VYPR

CVEs

31,277 total · page 548 of 626

  • CVE-2017-13292CriApr 4, 2018
    risk 0.64cvss 9.8epss 0.02

    In wl_get_assoc_ies of wl_cfg80211.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:…

  • CVE-2017-13285CriApr 4, 2018
    risk 0.64cvss 9.8epss 0.02

    In SvoxSsmlParser and startElement of svox_ssml_parser.cpp, there is a possible out of bounds write due to an uninitialized buffer. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed…

  • CVE-2017-13284CriApr 4, 2018
    risk 0.64cvss 9.8epss 0.02

    In config_set_string of config.cc, it is possible to pair a second BT keyboard without user approval due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2017-13283CriApr 4, 2018
    risk 0.64cvss 9.8epss 0.02

    In avrc_ctrl_pars_vendor_rsp of bluetooth avrcp_ctrl, there is a possible out of bounds write on the stack due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.…

  • CVE-2017-13282CriApr 4, 2018
    risk 0.64cvss 9.8epss 0.02

    In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.…

  • CVE-2017-13281CriApr 4, 2018
    risk 0.64cvss 9.8epss 0.02

    In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible stack buffer overflow due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.…

  • CVE-2017-13274CriApr 4, 2018
    risk 0.64cvss 9.8epss 0.01

    In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:…

  • CVE-2017-13267CriApr 4, 2018
    risk 0.64cvss 9.8epss 0.02

    In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.…

  • CVE-2018-9249CriApr 4, 2018
    risk 0.64cvss 9.8epss 0.06

    FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass by ignoring the parent.location='login.html' JavaScript code in the response to an unauthenticated request.

  • CVE-2018-9248CriApr 4, 2018
    risk 0.68cvss 9.8epss 0.15

    FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass via a "Cookie: Name=0admin" header.

  • CVE-2018-9247CriApr 4, 2018
    risk 0.64cvss 9.8epss 0.02

    The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a <?php substring, and then…

  • CVE-2018-8780CriApr 3, 2018
    risk 0.60cvss 9.1epss 0.10

    In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.

  • CVE-2018-3641CriApr 3, 2018
    risk 0.64cvss 9.8epss 0.01

    Escalation of privilege in all versions of the Intel Remote Keyboard allows a network attacker to inject keystrokes as a local user.

  • CVE-2018-3599CriApr 3, 2018
    risk 0.64cvss 9.8epss 0.00

    In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while notifying a DCI client, a Use After Free condition can occur.

  • CVE-2018-3596CriApr 3, 2018
    risk 0.64cvss 9.8epss 0.00

    In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, legacy code vulnerable after migration has been removed.

  • CVE-2017-18147CriApr 3, 2018
    risk 0.64cvss 9.8epss 0.01

    In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in MMCP, a downlink message is not being properly validated.

  • CVE-2018-4164CriApr 3, 2018
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in certain Apple products. Xcode before 9.3 is affected. The issue, which is unspecified, involves the "LLVM" component.

  • CVE-2018-4148CriApr 3, 2018
    risk 0.64cvss 9.8epss 0.05

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Telephony" component. A buffer overflow allows remote attackers to execute arbitrary code.

  • CVE-2018-4124CriApr 3, 2018
    risk 0.64cvss 9.8epss 0.07

    An issue was discovered in certain Apple products. iOS before 11.2.6 is affected. macOS before 10.13.3 Supplemental Update is affected. tvOS before 11.2.6 is affected. watchOS before 4.2.3 is affected. The issue involves the "CoreText" component. It allows remote attackers to…

  • CVE-2018-4115CriApr 3, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves CFPreferences in the "System Preferences" component. It allows attackers to bypass…

  • CVE-2018-4110CriApr 3, 2018
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Web App" component. It allows remote attackers to bypass intended restrictions on cookie persistence.

  • CVE-2018-4108CriApr 3, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Disk Management" component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection.

  • CVE-2018-4105CriApr 3, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "APFS" component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection.

  • CVE-2018-4091CriApr 3, 2018
    risk 0.65cvss 10.0epss 0.02

    An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Sandbox" component. It allows bypass of a sandbox protection mechanism.

  • CVE-2018-9230CriApr 2, 2018
    risk 0.65cvss 9.8epss 0.14

    In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.get_uri_args and ngx.req.get_post_args functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web…

  • CVE-2018-9127CriApr 2, 2018
    risk 0.64cvss 9.8epss 0.01

    Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match. This only affects certificates issued to the same domain as the host, so to impersonate a…

  • CVE-2018-1295CriApr 2, 2018
    risk 0.64cvss 9.8epss 0.07

    In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be…

  • CVE-2016-8717CriApr 2, 2018
    risk 0.64cvss 9.8epss 0.02

    An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of…

  • CVE-2018-9175CriApr 2, 2018
    risk 0.64cvss 9.8epss 0.02

    DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselect_main.php because code within the database is accessible to uploads/dede/sys_cache_up.php.

