VYPR

CVEs

38,009 total · page 720 of 761

  • CVE-2016-1394HigJul 3, 2016
    risk 0.56cvss 8.6epss 0.01

    Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238.

  • CVE-2016-4560HigJul 2, 2016
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in Flexera InstallAnywhere allows local users to gain privileges via a Trojan horse DLL in the current working directory of a setup-launcher executable file.

  • CVE-2016-3956HigJul 2, 2016
    risk 0.42cvss 7.5epss 0.07

    The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading…

  • CVE-2016-2867HigJul 2, 2016
    risk 0.46cvss 7.0epss 0.00

    IBM InfoSphere Streams before 4.0.1.2 and IBM Streams before 4.1.1.1 do not properly implement the runAsUser feature, which allows local users to obtain root group privileges via unspecified vectors.

  • CVE-2016-1408HigJul 2, 2016
    risk 0.57cvss 8.8epss 0.02

    Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488.

  • CVE-2016-0386HigJul 2, 2016
    risk 0.52cvss 8.0epss 0.00

    Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete employees.

  • CVE-2016-0375HigJul 1, 2016
    risk 0.57cvss 8.8epss 0.02

    JMS Client in IBM MessageSight 1.1.x through 1.1.0.1, 1.2.x through 1.2.0.3, and 2.0.x through 2.0.0.0 allows remote authenticated users to obtain administrator privileges for executing arbitrary commands via unspecified vectors.

  • CVE-2016-0374HigJul 1, 2016
    risk 0.57cvss 8.8epss 0.01

    The builder tools in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allow remote authenticated users to gain privileges for application modification via unspecified vectors.

  • CVE-2016-0362HigJul 1, 2016
    risk 0.50cvss 7.7epss 0.01

    IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet or Internet hosts, via a crafted proxy…

  • CVE-2016-3653HigJun 30, 2016
    risk 0.55cvss 8.0epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users.

  • CVE-2016-3651HigJun 30, 2016
    risk 0.52cvss 8.0epss 0.02

    Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors.

  • CVE-2016-3650HigJun 30, 2016
    risk 0.57cvss 8.8epss 0.01

    Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack.

  • CVE-2016-3648HigJun 30, 2016
    risk 0.57cvss 8.8epss 0.02

    Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing attacks against management-console accounts, by entering data into the…

  • CVE-2016-3647HigJun 30, 2016
    risk 0.50cvss 7.7epss 0.02

    Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet hosts, via a crafted request.

  • CVE-2016-3646HigJun 30, 2016
    risk 0.59cvss 8.4epss 0.18

    The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec…

  • CVE-2016-3644HigJun 30, 2016
    risk 0.59cvss 8.4epss 0.18

    The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec…

  • CVE-2016-2211HigJun 30, 2016
    risk 0.55cvss 7.8epss 0.53

    The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec…

  • CVE-2016-2210HigJun 30, 2016
    risk 0.51cvss 7.3epss 0.11

    Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint…

  • CVE-2016-2209HigJun 30, 2016
    risk 0.52cvss 7.3epss 0.21

    Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint…

  • CVE-2016-2207HigJun 30, 2016
    risk 0.59cvss 8.4epss 0.18

    The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec…

  • CVE-2016-5360HigJun 30, 2016
    risk 0.52cvss 7.5epss 0.42

    HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other impact via unknown vectors.

  • CVE-2016-5301HigJun 30, 2016
    risk 0.49cvss 7.5epss 0.02

    The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service (crash) via a crafted (1) HTTP response or possibly a (2) UPnP broadcast.

  • CVE-2016-5020HigJun 30, 2016
    risk 0.57cvss 8.8epss 0.03

    F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modify the account configuration of users with the Resource Administration role and gain privilege via a crafted external Extended Application Verification (EAV) monitor script.

  • CVE-2016-4971HigJun 30, 2016
    risk 0.64cvss 8.8epss 0.46

    GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.

  • CVE-2016-4803HigJun 30, 2016
    risk 0.49cvss 7.5epss 0.02

    CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject.

