VYPR

CVEs

38,009 total · page 726 of 761

  • CVE-2016-2175HigJun 1, 2016
    risk 0.51cvss 7.8epss 0.05

    Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.

  • CVE-2016-1234HigJun 1, 2016
    risk 0.49cvss 7.5epss 0.05

    Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.

  • CVE-2016-4506HigMay 31, 2016
    risk 0.52cvss 8.0epss 0.01

    Cross-site request forgery (CSRF) vulnerability on Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allows remote authenticated users to hijack the authentication of arbitrary users.

  • CVE-2016-4505HigMay 31, 2016
    risk 0.57cvss 8.8epss 0.02

    Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allow remote authenticated users to modify arbitrary passwords via unspecified vectors.

  • CVE-2016-4502HigMay 31, 2016
    risk 0.49cvss 7.5epss 0.02

    Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter.

  • CVE-2016-2295HigMay 31, 2016
    risk 0.49cvss 7.5epss 0.02

    Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices…

  • CVE-2016-2286HigMay 31, 2016
    risk 0.49cvss 7.5epss 0.01

    Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices…

  • CVE-2016-2285HigMay 31, 2016
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with…

  • CVE-2016-0879HigMay 31, 2016
    risk 0.49cvss 7.5epss 0.02

    Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL.

  • CVE-2016-0878HigMay 31, 2016
    risk 0.49cvss 7.5epss 0.02

    Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to cause a denial of service (cold start) by sending two crafted ping requests.

  • CVE-2016-0877HigMay 31, 2016
    risk 0.49cvss 7.5epss 0.02

    Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function.

  • CVE-2016-0876HigMay 31, 2016
    risk 0.49cvss 7.5epss 0.01

    Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file.

  • CVE-2016-0875HigMay 31, 2016
    risk 0.49cvss 7.5epss 0.02

    Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL.

  • CVE-2016-4118HigMay 30, 2016
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in the installer in Adobe Connect Add-In before 11.9.976.291 on Windows allows local users to gain privileges via unspecified vectors.

  • CVE-2016-2309HigMay 30, 2016
    risk 0.47cvss 7.2epss 0.01

    iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.

  • CVE-2016-2025HigMay 30, 2016
    risk 0.49cvss 7.5epss 0.04

    HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components.

  • CVE-2016-1409HigMay 29, 2016
    risk 0.49cvss 7.5epss 0.04

    The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as…

  • CVE-2016-1404HigMay 29, 2016
    risk 0.49cvss 7.5epss 0.01

    Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by sniffing network traffic…

  • CVE-2016-1410HigMay 28, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312.

  • CVE-2016-3681HigMay 26, 2016
    risk 0.51cvss 7.8epss 0.01

    Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted…

  • CVE-2016-3680HigMay 26, 2016
    risk 0.51cvss 7.8epss 0.01

    Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted…

  • CVE-2016-4791HigMay 26, 2016
    risk 0.56cvss 8.6epss 0.02

    The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via…

  • CVE-2016-4786HigMay 26, 2016
    risk 0.49cvss 7.5epss 0.02

    Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.

  • CVE-2016-4021HigMay 26, 2016
    risk 0.49cvss 7.5epss 0.02

    The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string.

  • CVE-2016-1887HigMay 25, 2016
    risk 0.54cvss 7.8epss 0.01

    Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory overwrite and kernel panic) or gain privileges via a negative buflen argument,…

  • CVE-2016-1886HigMay 25, 2016
    risk 0.54cvss 7.8epss 0.01

    Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and…

  • CVE-2015-8853HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.03

    The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."

  • CVE-2016-1407HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services (LPTS) flow-base entries, which allows remote attackers to cause a denial of service (session drop) by making many connection attempts to open TCP ports, aka Bug ID CSCux95576.

  • CVE-2016-1406HigMay 25, 2016
    risk 0.57cvss 8.8epss 0.02

    The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON…

  • CVE-2016-1400HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7.2 allows remote attackers to cause a denial of service (service disruption) via a crafted URI in a SIP header, aka Bug ID CSCuy43258.

  • CVE-2016-1383HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.01

    Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an unspecified HTTP status code, aka Bug ID CSCur28305.

  • CVE-2016-1382HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance (WSA) devices mishandles memory allocation for HTTP requests, which allows remote attackers to cause a denial of service (proxy-process reload) via a crafted request, aka Bug ID CSCuu02529.

  • CVE-2016-1381HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.01

    Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via an HTTP file-range request for cached content, aka Bug ID CSCuw97270.

  • CVE-2016-1380HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.01

    Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (proxy-process hang) via a crafted HTTP POST request, aka Bug ID CSCuo12171.

  • CVE-2016-4782HigMay 23, 2016
    risk 0.57cvss 8.8epss 0.02

    Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an "intent scheme URL attack."

  • CVE-2016-4577HigMay 23, 2016
    risk 0.49cvss 7.5epss 0.01

    Buffer overflow in the Smart DNS functionality in the Huawei NGFW Module and Secospace USG6300, USG6500, USG6600, and USG9500 firewalls with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet,…

  • CVE-2016-4087HigMay 23, 2016
    risk 0.53cvss 8.1epss 0.01

    Huawei S12700 switches with software before V200R008C00SPC500 and S5700 switches with software before V200R005SPH010, when the debug switch is enabled, allows remote attackers to cause a denial of service or execute arbitrary code via crafted DNS packets.

  • CVE-2016-4049HigMay 23, 2016
    risk 0.49cvss 7.5epss 0.05

    The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.

  • CVE-2016-4001HigMay 23, 2016
    risk 0.56cvss 8.6epss 0.05

    Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet.

  • CVE-2016-3959HigMay 23, 2016
    risk 0.49cvss 7.5epss 0.04

    The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that…

  • CVE-2016-3958HigMay 23, 2016
    risk 0.44cvss 7.8epss 0.00

    Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function.

  • CVE-2016-3664HigMay 23, 2016
    risk 0.48cvss 7.4epss 0.01

    Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obtain sensitive information via a crafted certificate.

  • CVE-2016-2855HigMay 23, 2016
    risk 0.51cvss 7.8epss 0.00

    The Huawei Mobile Broadband HL Service 22.001.25.00.03 and earlier uses a weak ACL for the MobileBrServ program data directory, which allows local users to gain SYSTEM privileges by modifying VERSION.dll.

  • CVE-2016-4951HigMay 23, 2016
    risk 0.51cvss 7.8epss 0.01

    The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit…

  • CVE-2016-4913HigMay 23, 2016
    risk 0.51cvss 7.8epss 0.01

    The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via…

  • CVE-2016-4805HigMay 23, 2016
    risk 0.51cvss 7.8epss 0.00

    Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to…

  • CVE-2016-4794HigMay 23, 2016
    risk 0.51cvss 7.8epss 0.01

    Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls.

  • CVE-2016-4580HigMay 23, 2016
    risk 0.49cvss 7.5epss 0.04

    The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.

  • CVE-2016-4568HigMay 23, 2016
    risk 0.51cvss 7.8epss 0.00

    drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux kernel before 4.5.3 allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a crafted number of planes in a VIDIOC_DQBUF ioctl call.

  • CVE-2016-4565HigMay 23, 2016
    risk 0.51cvss 7.8epss 0.00

    The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.