VYPR

CVEs

31,173 total · page 575 of 624

  • CVE-2017-9458CriSep 7, 2017
    risk 0.64cvss 9.8epss 0.02

    XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a…

  • CVE-2017-13771CriSep 7, 2017
    risk 0.64cvss 9.8epss 0.03

    Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2)…

  • CVE-2016-10405CriSep 7, 2017
    risk 0.64cvss 9.8epss 0.02

    Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17.B01 allows remote attackers to hijack web sessions via unspecified vectors.

  • CVE-2015-3442CriSep 7, 2017
    risk 0.64cvss 9.8epss 0.03

    Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call.

  • CVE-2015-7241CriSep 6, 2017
    risk 0.68cvss 9.8epss 0.12

    XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.

  • CVE-2015-5959CriSep 6, 2017
    risk 0.57cvss 9.8epss 0.03

    Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log.

  • CVE-2016-3086CriSep 5, 2017
    risk 0.64cvss 9.8epss 0.04

    The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.

  • CVE-2017-14145CriSep 5, 2017
    risk 0.64cvss 9.8epss 0.01

    HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function.

  • CVE-2017-14138CriSep 4, 2017
    risk 0.64cvss 9.8epss 0.02

    ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.

  • CVE-2017-14135CriSep 4, 2017
    risk 0.65cvss 9.8epss 0.22

    enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI.

  • CVE-2017-14127CriSep 4, 2017
    risk 0.64cvss 9.8epss 0.03

    Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi.

  • CVE-2017-14122CriSep 3, 2017
    risk 0.59cvss 9.1epss 0.02

    unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.

  • CVE-2017-14100CriSep 2, 2017
    risk 0.65cvss 9.8epss 0.15

    In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an "externnotify" program configuration option that is…

  • CVE-2017-12873CriSep 1, 2017
    risk 0.57cvss 9.8epss 0.02

    SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured.

  • CVE-2017-3897CriSep 1, 2017
    risk 0.68cvss 9.8epss 0.12

    A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP…

  • CVE-2017-12868CriSep 1, 2017
    risk 0.57cvss 9.8epss 0.02

    The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR…

  • CVE-2015-7746CriSep 1, 2017
    risk 0.64cvss 9.8epss 0.02

    NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language.

  • CVE-2015-7700CriAug 31, 2017
    risk 0.64cvss 9.8epss 0.02

    Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors.

  • CVE-2017-0899CriAug 31, 2017
    risk 0.58cvss 9.8epss 0.11

    RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.

  • CVE-2017-14076CriAug 31, 2017
    risk 0.64cvss 9.8epss 0.01

    SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action.

  • CVE-2017-14069CriAug 31, 2017
    risk 0.64cvss 9.8epss 0.01

    SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php.

  • CVE-2017-14064CriAug 31, 2017
    risk 0.64cvss 9.8epss 0.09

    Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of…

  • CVE-2017-14062CriAug 31, 2017
    risk 0.64cvss 9.8epss 0.04

    Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.

  • CVE-2017-14061CriAug 31, 2017
    risk 0.64cvss 9.8epss 0.02

    Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.

  • CVE-2017-13708CriAug 31, 2017
    risk 0.68cvss 9.8epss 0.12

    Buffer overflow in the web server service in VX Search Enterprise 10.0.14 allows remote attackers to execute arbitrary code via a crafted GET request.

  • CVE-2017-14035CriAug 30, 2017
    risk 0.64cvss 9.8epss 0.02

    CrushFTP 8.x before 8.2.0 has a serialization vulnerability.

  • CVE-2017-12708CriAug 30, 2017
    risk 0.64cvss 9.8epss 0.03

    An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which…

  • CVE-2017-12706CriAug 30, 2017
    risk 0.64cvss 9.8epss 0.03

    A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based…

  • CVE-2017-12698CriAug 30, 2017
    risk 0.64cvss 9.8epss 0.05

    An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests allow a possible authentication bypass that could allow remote code execution.

  • CVE-2013-7426CriAug 29, 2017
    risk 0.64cvss 9.8epss 0.02

    Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1.

  • CVE-2017-12865CriAug 29, 2017
    risk 0.64cvss 9.8epss 0.06

    Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable.

  • CVE-2015-8299CriAug 29, 2017
    risk 0.64cvss 9.8epss 0.06

    Buffer overflow in the Group messages monitor (Falcon) in KNX ETS 4.1.5 (Build 3246) allows remote attackers to execute arbitrary code via a crafted KNXnet/IP UDP packet.

  • CVE-2015-7517CriAug 29, 2017
    risk 0.64cvss 9.8epss 0.04

    Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to (1) class-doifd-download.php or (2) class-doifd-landing-page.php in public/includes/.

  • CVE-2017-1376CriAug 29, 2017
    risk 0.64cvss 9.8epss 0.03

    A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. IBM X-Force ID: 126873.

  • CVE-2017-13715CriAug 29, 2017
    risk 0.64cvss 9.8epss 0.10

    The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a…

  • CVE-2017-10842CriAug 29, 2017
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2017-10833CriAug 29, 2017
    risk 0.59cvss 9.1epss 0.02

    "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or modify configurations via unspecified vectors.

  • CVE-2017-10832CriAug 29, 2017
    risk 0.64cvss 9.8epss 0.03

    "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.

  • CVE-2017-8380CriAug 28, 2017
    risk 0.64cvss 9.8epss 0.04

    Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors.

  • CVE-2015-1430CriAug 28, 2017
    risk 0.64cvss 9.8epss 0.01

    Buffer overflow in xymon 4.3.17-1.

  • CVE-2015-1401CriAug 28, 2017
    risk 0.64cvss 9.8epss 0.03

    Improper Authentication vulnerability in the "LDAP / SSO Authentication" (ig_ldap_sso_auth) extension 2.0.0 for TYPO3.

  • CVE-2014-9558CriAug 28, 2017
    risk 0.67cvss 9.8epss 0.04

    Multiple SQL injection vulnerabilities in SmartCMS v.2.

  • CVE-2014-9513CriAug 28, 2017
    risk 0.64cvss 9.8epss 0.04

    Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows remote attackers to execute arbitrary code.

  • CVE-2014-8428CriAug 28, 2017
    risk 0.64cvss 9.8epss 0.02

    Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key.

  • CVE-2014-8426CriAug 28, 2017
    risk 0.64cvss 9.8epss 0.02

    Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015.

  • CVE-2013-0870CriAug 28, 2017
    risk 0.64cvss 9.8epss 0.01

    The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check.

  • CVE-2017-13707CriAug 27, 2017
    risk 0.64cvss 9.8epss 0.03

    Privilege escalation in Replibit Backup Manager earlier than version 2017.08.04 allows attackers to gain root privileges via sudo command execution. The vi program can be accessed through sudo, in order to navigate the filesystem and modify a critical file such as /etc/passwd.

  • CVE-2017-12816CriAug 25, 2017
    risk 0.64cvss 9.8epss 0.02

    In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC.

  • CVE-2017-12707CriAug 25, 2017
    risk 0.64cvss 9.8epss 0.03

    A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow.

  • CVE-2014-7859CriAug 25, 2017
    risk 0.65cvss 9.8epss 0.21

    Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and…