VYPR

CVEs

31,173 total · page 498 of 624

  • CVE-2019-0698CriApr 9, 2019
    risk 0.69cvss 9.8epss 0.63

    A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0697, CVE-2019-0726.

  • CVE-2019-0697CriApr 9, 2019
    risk 0.66cvss 9.8epss 0.30

    A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0698, CVE-2019-0726.

  • CVE-2019-11018CriApr 8, 2019
    risk 0.64cvss 9.8epss 0.01

    application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change.

  • CVE-2019-11014CriApr 8, 2019
    risk 0.64cvss 9.8epss 0.02

    The VStarCam vstc.vscam.client library and vstc.vscam shared object, as used in the Eye4 application (for Android, iOS, and Windows), do not prevent spoofing of the camera server. An attacker can create a fake camera server that listens for the client looking for a camera on the…

  • CVE-2019-11006CriApr 8, 2019
    risk 0.59cvss 9.1epss 0.03

    In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet.

  • CVE-2019-11005CriApr 8, 2019
    risk 0.64cvss 9.8epss 0.04

    In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family…

  • CVE-2014-9186CriApr 8, 2019
    risk 0.64cvss 9.8epss 0.04

    A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code…

  • CVE-2014-5435CriApr 8, 2019
    risk 0.64cvss 9.8epss 0.03

    An arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service. Honeywell strongly encourages and…

  • CVE-2017-7912CriApr 8, 2019
    risk 0.64cvss 9.8epss 0.05

    Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication.

  • CVE-2019-10914CriApr 8, 2019
    risk 0.64cvss 9.8epss 0.01

    pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Inside Secure TLS Toolkit, has a stack-based buffer overflow during X.509 certificate verification because of missing validation in psRsaDecryptPubExt in crypto/pubkey/rsa_pub.c.

  • CVE-2019-10908CriApr 7, 2019
    risk 0.00cvss 9.8epss 0.02

    In Airsonic 10.2.1, RecoverController.java generates passwords via org.apache.commons.lang.RandomStringUtils, which uses java.util.Random internally. This PRNG has a 48-bit seed that can easily be bruteforced, leading to trivial privilege escalation attacks.

  • CVE-2019-10907CriApr 7, 2019
    risk 0.00cvss 9.8epss 0.01

    Airsonic 10.2.1 uses Spring's default remember-me mechanism based on MD5, with a fixed key of airsonic in GlobalSecurityConfig.java. An attacker able to capture cookies might be able to trivially bruteforce offline the passwords of associated users.

  • CVE-2019-6552CriApr 5, 2019
    risk 0.64cvss 9.8epss 0.03

    Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution.

  • CVE-2019-6550CriApr 5, 2019
    risk 0.64cvss 9.8epss 0.06

    Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution.

  • CVE-2019-10479CriApr 5, 2019
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. A hard-coded username and password were identified that allow a remote attacker to gain admin access to the Front Circle Controller web interface.

  • CVE-2019-10877CriApr 5, 2019
    risk 0.64cvss 9.8epss 0.02

    In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in engine/shared/map.cpp that can lead to a buffer overflow, because multiplication of width and height is mishandled.

  • CVE-2019-10879CriApr 5, 2019
    risk 0.64cvss 9.8epss 0.05

    In Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::Open() in engine/shared/datafile.cpp that can lead to a buffer overflow and possibly remote code execution, because size-related multiplications are mishandled.

  • CVE-2019-10878CriApr 5, 2019
    risk 0.64cvss 9.8epss 0.04

    In Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader::GetData() and CDataFileReader::ReplaceData() and related functions in engine/shared/datafile.cpp that can lead to an arbitrary free and out-of-bounds pointer write, possibly resulting in remote code execution.

  • CVE-2018-19282CriApr 4, 2019
    risk 0.64cvss 9.8epss 0.06

    Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow remote attackers to cause a denial of service by crashing the Common Industrial Protocol (CIP) network stack. The vulnerability allows the attacker to crash the CIP in a way that it does not accept new…

  • CVE-2018-18068CriApr 4, 2019
    risk 0.64cvss 9.8epss 0.03

    The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices allows non-secure EL1 code to read/write any EL3 (the highest privilege level in ARMv8) memory/register via inter-processor debugging. With a debug host processor A running in…

  • CVE-2019-6553CriApr 4, 2019
    risk 0.68cvss 9.8epss 0.50

    A vulnerability was found in Rockwell Automation RSLinx Classic versions 4.10.00 and prior. An input validation issue in a .dll file of RSLinx Classic where the data in a Forward Open service request is passed to a fixed size buffer, allowing an attacker to exploit a stack-based…

  • CVE-2019-7001CriApr 4, 2019
    risk 0.64cvss 9.9epss 0.01

    A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all 9.x and 10.x versions prior…

  • CVE-2018-20222CriApr 4, 2019
    risk 0.64cvss 9.8epss 0.02

    XXE issue in Airsonic before 10.1.2 during parse.

