VYPR

CVEs

1,631 total · page 13 of 33

  • CVE-2023-21674KEVJan 10, 2023
    risk 0.14cvss epss 0.42

    Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

  • CVE-2022-44877KEVJan 5, 2023
    risk 0.23cvss epss 1.00

    login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.

  • CVE-2022-42475KEVJan 2, 2023
    risk 0.26cvss epss 0.99

    A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated…

  • CVE-2022-26486KEVDec 22, 2022
    risk 0.12cvss epss 0.02

    An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0,…

  • CVE-2022-26485KEVDec 22, 2022
    risk 0.12cvss epss 0.14

    Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and…

  • CVE-2022-42856KEVDec 15, 2022
    risk 0.12cvss epss 0.09

    A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a…

  • CVE-2022-27518KEVDec 13, 2022
    risk 0.14cvss epss 0.07

    Unauthenticated remote arbitrary code execution

  • CVE-2022-44698KEVDec 13, 2022
    risk 0.23cvss epss 0.76

    Windows SmartScreen Security Feature Bypass Vulnerability

  • CVE-2022-46169KEVDec 5, 2022
    risk 0.23cvss epss 1.00

    Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if…

  • CVE-2022-4262KEVDec 2, 2022
    risk 0.13cvss epss 0.16

    Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2022-40799KEVNov 29, 2022
    risk 0.17cvss epss 0.31

    Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device.

  • CVE-2022-4135KEVNov 25, 2022
    risk 0.05cvss epss 0.32

    Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2022-40765KEVNov 22, 2022
    risk 0.18cvss epss 0.10

    A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters.

  • CVE-2022-41223KEVNov 22, 2022
    risk 0.18cvss epss 0.11

    The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type.

  • CVE-2022-23748KEVNov 17, 2022
    risk 0.13cvss epss 0.09

    mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files.

  • CVE-2022-41128KEVNov 9, 2022
    risk 0.15cvss epss 0.25

    Windows Scripting Languages Remote Code Execution Vulnerability

  • CVE-2022-41125KEVNov 9, 2022
    risk 0.12cvss epss 0.03

    Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

  • CVE-2022-41073KEVNov 9, 2022
    risk 0.18cvss epss 0.02

    Windows Print Spooler Elevation of Privilege Vulnerability

  • CVE-2022-41091KEVNov 9, 2022
    risk 0.19cvss epss 0.02

    Windows Mark of the Web Security Feature Bypass Vulnerability

  • CVE-2022-41049KEVNov 9, 2022
    risk 0.13cvss epss 0.02

    Windows Mark of the Web Security Feature Bypass Vulnerability

  • CVE-2022-41080KEVNov 9, 2022
    risk 0.26cvss epss 0.77

    Microsoft Exchange Server Elevation of Privilege Vulnerability

  • CVE-2022-31199KEVNov 8, 2022
    risk 0.18cvss epss 0.36

    Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. The remote code execution vulnerabilities exist within the underlying protocol used by…

  • CVE-2022-42827KEVNov 1, 2022
    risk 0.12cvss epss 0.01

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have…

  • CVE-2022-3723KEVNov 1, 2022
    risk 0.12cvss epss 0.07

    Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2022-38181KEVOct 25, 2022
    risk 0.14cvss epss 0.13

    The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; and Midgard r4p0 through r32p0.

  • CVE-2016-20017KEVOct 19, 2022
    risk 0.22cvss epss 0.60

    D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022.

  • CVE-2022-21587KEVOct 18, 2022
    risk 0.29cvss epss 0.98

    Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to…

  • CVE-2022-40684KEVOct 18, 2022
    risk 0.29cvss epss 1.00

    An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated…

  • CVE-2022-38028KEVOct 11, 2022
    risk 0.12cvss epss 0.15

    Windows Print Spooler Elevation of Privilege Vulnerability

  • CVE-2022-41033KEVOct 11, 2022
    risk 0.12cvss epss 0.02

    Windows COM+ Event System Service Elevation of Privilege Vulnerability

  • CVE-2022-41040KEVOct 3, 2022
    risk 0.29cvss epss 1.00

    Microsoft Exchange Server Elevation of Privilege Vulnerability

  • CVE-2022-41082KEVOct 3, 2022
    risk 0.28cvss epss 1.00

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2022-20775KEVSep 30, 2022
    risk 0.12cvss epss 0.12

    A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. This vulnerability is due to improper access controls on commands within the application CLI. An attacker could exploit this vulnerability by running…

  • CVE-2022-3075KEVSep 26, 2022
    risk 0.12cvss epss 0.06

    Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2022-3038KEVSep 26, 2022
    risk 0.15cvss epss 0.25

    Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2022-2856KEVSep 26, 2022
    risk 0.12cvss epss 0.04

    Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.

  • CVE-2022-41352KEVSep 26, 2022
    risk 0.23cvss epss 0.95

    An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends…

  • CVE-2022-3236KEVSep 23, 2022
    risk 0.19cvss epss 0.99

    A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.

  • CVE-2022-39197KEVSep 22, 2022
    risk 0.14cvss epss 0.46

    An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the…

  • CVE-2022-32917KEVSep 20, 2022
    risk 0.12cvss epss 0.06

    The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have…

  • CVE-2022-40139KEVSep 19, 2022
    risk 0.13cvss epss 0.03

    Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to…

  • CVE-2022-35914KEVSep 19, 2022
    risk 0.23cvss epss 1.00

    /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.

  • CVE-2022-37969KEVSep 13, 2022
    risk 0.13cvss epss 0.28

    Windows Common Log File System Driver Elevation of Privilege Vulnerability

  • CVE-2022-27593KEVSep 8, 2022
    risk 0.26cvss epss 0.88

    An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo…

  • CVE-2022-37055KEVAug 28, 2022
    risk 0.18cvss epss 0.57

    D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main,

  • CVE-2022-36537KEVAug 26, 2022
    risk 0.19cvss epss 0.95

    ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.

  • CVE-2022-36804KEVAug 25, 2022
    risk 0.23cvss epss 0.99

    Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from…

  • CVE-2022-32893KEVAug 24, 2022
    risk 0.12cvss epss 0.10

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that…

  • CVE-2022-32894KEVAug 24, 2022
    risk 0.12cvss epss 0.03

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have…

  • CVE-2022-37042KEVAug 11, 2022
    risk 0.29cvss epss 0.88

    Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal…