VYPR

CVEs

31,277 total · page 556 of 626

  • CVE-2018-1000042CriFeb 9, 2018
    risk 0.64cvss 9.8epss 0.04

    Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be…

  • CVE-2018-1000034CriFeb 9, 2018
    risk 0.59cvss 9.1epss 0.01

    An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory.

  • CVE-2018-1000033CriFeb 9, 2018
    risk 0.59cvss 9.1epss 0.02

    An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory.

  • CVE-2018-3601CriFeb 9, 2018
    risk 0.64cvss 9.8epss 0.04

    A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations.

  • CVE-2018-6825CriFeb 9, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH server exists with a hardcoded vobot account that has root access.

  • CVE-2018-6871CriFeb 9, 2018
    risk 0.62cvss 9.8epss 0.23

    LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.

  • CVE-2018-6789CriKEVFeb 8, 2018
    risk 0.84cvss 9.8epss 0.82

    An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.

  • CVE-2018-6180CriFeb 8, 2018
    risk 0.67cvss 9.8epss 0.04

    A flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an arbitrary password for other accounts.

  • CVE-2012-2166CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.03

    IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IBM X-Force ID: 75041.

  • CVE-2011-4889CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.03

    The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server,…

  • CVE-2018-1163CriFeb 8, 2018
    risk 0.65cvss 9.8epss 0.16

    This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Quest NetVault Backup 11.2.0.13. The specific flaw exists within JSON RPC Request handling. By setting the checksession parameter to a specific value, it is possible to bypass…

  • CVE-2018-1161CriFeb 8, 2018
    risk 0.69cvss 9.8epss 0.67

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.2.0.13. Authentication is not required to exploit this vulnerability. The specific flaw exists within nvwsworker.exe. When parsing the boundary header of…

  • CVE-2017-17659CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobHistory Get method requests.…

  • CVE-2017-17658CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobDefinitions Get method…

  • CVE-2017-17657CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup TimeRange method…

  • CVE-2017-17656CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup JobList method requests.…

  • CVE-2017-17655CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup PluginList method…

  • CVE-2017-17654CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup ClientList method…

  • CVE-2017-17653CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupOptionSet Get method…

  • CVE-2017-17652CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Count method requests.…

  • CVE-2017-17425CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUSourceDeviceSet Get method…

  • CVE-2017-17424CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUScheduleSet Get method requests.…

  • CVE-2017-17423CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupSegment Get method…

  • CVE-2017-17422CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Get method requests. The…

  • CVE-2017-17421CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUSelectionSet Get method…

  • CVE-2017-17420CriFeb 8, 2018
    risk 0.68cvss 9.8epss 0.49

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobCountHistory Get method…

  • CVE-2017-17419CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUTransferHistory Get method…

  • CVE-2017-17418CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPolicy Get method requests. The…

  • CVE-2017-17417CriFeb 8, 2018
    risk 0.68cvss 9.8epss 0.10

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Acknowledge method…

  • CVE-2017-17416CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus GetPlugins method…

  • CVE-2017-17415CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Count method…

  • CVE-2017-17414CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Get method requests.…

  • CVE-2017-17413CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupTargetSet Get method…

  • CVE-2017-17412CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of GET method requests. The issue…

  • CVE-2018-0514CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.02

    MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.

  • CVE-2018-6836CriFeb 8, 2018
    risk 0.64cvss 9.8epss 0.03

    The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

  • CVE-2018-6835CriFeb 8, 2018
    risk 0.57cvss 9.8epss 0.02

    node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions.

  • CVE-2018-0127CriFeb 8, 2018
    risk 0.70cvss 9.8epss 0.78

    A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of…

  • CVE-2018-0125CriKEVFeb 8, 2018
    risk 0.80cvss 9.8epss 0.55

    A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root…

  • CVE-2017-12472CriFeb 7, 2018
    risk 0.64cvss 9.8epss 0.02

    ccnl-ext-mgmt.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging missing NULL pointer checks after ccnl_malloc.

  • CVE-2017-12471CriFeb 7, 2018
    risk 0.64cvss 9.8epss 0.02

    The cnb_parse_lev function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging failure to check for out-of-bounds conditions, which triggers an invalid read in the hexdump function.

  • CVE-2017-12470CriFeb 7, 2018
    risk 0.64cvss 9.8epss 0.02

    Integer overflow in the ndn_parse_sequence function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the typ and vallen variables.

  • CVE-2017-12469CriFeb 7, 2018
    risk 0.64cvss 9.8epss 0.02

    Buffer overflow in util/ccnl-common.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging incorrect memory allocation.

  • CVE-2017-12468CriFeb 7, 2018
    risk 0.64cvss 9.8epss 0.02

    Buffer overflow in ccn-lite-ccnb2xml.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the vallen and len variables.

  • CVE-2017-12466CriFeb 7, 2018
    risk 0.64cvss 9.8epss 0.02

    CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors related to ssl_halen when running ccn-lite-sim, which trigger an out-of-bounds access.

  • CVE-2017-12465CriFeb 7, 2018
    risk 0.64cvss 9.8epss 0.02

    Multiple integer overflows in CCN-lite before 2.00 allow context-dependent attackers to have unspecified impact via vectors involving the (1) vallen variable in the iottlv_parse_sequence function or (2) typ, vallen and i variables in the localrpc_parse function.

  • CVE-2018-6823CriFeb 7, 2018
    risk 0.64cvss 9.8epss 0.02

    In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root.

  • CVE-2018-6822CriFeb 7, 2018
    risk 0.64cvss 9.8epss 0.02

    In PureVPN 6.0.1 on macOS, HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root.

  • CVE-2018-4877CriFeb 6, 2018
    risk 0.64cvss 9.8epss 0.09

    A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution.

  • CVE-2018-6758CriFeb 6, 2018
    risk 0.00cvss 9.8epss 0.02

    The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.