VYPR

CVEs

31,174 total · page 564 of 624

  • CVE-2017-1001002CriNov 27, 2017
    risk 0.57cvss 9.8epss 0.02

    math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.

  • CVE-2017-1000214CriNov 27, 2017
    risk 0.64cvss 9.8epss 0.03

    GitPHP by xiphux is vulnerable to OS Command Injections

  • CVE-2017-8045CriNov 27, 2017
    risk 0.64cvss 9.8epss 0.04

    In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack.

  • CVE-2017-16943CriNov 25, 2017
    risk 0.67cvss 9.8epss 0.47

    The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.

  • CVE-2017-16935CriNov 24, 2017
    risk 0.67cvss 9.8epss 0.08

    Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to /plugins/core-ui/servercomm/messages.xml, as demonstrated by changing the admin password by…

  • CVE-2017-16934CriNov 24, 2017
    risk 0.68cvss 9.8epss 0.13

    The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a change_password.csp…

  • CVE-2017-16931CriNov 23, 2017
    risk 0.64cvss 9.8epss 0.04

    parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.

  • CVE-2017-13701CriNov 23, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method.

  • CVE-2017-15088CriNov 23, 2017
    risk 0.64cvss 9.8epss 0.08

    plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations…

  • CVE-2017-8129CriNov 22, 2017
    risk 0.64cvss 9.8epss 0.01

    The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.

  • CVE-2017-8128CriNov 22, 2017
    risk 0.64cvss 9.8epss 0.01

    The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.

  • CVE-2017-8126CriNov 22, 2017
    risk 0.64cvss 9.8epss 0.01

    The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.

  • CVE-2017-8124CriNov 22, 2017
    risk 0.64cvss 9.8epss 0.01

    The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.

  • CVE-2017-8123CriNov 22, 2017
    risk 0.64cvss 9.8epss 0.01

    The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.

  • CVE-2017-8122CriNov 22, 2017
    risk 0.64cvss 9.8epss 0.01

    The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.

  • CVE-2017-8120CriNov 22, 2017
    risk 0.64cvss 9.8epss 0.01

    The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.

  • CVE-2017-8119CriNov 22, 2017
    risk 0.64cvss 9.8epss 0.01

    The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.

  • CVE-2017-8117CriNov 22, 2017
    risk 0.64cvss 9.8epss 0.01

    The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.

  • CVE-2017-2738CriNov 22, 2017
    risk 0.64cvss 9.8epss 0.03

    VCM5010 with software versions earlier before V100R002C50SPC100 has an authentication bypass vulnerability. This is due to improper implementation of authentication for accessing web pages. An unauthenticated attacker could bypass the authentication by sending a crafted HTTP…

  • CVE-2017-13071CriNov 22, 2017
    risk 0.64cvss 9.8epss 0.01

    QNAP has already patched this vulnerability. This security concern allows a remote attacker to run arbitrary commands on the QNAP Video Station 5.1.3 (for QTS 4.3.3), 5.2.0 (for QTS 4.3.4), and earlier.

  • CVE-2017-8864CriNov 22, 2017
    risk 0.64cvss 9.8epss 0.02

    Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD allows an attacker to manipulate options sent to the camera and cause malfunction or code execution, as demonstrated by a client-side "if (!passwordsAreEqual())" test.

  • CVE-2017-8862CriNov 22, 2017
    risk 0.64cvss 9.8epss 0.01

    The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with "root" privileges.

  • CVE-2017-8861CriNov 22, 2017
    risk 0.64cvss 9.8epss 0.02

    Missing authentication for the remote configuration port 1236/tcp on the Cohu 3960HD allows an attacker to change configuration parameters such as IP address and username/password via specially crafted XML SOAP packets.

  • CVE-2017-16926CriNov 22, 2017
    risk 0.64cvss 9.8epss 0.06

    Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker (providing a source tree for Ohcount processing) to execute arbitrary code as the user running Ohcount.

