VIR Vulnerability Intelligence Relay

Search

Found 13,013 results in 913ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-14076 critical 9.8 9.8 nexusphp 9y ago SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action.
CVE-2017-14069 critical 9.8 9.8 nexusphp 9y ago SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php.
CVE-2017-14064 critical 9.8 9.8 slesdebian debian rhel ruby-lang 9y ago Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which …
CVE-2017-14062 critical 9.8 9.8 FIX slesdebian debian gnu 9y ago Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2017-14061 critical 9.8 9.8 FIX debian debian gnu 9y ago Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2017-13708 critical 9.8 10.0 EXP vxsearch 9y ago Buffer overflow in the web server service in VX Search Enterprise 10.0.14 allows remote attackers to execute arbitrary code via a crafted GET request.
CVE-2017-14035 critical 9.8 9.8 crushftp 9y ago CrushFTP 8.x before 8.2.0 has a serialization vulnerability.
CVE-2017-12708 critical 9.8 9.8 advantech 9y ago An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabil…
CVE-2017-12706 critical 9.8 9.8 advantech 9y ago A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validat…
CVE-2017-12698 critical 9.8 9.8 advantech 9y ago An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests allow a possible authentication bypass that could allow remote code …
CVE-2013-7426 critical 9.8 9.8 FIX debian debian kamailio 9y ago Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1.
CVE-2017-12865 critical 9.8 9.8 FIX debian debian intel 9y ago Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string pass…
CVE-2015-8299 critical 9.8 9.8 knx 9y ago Buffer overflow in the Group messages monitor (Falcon) in KNX ETS 4.1.5 (Build 3246) allows remote attackers to execute arbitrary code via a crafted KNXnet/IP UDP packet.
CVE-2015-7517 critical 9.8 9.8 labwebdesigns 9y ago Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to (1) class-…
CVE-2017-1376 critical 9.8 9.8 sles ibm 9y ago A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. IBM X-Force ID: 126873.
CVE-2017-13715 critical 9.8 9.8 FIX slesdebian debian linux-kernel 9y ago The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a…
CVE-2017-10842 critical 9.8 9.8 basercms 9y ago baserCMS SQL Injection vulnerability
CVE-2017-10833 critical 9.1 9.1 9y ago "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or modify configurations via unspecified vectors.
CVE-2017-10832 critical 9.8 9.8 9y ago "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVE-2017-0899 critical 9.8 9.8 FIX slesdebian debian rhel rubygems 9y ago RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape seque…
CVE-2017-8380 critical 9.8 9.8 FIX slesdebian debian qemu 9y ago Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors.
CVE-2015-1430 critical 9.8 9.8 FIX debian debian xymon 9y ago Buffer overflow in xymon 4.3.17-1.
CVE-2015-1401 critical 9.8 9.8 ldap_\/_sso_authentication_project 9y ago Improper Authentication vulnerability in the "LDAP / SSO Authentication" (ig_ldap_sso_auth) extension 2.0.0 for TYPO3.
CVE-2014-9558 critical 9.8 10.0 EXP smartcms 9y ago Multiple SQL injection vulnerabilities in SmartCMS v.2.
CVE-2014-9513 critical 9.8 9.8 debian debian debian 9y ago Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows remote attackers to execute arbitrary code.
CVE-2014-8428 critical 9.8 9.8 barracuda 9y ago Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key.
CVE-2014-8426 critical 9.8 9.8 barracuda 9y ago Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015.
CVE-2013-0870 critical 9.8 9.8 FIX debian debian ffmpeg 9y ago The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check.
CVE-2017-13707 critical 9.8 9.8 axcient 9y ago Privilege escalation in Replibit Backup Manager earlier than version 2017.08.04 allows attackers to gain root privileges via sudo command execution. The vi program can be accessed through sudo, in or…
CVE-2017-12816 critical 9.8 9.8 kaspersky 9y ago In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the p…
CVE-2017-12707 critical 9.8 9.8 spidercontrol 9y ago A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow.
CVE-2014-7859 critical 9.8 9.8 9y ago Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows …
CVE-2014-7858 critical 9.8 9.8 9y ago The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string.
CVE-2014-7857 critical 9.8 9.8 9y ago D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass …
CVE-2015-8352 critical 9.8 10.0 EXP zen-cart 9y ago Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.
CVE-2015-1801 critical 9.8 9.8 9y ago The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to cause a denial of service (memory corruption) or gain privileges.
CVE-2017-13669 critical 9.8 9.8 nexusphp 9y ago SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php.
