.72

    A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.

  • CVE-2017-5863CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.01

    Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.

  • CVE-2019-7835CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.07

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could…

  • CVE-2019-7834CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to…

  • CVE-2019-7833CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.07

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to…

  • CVE-2019-7832CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.06

    Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability.…

  • CVE-2019-11536CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.02

    Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, and 3.6.1, when WebHMI is not installed, allows an attacker to inject client-side commands or scripts to be executed on the device with privileged access, aka…

  • CVE-2019-11231CriMay 22, 2019
    risk 0.72cvss 9.8epss 0.72

    An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content (PHP code, for example). This vulnerability is triggered by an authenticated user; however, authentication can be…

  • CVE-2019-11634CriKEVMay 22, 2019
    risk 0.82cvss 9.8epss 0.08

    Citrix Workspace App before 1904 for Windows has Incorrect Access Control.

  • CVE-2019-7808CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.07

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to…

  • CVE-2019-7807CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.07

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to…

  • CVE-2019-7806CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.07

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to…

  • CVE-2019-7805CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.07

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to…

  • CVE-2019-12279CriMay 22, 2019
    risk 0.67cvss 9.8epss 0.04

    Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any…

  • CVE-2019-12046CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.03

    LemonLDAP::NG -2.0.3 has Incorrect Access Control.

  • CVE-2019-7804CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.09

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds write vulnerability. Successful…

  • CVE-2019-7792CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.07

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to…

  • CVE-2019-12277CriMay 22, 2019
    risk 0.57cvss 9.8epss 0.02

    Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as demonstrated by missing checks for .. in a pathname.

  • CVE-2019-12102CriMay 22, 2019
    risk 0.59cvss 9.1epss 0.02

    Kentico 11 through 12 lets attackers upload and explore files without authentication via the cmsmodules/medialibrary/formcontrols/liveselectors/insertimageormedia/tabs_media.aspx URI. NOTE: The vendor disputes the report because the researcher did not configure the media library…

  • CVE-2019-7791CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.07

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to…

  • CVE-2019-7788CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.07

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to…

  • CVE-2019-7784CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.07

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a double free vulnerability. Successful exploitation could lead to…

  • CVE-2019-7783CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.07

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to…

  • CVE-2019-7782CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to…

  • CVE-2019-7781CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.07

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to…

  • CVE-2019-7779CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.07

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a security bypass vulnerability. Successful exploitation could lead…

  • CVE-2019-7772CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.07

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to…

  • CVE-2019-7768CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to…

  • CVE-2019-7767CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.07

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to…

  • CVE-2019-7766CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.07

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to…

  • CVE-2019-7765CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.07

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to…

  • CVE-2019-7764CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.07

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could…

  • CVE-2019-7763CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.07

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to…

  • CVE-2019-7762CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.07

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to…

  • CVE-2019-12241CriMay 20, 2019
    risk 0.64cvss 9.8epss 0.02

    The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserialization via a cartsguru-source cookie to classes/wc-cartsguru-event-handler.php.

  • CVE-2019-12240CriMay 20, 2019
    risk 0.64cvss 9.8epss 0.02

    The Virim plugin 0.4 for WordPress allows Insecure Deserialization via s_values, t_values, or c_values in graph.php.