  • CVE-2018-9174CriApr 2, 2018
    risk 0.64cvss 9.8epss 0.01

    sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the refiles array parameter, because the contents of modifytmp.inc are under an attacker's control.

  • CVE-2018-9162CriMar 31, 2018
    risk 0.64cvss 9.8epss 0.02

    Contec Smart Home 4.15 devices do not require authentication for new_user.php, edit_user.php, delete_user.php, and user.php, as demonstrated by changing the admin password and then obtaining control over doors.

  • CVE-2018-9161CriMar 31, 2018
    risk 0.68cvss 9.8epss 0.59

    Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/login_par.js.

  • CVE-2018-9160CriMar 31, 2018
    risk 0.02cvss 9.8epss 0.77

    SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses.

  • CVE-2015-9259CriMar 31, 2018
    risk 0.64cvss 9.8epss 0.01

    In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to…

  • CVE-2017-17766CriMar 30, 2018
    risk 0.64cvss 9.8epss 0.01

    In wma_peer_info_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-03, the value of num_peers received from firmware is not properly validated so that an integer overflow vulnerability in the size of a buffer allocation may potentially lead…

  • CVE-2017-16614CriMar 30, 2018
    risk 0.64cvss 9.8epss 0.03

    SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the plugins/payment/weixin/lib/WxPay.tedatac.php fBill parameter.

  • CVE-2017-14883CriMar 30, 2018
    risk 0.64cvss 9.8epss 0.01

    In the function wma_unified_power_debug_stats_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-18, if the value param_buf->num_debug_register received from the FW command buffer is close to max of uint32, then the computation performed using…

  • CVE-2017-14881CriMar 30, 2018
    risk 0.64cvss 9.8epss 0.01

    While calling the IPA IOCTL handler for IPA_IOC_ADD_HDR_PROC_CTX in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-13, a use-after-free condition may potentially occur.

  • CVE-2017-14877CriMar 30, 2018
    risk 0.64cvss 9.8epss 0.01

    While the IPA driver in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-31 is processing IOCTL commands there is no mutex lock of allocated memory. If one thread sends an ioctl cmd IPA_IOC_QUERY_RT_TBL_INDEX while another sends an ioctl cmd…

  • CVE-2017-14876CriMar 30, 2018
    risk 0.64cvss 9.8epss 0.01

    In msm_ispif_config_stereo() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-21, the parameter params->entries[i].vfe_intf comes from userspace without any bounds check which could potentially result in a kernel out-of-bounds write.

  • CVE-2018-3822CriMar 30, 2018
    risk 0.64cvss 9.8epss 0.02

    X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with…

  • CVE-2018-9148CriMar 30, 2018
    risk 0.64cvss 9.8epss 0.04

    Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentication by listing a directory. NOTE: this can be exploited in conjunction with CVE-2018-7171 for remote authentication…

  • CVE-2017-14915CriMar 30, 2018
    risk 0.64cvss 9.8epss 0.02

    In Android before 2018-01-05 on Qualcomm Snapdragon Mobile SD 625, SD 650/52, SD 835, accessing SPCOM functions with a compromised client structure can result in a Use After Free condition.

  • CVE-2017-14913CriMar 30, 2018
    risk 0.64cvss 9.8epss 0.02

    In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, SD 625, SD 650/52, SD 835, SD 845, DDR address input validation is being improperly truncated.

  • CVE-2017-14912CriMar 30, 2018
    risk 0.64cvss 9.8epss 0.02

    In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile [VERSION]: MDM9206, MDM9607, MDM9650, MSM8909W, SD 200, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 835, the attributes of buffers in…

  • CVE-2017-14911CriMar 30, 2018
    risk 0.64cvss 9.8epss 0.02

    In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile, Snapdragon Automobile APQ8096AU, MDM9206, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 625, SD 650/52, SD 820, SD 835, it is possible for the XBL loader to skip the authentication of…

  • CVE-2017-14906CriMar 30, 2018
    risk 0.64cvss 9.8epss 0.01

    In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, PKCS7 padding is not supported by the crypto storage APIs.

  • CVE-2017-11010CriMar 30, 2018
    risk 0.64cvss 9.8epss 0.01

    In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 650/52, SD 835, access control left a configuration space unprotected.

  • CVE-2018-9143CriMar 30, 2018
    risk 0.64cvss 9.8epss 0.02

    On Samsung mobile devices with M(6.0) and N(7.x) software, a heap overflow in the sensorhub binder service leads to code execution in a privileged process, aka SVE-2017-10991.

  • CVE-2018-9139CriMar 30, 2018
    risk 0.64cvss 9.8epss 0.02

    On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code execution in a privileged process via a large frame size, aka SVE-2017-11165.