CVE-2017-12679 critical 9.8 9.8 nexusphp 9y ago SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php.
CVE-2017-12965 critical 9.8 10.0 EXP apache2triad 9y ago Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
CVE-2015-5224 critical 9.8 9.8 FIX slesdebian debian kernel 9y ago The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks.
CVE-2017-13137 critical 9.8 9.8 formcrafts 9y ago The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php.
CVE-2017-12858 critical 9.8 9.8 FIX arch arch slesdebian debian libzip 9y ago Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors.
CVE-2017-12791 critical 9.8 9.8 sles saltstack 9y ago Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master …
CVE-2017-13139 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu imagemagick 9y ago In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.
CVE-2016-4460 critical 9.8 9.8 apache 9y ago Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication.
CVE-2015-6473 critical 9.8 9.8 9y ago WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation.
CVE-2015-6472 critical 9.8 9.8 9y ago WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management.
CVE-2017-12787 critical 9.8 10.0 EXP noviflow 9y ago A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an…
CVE-2017-12786 critical 9.8 10.0 EXP noviflow 9y ago Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an op…
CVE-2017-12785 critical 9.8 10.0 EXP noviflow 9y ago The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. Th…
CVE-2015-2857 critical 9.8 10.0 EXP accellion 9y ago Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter.
CVE-2017-7420 critical 9.8 9.8 microfocus 9y ago An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Ho…
CVE-2017-12981 critical 9.8 9.8 nexusphp 9y ago NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action.
CVE-2017-11366 critical 9.8 9.8 codiad 9y ago Codiad Vulnerable to Shell Command Injection
CVE-2007-5341 critical 9.8 9.8 mozilla 9y ago Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8.
CVE-2007-5199 critical 9.8 9.8 FIX debian debian x 9y ago A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact.
CVE-2017-7364 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address (whi…
CVE-2016-5872 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, arguments to several QTEE syscalls are not properly validated.
CVE-2016-5871 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an image file.
CVE-2016-10392 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, a driver can potentially leak kernel memory.
CVE-2016-10391 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, the length in an HCI command is not properly checked for validity.
CVE-2016-10390 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, when downloading a file, an excessive amount of memory may be consumed.
CVE-2016-10388 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, a configuration vulnerability exists when loading a 3rd-party QTEE application.
CVE-2016-10387 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario.
CVE-2016-10386 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, an array index out of bounds vulnerability exists in LPP.
CVE-2016-10385 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, a use-after-free vulnerability exists in IMS RCS.
CVE-2016-10384 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a WLAN driver ioctl.
CVE-2016-10382 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, access control to the I2C bus is not sufficient.
CVE-2016-10381 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location.
CVE-2016-10380 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location.
CVE-2016-10347 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a hypervisor function is not properly validated.
CVE-2016-10346 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in the hypervisor.
CVE-2016-10344 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in LTE.
CVE-2016-10343 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, sSL handshake failure with ClientHello rejection results in memory leak.
CVE-2015-9073 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall.
CVE-2015-9072 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall.
CVE-2015-9071 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall.
CVE-2015-9070 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall.
CVE-2015-9069 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, the Secure File System can become corrupted.
CVE-2015-9068 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a mink syscall is not properly validated.
CVE-2015-9067 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, a potential compiler optimization of memset() is addressed.
CVE-2015-9066 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an Inter-RAT procedure.
CVE-2015-9065 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, a UE can respond to a UEInformationRequest before Access Stratum security is established.
CVE-2015-9064 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send IMEI or IMEISV to the network on a network request before NAS security has been activated.
CVE-2015-9063 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a procedure involving a remote UIM client.
CVE-2015-9062 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an ELF file.
CVE-2015-9061 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, playReady DRM failed to check a length potentially leading to unauthorized access to secure memory.
CVE-2015-9060 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not properly validated in a QTEE system call.
CVE-2015-9055 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a memory management routine.
CVE-2015-9054 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced during GAL decoding.
CVE-2015-9053 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the processing of certain responses from the USIM.
CVE-2015-9052 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached while processing a downlink message.
CVE-2015-9051 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on a length in a System Inform…
CVE-2015-9050 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists where an array out of bounds access can occur during a CA call.
CVE-2015-9049 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of certain responses from the USIM.
CVE-2015-9048 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of lost RTP packets.
CVE-2015-9047 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GNSS when performing a scan after bootup.
CVE-2015-9046 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency lis…
CVE-2015-9045 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GERAN where a buffer can be overflown while taking power measurements.
CVE-2015-9044 critical 9.8 9.8 9y ago In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency lis…