VYPR

CVEs

1,631 total · page 15 of 33

  • CVE-2022-0492HigKEVMar 3, 2022
    risk 0.61cvss 7.8epss 0.06

    A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation…

  • CVE-2022-22706KEVMar 3, 2022
    risk 0.12cvss epss 0.01

    Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0.

  • CVE-2022-22947KEVMar 3, 2022
    risk 0.23cvss epss 0.98

    In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote…

  • CVE-2022-23176KEVFeb 24, 2022
    risk 0.13cvss epss 0.12

    WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. This vulnerability impacts Fireware OS before 12.7.2_U1, 12.x before 12.1.3_U3, and 12.2.x through…

  • CVE-2022-0543KEVFeb 18, 2022
    risk 0.23cvss epss 1.00

    It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.

  • CVE-2021-45382KEVFeb 17, 2022
    risk 0.20cvss epss 0.98

    A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, all hardware revisions,…

  • CVE-2022-24086KEVFeb 16, 2022
    risk 0.19cvss epss 0.99

    Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.

  • CVE-2021-3560KEVFeb 16, 2022
    risk 0.16cvss epss 0.22

    It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest…

  • CVE-2021-4102KEVFeb 11, 2022
    risk 0.12cvss epss 0.08

    Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2022-0185KEVFeb 11, 2022
    risk 0.14cvss epss 0.25

    A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs…

  • CVE-2022-24112KEVFeb 11, 2022
    risk 0.23cvss epss 0.96

    An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed…

  • CVE-2022-20699KEVFeb 10, 2022
    risk 0.22cvss epss 0.72

    Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and…

  • CVE-2022-20700KEVFeb 10, 2022
    risk 0.14cvss epss 0.05

    Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and…

  • CVE-2022-20701KEVFeb 10, 2022
    risk 0.12cvss epss 0.09

    Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and…

  • CVE-2022-20703KEVFeb 10, 2022
    risk 0.12cvss epss 0.09

    Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and…

  • CVE-2022-20708KEVFeb 10, 2022
    risk 0.13cvss epss 0.14

    Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and…

  • CVE-2022-22536KEVFeb 9, 2022
    risk 0.23cvss epss 0.98

    SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary…

  • CVE-2022-22718KEVFeb 9, 2022
    risk 0.13cvss epss 0.18

    Windows Print Spooler Elevation of Privilege Vulnerability

  • CVE-2022-21999KEVFeb 9, 2022
    risk 0.27cvss epss 0.42

    Windows Print Spooler Elevation of Privilege Vulnerability

  • CVE-2022-21971KEVFeb 9, 2022
    risk 0.19cvss epss 0.54

    Windows Runtime Remote Code Execution Vulnerability

  • CVE-2022-24682KEVFeb 9, 2022
    risk 0.25cvss epss 0.31

    An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes…

  • CVE-2021-40407KEVJan 28, 2022
    risk 0.14cvss epss 0.48

    An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->domain variable, that has the value of the domain parameter provided through the SetDdns API, is not…

  • CVE-2021-4034KEVJan 28, 2022
    risk 0.23cvss epss 0.95

    A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the…

  • CVE-2021-22600KEVJan 26, 2022
    risk 0.12cvss epss 0.06

    A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755

  • CVE-2021-35587KEVJan 19, 2022
    risk 0.23cvss epss 0.96

    Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2022-23227KEVJan 14, 2022
    risk 0.16cvss epss 0.49

    NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite…

  • CVE-2022-23134KEVJan 13, 2022
    risk 0.19cvss epss 0.85

    After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.

  • CVE-2022-23131KEVJan 13, 2022
    risk 0.20cvss epss 0.96

    In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and…

  • CVE-2022-21919KEVJan 11, 2022
    risk 0.12cvss epss 0.03

    Windows User Profile Service Elevation of Privilege Vulnerability

  • CVE-2022-21882KEVJan 11, 2022
    risk 0.22cvss epss 0.56

    Win32k Elevation of Privilege Vulnerability

  • CVE-2021-35247KEVJan 7, 2022
    risk 0.12cvss epss 0.03

    Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers…

  • CVE-2022-22265KEVJan 7, 2022
    risk 0.12cvss epss 0.00

    An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.

  • CVE-2021-44168KEVJan 4, 2022
    risk 0.12cvss epss 0.01

    A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages.

  • CVE-2021-44207KEVDec 21, 2021
    risk 0.13cvss epss 0.18

    Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials.

  • CVE-2021-22054KEVDec 17, 2021
    risk 0.20cvss epss 0.98

    VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without…

  • CVE-2021-1048KEVDec 15, 2021
    risk 0.12cvss epss 0.01

    In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0920KEVDec 15, 2021
    risk 0.12cvss epss 0.01

    In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

  • CVE-2021-43890KEVDec 15, 2021
    risk 0.19cvss epss 0.10

    We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as…

  • CVE-2021-43226KEVDec 15, 2021
    risk 0.13cvss epss 0.03

    Windows Common Log File System Driver Elevation of Privilege Vulnerability

  • CVE-2021-45046KEVDec 14, 2021
    risk 0.29cvss epss 1.00

    It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout…

  • CVE-2021-39935KEVDec 13, 2021
    risk 0.17cvss epss 0.30

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API

  • CVE-2021-44515KEVDec 12, 2021
    risk 0.20cvss epss 1.00

    Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through…

  • CVE-2021-44228KEVDec 10, 2021
    risk 0.29cvss epss 1.00

    Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log…

  • CVE-2021-27860KEVDec 8, 2021
    risk 0.15cvss epss 0.40

    A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this…

  • CVE-2021-20038KEVDec 8, 2021
    risk 0.26cvss epss 1.00

    A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v…

  • CVE-2021-44529KEVDec 8, 2021
    risk 0.29cvss epss 0.99

    A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).

  • CVE-2021-43798KEVDec 7, 2021
    risk 0.15cvss epss 0.89

    Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`,…

  • CVE-2021-44077KEVNov 29, 2021
    risk 0.23cvss epss 0.94

    Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.

  • CVE-2021-38003KEVNov 23, 2021
    risk 0.17cvss epss 0.36

    Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-38000KEVNov 23, 2021
    risk 0.12cvss epss 0.04

    Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.