  • CVE-2016-4472HigJun 30, 2016
    risk 0.54cvss 8.1epss 0.12

    The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix…

  • CVE-2016-4309HigJun 30, 2016
    risk 0.53cvss 7.5epss 0.09

    Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter.

  • CVE-2015-8899HigJun 30, 2016
    risk 0.49cvss 7.5epss 0.02

    Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.

  • CVE-2016-5840HigJun 30, 2016
    risk 0.50cvss 7.2epss 0.08

    hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.

  • CVE-2016-5729HigJun 30, 2016
    risk 0.53cvss 8.2epss 0.00

    Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management Mode (SMM) privileges via unspecified vectors.

  • CVE-2016-5368HigJun 30, 2016
    risk 0.49cvss 7.5epss 0.01

    Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted Multiprotocol Label Switching (MPLS) packets.

  • CVE-2016-5249HigJun 30, 2016
    risk 0.51cvss 7.8epss 0.01

    Lenovo Solution Center (LSC) before 3.3.003 allows local users to execute arbitrary code with LocalSystem privileges via vectors involving the LSC.Services.SystemService StartProxy command with a named pipe created in advance and crafted .NET assembly.

  • CVE-2016-5231HigJun 30, 2016
    risk 0.51cvss 7.8epss 0.01

    Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to bypass permission checks and delete user data via a crafted app.

  • CVE-2016-5230HigJun 30, 2016
    risk 0.57cvss 8.8epss 0.01

    Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to bypass permission checks and control partial module functions via a crafted app.

  • CVE-2016-4474HigJun 30, 2016
    risk 0.57cvss 8.8epss 0.01

    The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a default root password of ROOTPW, which allows attackers to gain access via…

  • CVE-2016-5839HigJun 29, 2016
    risk 0.42cvss 7.5epss 0.03

    WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism via unspecified vectors.

  • CVE-2016-5838HigJun 29, 2016
    risk 0.42cvss 7.5epss 0.03

    WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie.

  • CVE-2016-5837HigJun 29, 2016
    risk 0.42cvss 7.5epss 0.04

    WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors.

  • CVE-2016-5836HigJun 29, 2016
    risk 0.42cvss 7.5epss 0.04

    The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors.

  • CVE-2016-5835HigJun 29, 2016
    risk 0.42cvss 7.5epss 0.04

    WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php.

  • CVE-2016-5832HigJun 29, 2016
    risk 0.42cvss 7.5epss 0.03

    The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors.

  • CVE-2016-5101HigJun 29, 2016
    risk 0.57cvss 8.8epss 0.03

    Unspecified vulnerability in Opera Mail before 2016-02-16 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted e-mail message.

  • CVE-2012-6703HigJun 29, 2016
    risk 0.44cvss 7.8epss 0.00

    Integer overflow in the snd_compr_allocate_buffer function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.6-rc6-next-20120917 allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other…

  • CVE-2016-0304HigJun 29, 2016
    risk 0.53cvss 8.1epss 0.02

    The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, aka…

  • CVE-2016-0267HigJun 29, 2016
    risk 0.50cvss 7.7epss 0.01

    IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 allows remote authenticated users to obtain sensitive cleartext secure-property information via (1) the server UI or (2) a database request.

  • CVE-2016-0263HigJun 29, 2016
    risk 0.46cvss 7.0epss 0.00

    IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2 and General Parallel File System 3.5 before 3.5.0.30 allow local users to gain privileges or cause a denial of service via a crafted mmapplypolicy command.

  • CVE-2016-0260HigJun 29, 2016
    risk 0.49cvss 7.5epss 0.01

    Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before 8.0.0.5 allows remote attackers to cause a denial of service (heap memory consumption) by triggering many errors.

  • CVE-2015-8698HigJun 29, 2016
    risk 0.46cvss 7.1epss 0.01

    CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allows remote attackers to read arbitrary files or cause a denial of service via a request containing an XML external…

  • CVE-2016-0233HigJun 28, 2016
    risk 0.57cvss 8.8epss 0.01

    SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2016-5829HigJun 27, 2016
    risk 0.51cvss 7.8epss 0.00

    Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES…