VYPR

CVEs

26,912 total · page 531 of 539

  • CVE-2015-8522CriApr 5, 2016
    risk 0.64cvss 9.8epss 0.03

    Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8521.

  • CVE-2015-8521CriApr 5, 2016
    risk 0.64cvss 9.8epss 0.03

    Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8522.

  • CVE-2015-8520CriApr 5, 2016
    risk 0.64cvss 9.8epss 0.03

    Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8521, and CVE-2015-8522.

  • CVE-2015-8519CriApr 5, 2016
    risk 0.64cvss 9.8epss 0.03

    Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8520, CVE-2015-8521, and CVE-2015-8522.

  • CVE-2016-2343CriApr 1, 2016
    risk 0.64cvss 9.8epss 0.02

    Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote attackers to obtain sensitive Dental.DB patient information via SQL statements.

  • CVE-2016-3141CriMar 31, 2016
    risk 0.67cvss 9.8epss 0.35

    Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize…

  • CVE-2016-1761CriMar 24, 2016
    risk 0.64cvss 9.8epss 0.07

    libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.

  • CVE-2016-1741CriMar 24, 2016
    risk 0.68cvss 9.8epss 0.12

    The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

  • CVE-2015-6854CriMar 24, 2016
    risk 0.59cvss 9.1epss 0.01

    The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.

  • CVE-2015-6853CriMar 24, 2016
    risk 0.59cvss 9.1epss 0.01

    The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remote attackers to cause a denial of service (daemon crash) or obtain sensitive…

  • CVE-2016-1998CriMar 22, 2016
    risk 0.64cvss 9.8epss 0.07

    HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

  • CVE-2016-1997CriMar 22, 2016
    risk 0.64cvss 9.8epss 0.07

    HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

  • CVE-2016-2245CriMar 19, 2016
    risk 0.64cvss 9.8epss 0.06

    HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors.

  • CVE-2016-1995CriMar 18, 2016
    risk 0.65cvss 9.8epss 0.10

    HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2016-3191CriMar 17, 2016
    risk 0.64cvss 9.8epss 0.08

    The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial…

  • CVE-2016-2345CriMar 17, 2016
    risk 0.71cvss 9.8epss 0.51

    Stack-based buffer overflow in dwrcs.exe in the dwmrcs daemon in SolarWinds DameWare Mini Remote Control 12.0 allows remote attackers to execute arbitrary code via a crafted string.

  • CVE-2016-1989CriMar 15, 2016
    risk 0.65cvss 9.8epss 0.11

    HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1988.

  • CVE-2016-1988CriMar 15, 2016
    risk 0.65cvss 9.8epss 0.11

    HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1989.

  • CVE-2016-1962CriMar 13, 2016
    risk 0.64cvss 9.8epss 0.06

    Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections.

  • CVE-2016-1621CriMar 12, 2016
    risk 0.64cvss 9.8epss 0.06

    libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files,…

  • CVE-2016-0816CriMar 12, 2016
    risk 0.64cvss 9.8epss 0.03

    mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to decoder/ih264d_parse_islice.c and decoder/ih264d_parse_pslice.c, aka internal bug 25928803.

  • CVE-2016-0815CriMar 12, 2016
    risk 0.64cvss 9.8epss 0.03

    The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via…

  • CVE-2015-7411CriMar 12, 2016
    risk 0.65cvss 9.9epss 0.03

    The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileges via unspecified vectors.

  • CVE-2016-1327CriMar 9, 2016
    risk 0.64cvss 9.8epss 0.07

    Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices with firmware r1_customer_image allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCuv05935.

  • CVE-2016-1009CriMar 9, 2016
    risk 0.64cvss 9.8epss 0.06

    Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via…

  • CVE-2016-1007CriMar 9, 2016
    risk 0.64cvss 9.8epss 0.06

    Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via…

  • CVE-2016-0954CriMar 9, 2016
    risk 0.68cvss 9.8epss 0.19

    Adobe Digital Editions before 4.5.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

  • CVE-2016-0132CriMar 9, 2016
    risk 0.65cvss 9.8epss 0.22

    Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatures via a modified document, aka ".NET XML Validation Security Feature Bypass."

  • CVE-2016-2843CriMar 6, 2016
    risk 0.64cvss 9.8epss 0.01

    Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, as used in Google Chrome before 49.0.2623.75, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2016-1642CriMar 6, 2016
    risk 0.64cvss 9.8epss 0.02

    Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2016-1639CriMar 6, 2016
    risk 0.64cvss 9.8epss 0.02

    Use-after-free vulnerability in browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other…

  • CVE-2016-1636CriMar 6, 2016
    risk 0.64cvss 9.8epss 0.02

    The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the…

  • CVE-2016-1635CriMar 6, 2016
    risk 0.64cvss 9.8epss 0.02

    extensions/renderer/render_frame_observer_natives.cc in Google Chrome before 49.0.2623.75 does not properly consider object lifetimes and re-entrancy issues during OnDocumentElementCreated handling, which allows remote attackers to cause a denial of service (use-after-free) or…

  • CVE-2016-1633CriMar 6, 2016
    risk 0.64cvss 9.8epss 0.02

    Use-after-free vulnerability in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2016-2842CriMar 3, 2016
    risk 0.68cvss 9.8epss 0.54

    The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly…

  • CVE-2016-0799CriMar 3, 2016
    risk 0.66cvss 9.8epss 0.32

    The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a…

  • CVE-2016-0705CriMar 3, 2016
    risk 0.66cvss 9.8epss 0.26

    Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA…

  • CVE-2016-1329CriMar 3, 2016
    risk 0.64cvss 9.8epss 0.04

    Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID…

  • CVE-2016-0216CriFeb 29, 2016
    risk 0.64cvss 9.8epss 0.02

    Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0212 and CVE-2016-0213.

  • CVE-2016-0213CriFeb 29, 2016
    risk 0.64cvss 9.8epss 0.02

    Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0212 and CVE-2016-0216.

  • CVE-2016-0212CriFeb 29, 2016
    risk 0.64cvss 9.8epss 0.03

    Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0213 and CVE-2016-0216.

  • CVE-2015-7261CriFeb 27, 2016
    risk 0.64cvss 9.8epss 0.02

    The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21.

  • CVE-2016-1341CriFeb 24, 2016
    risk 0.64cvss 9.8epss 0.01

    Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCur22079.

  • CVE-2015-8277CriFeb 24, 2016
    risk 0.66cvss 9.8epss 0.29

    Multiple buffer overflows in (1) lmgrd and (2) Vendor Daemon in Flexera FlexNet Publisher before 11.13.1.2 Security Update 1 allow remote attackers to execute arbitrary code via a crafted packet with opcode (a) 0x107 or (b) 0x10a.

  • CVE-2015-8805CriFeb 23, 2016
    risk 0.64cvss 9.8epss 0.03

    The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different…

  • CVE-2015-8804CriFeb 23, 2016
    risk 0.64cvss 9.8epss 0.04

    x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.

  • CVE-2015-8803CriFeb 23, 2016
    risk 0.64cvss 9.8epss 0.04

    The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different…

  • CVE-2016-1629CriFeb 21, 2016
    risk 0.64cvss 9.8epss 0.03

    Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors.

  • CVE-2015-7425CriFeb 21, 2016
    risk 0.65cvss 10.0epss 0.04

    The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.4 and Tivoli Storage FlashCopy…

  • CVE-2016-2275CriFeb 21, 2016
    risk 0.64cvss 9.8epss 0.03

    The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative actions via modified JavaScript…