  • CVE-2017-7550CriNov 21, 2017
    risk 0.57cvss 9.8epss 0.04

    A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords…

  • CVE-2015-3934CriNov 21, 2017
    risk 0.67cvss 9.8epss 0.03

    Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user parameter to user/login.

  • CVE-2017-5719CriNov 21, 2017
    risk 0.64cvss 9.8epss 0.02

    A vulnerability in the Intel Deep Learning Training Tool Beta 1 allows a network attacker to remotely execute code as a local user.

  • CVE-2017-16920CriNov 21, 2017
    risk 0.64cvss 9.8epss 0.02

    v5/config/system.php in dayrui FineCms 5.2.0 has a default SYS_KEY value and does not require key regeneration for each installation, which allows remote attackers to upload arbitrary .php files via a member api swfupload action to index.php.

  • CVE-2017-16613CriNov 21, 2017
    risk 0.57cvss 9.8epss 0.08

    An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a…

  • CVE-2017-16840CriNov 21, 2017
    risk 0.64cvss 9.8epss 0.03

    The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c.

  • CVE-2017-16903CriNov 20, 2017
    risk 0.64cvss 9.8epss 0.02

    LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php.

  • CVE-2017-16896CriNov 20, 2017
    risk 0.64cvss 9.8epss 0.01

    A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.

  • CVE-2017-11402CriNov 20, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Design flaws in OPC classic and in custom netfilter modules allow an attacker to remotely activate rules on the firewall and to connect to any TCP port of a protected asset,…

  • CVE-2017-11401CriNov 20, 2017
    risk 0.64cvss 9.8epss 0.01

    An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Improper handling of the mbap.length field of ModBus packets in the ModBus DPI filter allows an attacker to send malformed/crafted packets to a protected asset, bypassing…

  • CVE-2017-16566CriNov 17, 2017
    risk 0.64cvss 9.8epss 0.03

    On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication (such as passwd and shadow). This can be abused to take full root level…

  • CVE-2017-1000190CriNov 17, 2017
    risk 0.60cvss 9.1epss 0.05

    SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.

  • CVE-2017-16845CriNov 17, 2017
    risk 0.65cvss 10.0epss 0.03

    hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.

  • CVE-2017-1000215CriNov 17, 2017
    risk 0.64cvss 9.8epss 0.06

    ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution

  • CVE-2017-1000169CriNov 17, 2017
    risk 0.64cvss 9.8epss 0.04

    QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes which can lead to remote code execution. This can lead to the complete takeover of the server hosting QuickerBB.

  • CVE-2017-1000192CriNov 17, 2017
    risk 0.64cvss 9.8epss 0.01

    Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other…

  • CVE-2017-1000212CriNov 17, 2017
    risk 0.64cvss 9.8epss 0.03

    Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code.

  • CVE-2017-1000206CriNov 17, 2017
    risk 0.64cvss 9.8epss 0.02

    samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution

  • CVE-2017-16872CriNov 17, 2017
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message (like cseq, ttl, port, etc.) all had the potential to overflow, either causing unintended values to be captured or, if the values were…

  • CVE-2017-1000158CriNov 17, 2017
    risk 0.64cvss 9.8epss 0.08

    CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)

  • CVE-2017-1000248CriNov 17, 2017
    risk 0.57cvss 9.8epss 0.02

    Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis

  • CVE-2017-1000237CriNov 17, 2017
    risk 0.64cvss 9.8epss 0.02

    I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password.

  • CVE-2017-1000235CriNov 17, 2017
    risk 0.64cvss 9.8epss 0.03

    I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised.

  • CVE-2017-1000232CriNov 17, 2017
    risk 0.64cvss 9.8epss 0.02

    A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.

  • CVE-2017-1000231CriNov 17, 2017
    risk 0.64cvss 9.8epss 0.03

    A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.

  • CVE-2017-1000228CriNov 17, 2017
    risk 0.64cvss 9.8epss 0.06

    nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function