VYPR

CVEs

31,171 total · page 506 of 624

  • CVE-2018-5915CriJan 18, 2019
    risk 0.64cvss 9.8epss 0.01

    Exception in Modem IP stack while processing IPv6 packet in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 /…

  • CVE-2018-11284CriJan 18, 2019
    risk 0.60cvss 9.3epss 0.01

    Spoofed SMS can be used to send a large number of messages to the device which will in turn initiate a flood of registration updates with the server in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 636, SDA660,…

  • CVE-2017-18160CriJan 18, 2019
    risk 0.64cvss 9.8epss 0.01

    AGPS session failure in GNSS module due to cyphersuites are hardcoded and needed manual update everytime in snapdragon mobile and snapdragon wear in versions MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 835, SD 845, SD 850

  • CVE-2019-3910CriJan 18, 2019
    risk 0.60cvss 9.1epss 0.09

    Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.

  • CVE-2019-3909CriJan 18, 2019
    risk 0.64cvss 9.8epss 0.02

    Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.

  • CVE-2018-19716CriJan 18, 2019
    risk 0.64cvss 9.8epss 0.10

    Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a heap overflow…

  • CVE-2018-19715CriJan 18, 2019
    risk 0.64cvss 9.8epss 0.06

    Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free…

  • CVE-2018-19708CriJan 18, 2019
    risk 0.64cvss 9.8epss 0.06

    Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free…

  • CVE-2018-19707CriJan 18, 2019
    risk 0.64cvss 9.8epss 0.06

    Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free…

  • CVE-2018-19702CriJan 18, 2019
    risk 0.64cvss 9.8epss 0.06

    Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds write…

  • CVE-2018-19700CriJan 18, 2019
    risk 0.64cvss 9.8epss 0.06

    Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free…

  • CVE-2018-19698CriJan 18, 2019
    risk 0.64cvss 9.8epss 0.06

    Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free…

  • CVE-2018-16040CriJan 18, 2019
    risk 0.64cvss 9.8epss 0.06

    Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free…

  • CVE-2018-16039CriJan 18, 2019
    risk 0.64cvss 9.8epss 0.06

    Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free…

  • CVE-2018-16037CriJan 18, 2019
    risk 0.64cvss 9.8epss 0.06

    Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free…

  • CVE-2018-16036CriJan 18, 2019
    risk 0.64cvss 9.8epss 0.06

    Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free…

  • CVE-2018-20732CriJan 17, 2019
    risk 0.64cvss 9.8epss 0.04

    SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant.

  • CVE-2019-2489CriJan 16, 2019
    risk 0.59cvss 9.1epss 0.02

    Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: OCM Query). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker…

  • CVE-2019-2453CriJan 16, 2019
    risk 0.59cvss 9.1epss 0.02

    Vulnerability in the Oracle Performance Management component of Oracle E-Business Suite (subcomponent: Performance Management Plan). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network…

  • CVE-2015-9280CriJan 16, 2019
    risk 0.65cvss 10.0epss 0.02

    MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.

  • CVE-2015-9278CriJan 16, 2019
    risk 0.64cvss 9.8epss 0.02

    MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request.

  • CVE-2015-9277CriJan 16, 2019
    risk 0.59cvss 9.1epss 0.02

    MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. /" are mishandled.

  • CVE-2018-20721CriJan 16, 2019
    risk 0.00cvss 9.8epss 0.02

    URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address.

  • CVE-2019-6446CriJan 16, 2019
    risk 0.58cvss 9.8epss 0.17

    An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a…

  • CVE-2019-6444CriJan 16, 2019
    risk 0.59cvss 9.1epss 0.46

    An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd.

  • CVE-2019-6443CriJan 16, 2019
    risk 0.61cvss 9.1epss 0.67

    An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd.

  • CVE-2019-6440CriJan 16, 2019
    risk 0.64cvss 9.8epss 0.03

    Zemana AntiMalware before 3.0.658 Beta mishandles update logic.

  • CVE-2019-6439CriJan 16, 2019
    risk 0.64cvss 9.8epss 0.03

    examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL through 3.15.7 has a heap-based buffer overflow.

  • CVE-2019-3557CriJan 15, 2019
    risk 0.00cvss 9.8epss 0.02

    The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. This behavior caused some stream functions, such as stream_get_line, to trigger an out-of-bounds read when operating on such malformed streams. The…

  • CVE-2018-6345CriJan 15, 2019
    risk 0.00cvss 9.8epss 0.02

    The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other…

  • CVE-2019-0022CriJan 15, 2019
    risk 0.65cvss 10.0epss 0.01

    Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.

  • CVE-2019-0020CriJan 15, 2019
    risk 0.65cvss 10.0epss 0.02

    Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.

  • CVE-2019-0007CriJan 15, 2019
    risk 0.61cvss 9.3epss 0.02

    The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack. This issue was…

  • CVE-2019-0006CriJan 15, 2019
    risk 0.64cvss 9.8epss 0.05

    A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a crash of the fxpc daemon or may…

  • CVE-2019-0002CriJan 15, 2019
    risk 0.64cvss 9.8epss 0.02

    On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' in combination with other actions might not take effect. When this issue occurs, the output of the command: show pfe filter hw summary will not show the entry for: RACL group…

  • CVE-2017-6925CriJan 15, 2019
    risk 0.64cvss 9.8epss 0.03

    In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different…

  • CVE-2018-20718CriJan 15, 2019
    risk 0.64cvss 9.8epss 0.04

    In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0:{} syntax to store a preference. An attacker either needs a "public link" of a file, or access to any unprivileged user account for creation of such a link.

  • CVE-2018-20716CriJan 15, 2019
    risk 0.64cvss 9.8epss 0.01

    CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature.

  • CVE-2018-20715CriJan 15, 2019
    risk 0.64cvss 9.8epss 0.01

    The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php.

  • CVE-2019-6296CriJan 15, 2019
    risk 0.64cvss 9.8epss 0.01

    Cleanto 5.0 has SQL Injection via the assets/lib/export_ajax.php id parameter.

  • CVE-2019-6295CriJan 15, 2019
    risk 0.64cvss 9.8epss 0.01

    Cleanto 5.0 has SQL Injection via the assets/lib/service_method_ajax.php service_id parameter.

  • CVE-2019-6259CriJan 14, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter.

  • CVE-2018-1969CriJan 14, 2019
    risk 0.59cvss 9.0epss 0.02

    IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 153750.

  • CVE-2019-6256CriJan 14, 2019
    risk 0.64cvss 9.8epss 0.02

    A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request…

  • CVE-2019-6246CriJan 13, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling the gil::get_color function in Generic Image Library in Boost, the return code is used as an address, leading to an Access Violation because of an out-of-bounds read.

  • CVE-2018-4298CriJan 11, 2019
    risk 0.64cvss 9.8epss 0.01

    In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a permissions issue existed in Remote Management. This issue was addressed through improved permission validation.

  • CVE-2018-4281CriJan 11, 2019
    risk 0.64cvss 9.8epss 0.01

    In SwiftNIO before 1.8.0, a buffer overflow was addressed with improved size validation.

  • CVE-2018-4258CriJan 11, 2019
    risk 0.64cvss 9.8epss 0.01

    In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved bounds checking.

  • CVE-2018-4257CriJan 11, 2019
    risk 0.64cvss 9.8epss 0.01

    In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved size validation.

  • CVE-2018-4254CriJan 11, 2019
    risk 0.64cvss 9.8epss 0.01

    In macOS High Sierra before 10.13.5, an input validation issue existed in the kernel. This issue was addressed with improved input validation.