VYPR

CVEs

1,630 total · page 11 of 33

  • CVE-2023-41266KEVAug 29, 2023
    risk 0.26cvss epss 0.85

    A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate…

  • CVE-2023-38831KEVAug 23, 2023
    risk 0.29cvss epss 0.98

    RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the…

  • CVE-2023-38035KEVAug 21, 2023
    risk 0.29cvss epss 1.00

    A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.

  • CVE-2023-36846KEVAug 17, 2023
    risk 0.20cvss epss 0.94

    A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require…

  • CVE-2023-36845KEVAug 17, 2023
    risk 0.23cvss epss 0.94

    A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to…

  • CVE-2023-36844KEVAug 17, 2023
    risk 0.20cvss epss 0.90

    A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP…

  • CVE-2023-36847KEVAug 17, 2023
    risk 0.20cvss epss 0.85

    A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't…

  • CVE-2023-35082KEVAug 15, 2023
    risk 0.26cvss epss 1.00

    An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier.

  • CVE-2022-48503KEVAug 14, 2023
    risk 0.12cvss epss 0.03

    The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution.

  • CVE-2023-38180KEVAug 8, 2023
    risk 0.12cvss epss 0.16

    .NET and Visual Studio Denial of Service Vulnerability

  • CVE-2023-35081KEVAug 3, 2023
    risk 0.19cvss epss 0.63

    A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.

  • CVE-2023-38950KEVAug 3, 2023
    risk 0.19cvss epss 0.85

    A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. This vulnerability was fixed in version 9.0.120240617.19506 of ZKBioTime.

  • CVE-2023-37580KEVJul 31, 2023
    risk 0.20cvss epss 0.59

    Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.

  • CVE-2023-38606KEVJul 26, 2023
    risk 0.12cvss epss 0.01

    This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to modify sensitive kernel state.…

  • CVE-2023-37450KEVJul 26, 2023
    risk 0.12cvss epss 0.18

    The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been…

  • CVE-2023-35078KEVJul 25, 2023
    risk 0.26cvss epss 1.00

    An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication.

  • CVE-2023-38203KEVJul 20, 2023
    risk 0.26cvss epss 0.97

    Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.

  • CVE-2023-3519KEVJul 19, 2023
    risk 0.28cvss epss 0.99

    Unauthenticated remote code execution

  • CVE-2023-29300KEVJul 12, 2023
    risk 0.26cvss epss 1.00

    Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.

  • CVE-2023-29298KEVJul 12, 2023
    risk 0.20cvss epss 1.00

    Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the…

  • CVE-2023-36884KEVJul 11, 2023
    risk 0.25cvss epss 0.99

    Windows Search Remote Code Execution Vulnerability

  • CVE-2023-35311KEVJul 11, 2023
    risk 0.12cvss epss 0.15

    Microsoft Outlook Security Feature Bypass Vulnerability

  • CVE-2023-36874KEVJul 11, 2023
    risk 0.21cvss epss 0.32

    Windows Error Reporting Service Elevation of Privilege Vulnerability

  • CVE-2023-32049KEVJul 11, 2023
    risk 0.13cvss epss 0.04

    Windows SmartScreen Security Feature Bypass Vulnerability

  • CVE-2023-32046KEVJul 11, 2023
    risk 0.15cvss epss 0.09

    Windows MSHTML Platform Elevation of Privilege Vulnerability

  • CVE-2023-24489KEVJul 10, 2023
    risk 0.20cvss epss 0.95

    A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.

  • CVE-2023-34192KEVJul 6, 2023
    risk 0.19cvss epss 0.77

    Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.

  • CVE-2023-21237KEVJun 28, 2023
    risk 0.12cvss epss 0.00

    In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…

  • CVE-2023-32435KEVJun 23, 2023
    risk 0.12cvss epss 0.23

    A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that…

  • CVE-2023-32434KEVJun 23, 2023
    risk 0.16cvss epss 0.52

    An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute…

  • CVE-2023-32439KEVJun 23, 2023
    risk 0.12cvss epss 0.24

    A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a…

  • CVE-2023-32373KEVJun 23, 2023
    risk 0.12cvss epss 0.12

    A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code…

  • CVE-2023-28204KEVJun 23, 2023
    risk 0.12cvss epss 0.14

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware…

  • CVE-2023-32409KEVJun 23, 2023
    risk 0.12cvss epss 0.17

    The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a…

  • CVE-2023-2533KEVJun 20, 2023
    risk 0.15cvss epss 0.29

    A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current…

  • CVE-2023-27992KEVJun 19, 2023
    risk 0.19cvss epss 0.84

    The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to…

  • CVE-2023-29360KEVJun 13, 2023
    risk 0.14cvss epss 0.22

    Microsoft Streaming Service Elevation of Privilege Vulnerability

  • CVE-2023-29357KEVJun 13, 2023
    risk 0.29cvss epss 1.00

    Microsoft SharePoint Server Elevation of Privilege Vulnerability

  • CVE-2023-20867KEVJun 13, 2023
    risk 0.12cvss epss 0.14

    A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

  • CVE-2023-27997KEVJun 13, 2023
    risk 0.25cvss epss 0.86

    A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all…

  • CVE-2023-20887KEVJun 7, 2023
    risk 0.23cvss epss 0.98

    Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.

  • CVE-2023-33538KEVJun 7, 2023
    risk 0.19cvss epss 0.42

    TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .

  • CVE-2023-3079KEVJun 5, 2023
    risk 0.12cvss epss 0.33

    Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-34362KEVJun 2, 2023
    risk 0.29cvss epss 1.00

    In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access…

  • CVE-2023-32315KEVMay 26, 2023
    risk 0.16cvss epss 1.00

    Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the…

  • CVE-2023-2868KEVMay 24, 2023
    risk 0.22cvss epss 0.87

    A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape…

  • CVE-2023-33246KEVMay 24, 2023
    risk 0.16cvss epss 0.97

    For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.  Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit…

  • CVE-2023-33009KEVMay 24, 2023
    risk 0.12cvss epss 0.28

    A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions…

  • CVE-2023-33010KEVMay 24, 2023
    risk 0.13cvss epss 0.29

    A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions…

  • CVE-2023-29336KEVMay 9, 2023
    risk 0.21cvss epss 0.41

    Win32k Elevation of Privilege Vulnerability