  • CVE-2018-10244CriApr 4, 2019
    risk 0.64cvss 9.8epss 0.02

    Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-commmon.c has an integer overflow during a length check.

  • CVE-2018-10243CriApr 4, 2019
    risk 0.64cvss 9.8epss 0.02

    htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allows remote attackers to cause a heap-based buffer over-read via an authorization digest header.

  • CVE-2019-10844CriApr 4, 2019
    risk 0.57cvss 9.8epss 0.02

    nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka nnabla) through v1.0.14 relies on the HOME environment variable, which might be untrusted.

  • CVE-2019-10842CriApr 4, 2019
    risk 0.64cvss 9.8epss 0.05

    Arbitrary code execution (via backdoor code) was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the ___cfduid cookie value with base64 arbitrary code to be executed via eval(), which can be leveraged to execute…

  • CVE-2015-5463CriApr 3, 2019
    risk 0.64cvss 9.8epss 0.02

    AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI services) 9.5.3 and earlier allows remote attackers to (1) access data of other basic users through arbitrary SQL commands, (2) perform a horizontal and vertical privilege…

  • CVE-2018-4367CriApr 3, 2019
    risk 0.67cvss 9.8epss 0.07

    A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.

  • CVE-2018-4353CriApr 3, 2019
    risk 0.64cvss 9.8epss 0.01

    A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.

  • CVE-2018-4332CriApr 3, 2019
    risk 0.64cvss 9.8epss 0.02

    A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

  • CVE-2018-4331CriApr 3, 2019
    risk 0.64cvss 9.8epss 0.04

    A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

  • CVE-2018-4310CriApr 3, 2019
    risk 0.65cvss 10.0epss 0.02

    An access issue was addressed with additional sandbox restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.

  • CVE-2018-4295CriApr 3, 2019
    risk 0.64cvss 9.8epss 0.01

    An input validation issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.

  • CVE-2018-4291CriApr 3, 2019
    risk 0.64cvss 9.8epss 0.02

    Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.

  • CVE-2018-4288CriApr 3, 2019
    risk 0.64cvss 9.8epss 0.02

    Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.

  • CVE-2018-4287CriApr 3, 2019
    risk 0.64cvss 9.8epss 0.02

    Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.

  • CVE-2018-4286CriApr 3, 2019
    risk 0.64cvss 9.8epss 0.02

    Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.

  • CVE-2018-4268CriApr 3, 2019
    risk 0.64cvss 9.8epss 0.01

    A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.

  • CVE-2018-4259CriApr 3, 2019
    risk 0.64cvss 9.8epss 0.02

    Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.

  • CVE-2019-5421CriApr 3, 2019
    risk 0.00cvss 9.8epss 0.02

    Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts` method. File location: lib/devise/models/lockable.rb that can result in…

  • CVE-2019-6506CriApr 2, 2019
    risk 0.64cvss 9.8epss 0.02

    SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x before 7.11.3 allows SQL Injection.

  • CVE-2017-6047CriApr 2, 2019
    risk 0.64cvss 9.8epss 0.02

    Detcon Sitewatch Gateway, all versions without cellular, Passwords are presented in plaintext in a file that is accessible without authentication.

  • CVE-2019-10708CriApr 2, 2019
    risk 0.64cvss 9.8epss 0.03

    S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter.

  • CVE-2019-10707CriApr 2, 2019
    risk 0.64cvss 9.8epss 0.01

    MKCMS V5.0 has SQL injection via the bplay.php play parameter.

  • CVE-2019-7475CriApr 2, 2019
    risk 0.64cvss 9.8epss 0.01

    A vulnerability in SonicWall SonicOS and SonicOSv with management enabled system on specific configuration allow unprivileged user to access advanced routing services. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3,…

  • CVE-2019-10692CriApr 2, 2019
    risk 0.73cvss 9.8epss 0.79

    In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement.

  • CVE-2018-19275CriApr 2, 2019
    risk 0.64cvss 9.8epss 0.05

    The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before 8.4 SP3 Suite Servers has a default password, which could allow remote attackers to gain unauthorized access and execute arbitrary scripts with potential impacts to the confidentiality, integrity and…

  • CVE-2019-9759CriApr 2, 2019
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in TONGDA Office Anywhere 10.18.190121. There is a SQL Injection vulnerability via the general/approve_center/list/input_form/work_handle.php run_id parameter.

  • CVE-2018-17565CriApr 1, 2019
    risk 0.64cvss 9.8epss 0.02

    Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell.