VYPR

CVEs

1,630 total · page 12 of 33

  • CVE-2023-24955KEVMay 9, 2023
    risk 0.28cvss epss 0.85

    Microsoft SharePoint Server Remote Code Execution Vulnerability

  • CVE-2023-21492KEVMay 4, 2023
    risk 0.12cvss epss 0.03

    Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.

  • CVE-2023-29552KEVApr 25, 2023
    risk 0.19cvss epss 0.66

    The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.

  • CVE-2023-28771KEVApr 25, 2023
    risk 0.23cvss epss 0.99

    Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an…

  • CVE-2023-27524KEVApr 24, 2023
    risk 0.16cvss epss 0.97

    Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not…

  • CVE-2023-27351HigKEVApr 20, 2023
    risk 0.73cvss 7.5epss 0.78

    This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results…

  • CVE-2023-27350KEVApr 20, 2023
    risk 0.29cvss epss 1.00

    This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from…

  • CVE-2023-2136KEVApr 19, 2023
    risk 0.12cvss epss 0.06

    Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-2033KEVApr 14, 2023
    risk 0.14cvss epss 0.41

    Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-28252KEVApr 11, 2023
    risk 0.26cvss epss 0.49

    Windows Common Log File System Driver Elevation of Privilege Vulnerability

  • CVE-2023-28229KEVApr 11, 2023
    risk 0.13cvss epss 0.02

    Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

  • CVE-2023-29492KEVApr 11, 2023
    risk 0.13cvss epss 0.03

    Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.

  • CVE-2023-28206KEVApr 10, 2023
    risk 0.14cvss epss 0.25

    An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1, iOS 15.7.5 and iPadOS 15.7.5, macOS Big Sur 11.7.6. An app may be able to execute arbitrary code with…

  • CVE-2023-28205KEVApr 10, 2023
    risk 0.12cvss epss 0.27

    A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is…

  • CVE-2023-26083KEVApr 6, 2023
    risk 0.12cvss epss 0.01

    Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from…

  • CVE-2023-20118KEVApr 5, 2023
    risk 0.12cvss epss 0.54

    A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper…

  • CVE-2023-1671KEVApr 4, 2023
    risk 0.23cvss epss 1.00

    A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.

  • CVE-2022-43939KEVApr 3, 2023
    risk 0.22cvss epss 0.92

    Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.

  • CVE-2022-43769KEVApr 3, 2023
    risk 0.23cvss epss 0.98

    Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream.

  • CVE-2022-42948KEVMar 24, 2023
    risk 0.14cvss epss 0.03

    Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI.

  • CVE-2023-20963KEVMar 24, 2023
    risk 0.12cvss epss 0.01

    In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID:…

  • CVE-2023-26359KEVMar 23, 2023
    risk 0.18cvss epss 0.18

    Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require…

  • CVE-2023-26360KEVMar 23, 2023
    risk 0.23cvss epss 0.97

    Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user…

  • CVE-2023-28434KEVMar 22, 2023
    risk 0.06cvss epss 0.07

    Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket`. To carry out this attack, the attacker…

  • CVE-2023-28432KEVMar 22, 2023
    risk 0.23cvss epss 0.84

    Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in…

  • CVE-2023-0386KEVMar 22, 2023
    risk 0.16cvss epss 0.08

    A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a…

  • CVE-2023-25280KEVMar 16, 2023
    risk 0.19cvss epss 0.98

    OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.

  • CVE-2023-28461KEVMar 15, 2023
    risk 0.25cvss epss 0.68

    Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable…

  • CVE-2023-1389KEVMar 15, 2023
    risk 0.22cvss epss 1.00

    TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was…

  • CVE-2023-24880KEVMar 14, 2023
    risk 0.24cvss epss 0.78

    Windows SmartScreen Security Feature Bypass Vulnerability

  • CVE-2023-23397KEVMar 14, 2023
    risk 0.19cvss epss 0.97

    Microsoft Outlook Elevation of Privilege Vulnerability

  • CVE-2023-27532KEVMar 10, 2023
    risk 0.25cvss epss 0.78

    Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.

  • CVE-2022-41328KEVMar 7, 2023
    risk 0.12cvss epss 0.12

    A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via…

  • CVE-2019-8720KEVMar 6, 2023
    risk 0.12cvss epss 0.02

    A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.

  • CVE-2023-23529KEVFeb 27, 2023
    risk 0.12cvss epss 0.10

    A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a…

  • CVE-2022-47986KEVFeb 17, 2023
    risk 0.29cvss epss 1.00

    IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary…

  • CVE-2023-23752KEVFeb 16, 2023
    risk 0.16cvss epss 1.00

    An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.

  • CVE-2023-21529HigKEVFeb 14, 2023
    risk 0.77cvss 8.8epss 0.62

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2023-21823KEVFeb 14, 2023
    risk 0.12cvss epss 0.06

    Windows Graphics Component Remote Code Execution Vulnerability

  • CVE-2023-23376KEVFeb 14, 2023
    risk 0.19cvss epss 0.11

    Windows Common Log File System Driver Elevation of Privilege Vulnerability

  • CVE-2023-21715KEVFeb 14, 2023
    risk 0.12cvss epss 0.12

    Microsoft Publisher Security Feature Bypass Vulnerability

  • CVE-2023-25717KEVFeb 13, 2023
    risk 0.20cvss epss 0.95

    Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.

  • CVE-2022-24990KEVFeb 7, 2023
    risk 0.29cvss epss 0.84

    TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.

  • CVE-2023-0669KEVFeb 6, 2023
    risk 0.22cvss epss 1.00

    Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.

  • CVE-2023-0266KEVJan 30, 2023
    risk 0.12cvss epss 0.04

    A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend…

  • CVE-2023-21608KEVJan 18, 2023
    risk 0.18cvss epss 0.61

    Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue…

  • CVE-2022-47966KEVJan 18, 2023
    risk 0.29cvss epss 1.00

    Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application…

  • CVE-2023-21839KEVJan 17, 2023
    risk 0.23cvss epss 1.00

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP…

  • CVE-2023-22952KEVJan 11, 2023
    risk 0.22cvss epss 0.80

    In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.

  • CVE-2023-21674KEVJan 10, 2023
    risk 0.14cvss epss 0.42

    Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability