VYPR
Vendor

Pro Face

Products
4
CVEs
14
Across products
21
Status
Private

Products

4

Recent CVEs

14
  • CVE-2015-7921CriApr 6, 2016
    risk 0.59cvss 9.1epss 0.02

    The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these…

  • CVE-2016-2290HigApr 6, 2016
    risk 0.57cvss 8.8epss 0.02

    Heap-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2016-2292MedApr 6, 2016
    risk 0.42cvss 6.5epss 0.02

    Stack-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2016-2291MedApr 6, 2016
    risk 0.42cvss 6.5epss 0.02

    Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allow remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.

  • CVE-2004-0342MedNov 23, 2004
    risk 0.36cvss 5.5epss 0.00

    WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly…

  • CVE-2012-3794Jun 25, 2012
    risk 0.05cvss epss 0.22

    Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted packet with a certain opcode that triggers an invalid attempt…

  • CVE-2012-3797Jun 25, 2012
    risk 0.04cvss epss 0.13

    Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, does not properly check packet sizes before reusing packet memory buffers, which allows remote attackers to cause a denial of service (heap memory corruption) or…

  • CVE-2012-3796Jun 25, 2012
    risk 0.04cvss epss 0.11

    Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to obtain sensitive information from daemon memory via a crafted packet with a certain opcode.

  • CVE-2012-3795Jun 25, 2012
    risk 0.04cvss epss 0.11

    Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a crafted packet with a certain opcode and a large value in a size field.

  • CVE-2012-3793Jun 25, 2012
    risk 0.04cvss epss 0.12

    Integer overflow in Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a crafted packet with a certain opcode that triggers an incorrect memory…

  • CVE-2012-3792Jun 25, 2012
    risk 0.04cvss epss 0.11

    Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (out-of-bounds read operation) via a crafted packet that triggers a certain Find Node check attempt.

  • CVE-2023-3953Aug 9, 2023
    risk 0.00cvss epss 0.00

    A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from GP-Pro EX.

  • CVE-2021-22775Sep 2, 2021
    risk 0.00cvss epss 0.00

    A CWE-427: Uncontrolled Search Path Element vulnerability exists in GP-Pro EX,V4.09.250 and prior, that could cause local code execution with elevated privileges when installing the software.

  • CVE-2020-7492Jun 16, 2020
    risk 0.00cvss epss 0.01

    A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded.