VYPR

CVEs

1,631 total · page 16 of 33

  • CVE-2021-44026KEVNov 19, 2021
    risk 0.15cvss epss 0.43

    Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.

  • CVE-2021-41277KEVNov 17, 2021
    risk 0.20cvss epss 0.97

    Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not…

  • CVE-2021-42321KEVNov 10, 2021
    risk 0.28cvss epss 0.90

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2021-42292KEVNov 10, 2021
    risk 0.15cvss epss 0.32

    Microsoft Excel Security Feature Bypass Vulnerability

  • CVE-2021-42287KEVNov 10, 2021
    risk 0.26cvss epss 0.74

    Active Directory Domain Services Elevation of Privilege Vulnerability

  • CVE-2021-42278KEVNov 10, 2021
    risk 0.26cvss epss 0.70

    Active Directory Domain Services Elevation of Privilege Vulnerability

  • CVE-2021-41379KEVNov 10, 2021
    risk 0.18cvss epss 0.20

    Windows Installer Elevation of Privilege Vulnerability

  • CVE-2021-42237KEVNov 5, 2021
    risk 0.29cvss epss 0.99

    Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.

  • CVE-2021-42258KEVOct 22, 2021
    risk 0.29cvss epss 0.73

    BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful…

  • CVE-2021-30807KEVOct 19, 2021
    risk 0.14cvss epss 0.29

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this…

  • CVE-2021-27561KEVOct 15, 2021
    risk 0.20cvss epss 0.83

    Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.

  • CVE-2021-20124KEVOct 13, 2021
    risk 0.19cvss epss 0.69

    A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root…

  • CVE-2021-20123KEVOct 13, 2021
    risk 0.19cvss epss 0.74

    A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system…

  • CVE-2021-41357KEVOct 13, 2021
    risk 0.12cvss epss 0.02

    Win32k Elevation of Privilege Vulnerability

  • CVE-2021-40450KEVOct 13, 2021
    risk 0.12cvss epss 0.02

    Win32k Elevation of Privilege Vulnerability

  • CVE-2021-40449KEVOct 13, 2021
    risk 0.28cvss epss 0.73

    Win32k Elevation of Privilege Vulnerability

  • CVE-2021-37976KEVOct 8, 2021
    risk 0.14cvss epss 0.20

    Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2021-37973KEVOct 8, 2021
    risk 0.13cvss epss 0.12

    Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2021-30633KEVOct 8, 2021
    risk 0.14cvss epss 0.33

    Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2021-30632KEVOct 8, 2021
    risk 0.19cvss epss 0.65

    Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-37975KEVOct 8, 2021
    risk 0.17cvss epss 0.35

    Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-42013KEVOct 7, 2021
    risk 0.29cvss epss 1.00

    It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by…

  • CVE-2021-25489KEVOct 6, 2021
    risk 0.12cvss epss 0.01

    Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic.

  • CVE-2021-25487KEVOct 6, 2021
    risk 0.12cvss epss 0.01

    Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer.

  • CVE-2021-39226KEVOct 5, 2021
    risk 0.13cvss epss 1.00

    Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot…

  • CVE-2021-41773KEVOct 5, 2021
    risk 0.29cvss epss 1.00

    A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the…

  • CVE-2021-20035KEVSep 27, 2021
    risk 0.13cvss epss 0.04

    Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.

  • CVE-2021-40655KEVSep 24, 2021
    risk 0.19cvss epss 0.87

    An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page

  • CVE-2021-22941KEVSep 23, 2021
    risk 0.25cvss epss 0.54

    Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller.

  • CVE-2021-22017KEVSep 23, 2021
    risk 0.18cvss epss 0.47

    Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed.

  • CVE-2021-22005KEVSep 23, 2021
    risk 0.29cvss epss 1.00

    The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.

  • CVE-2021-36260KEVSep 22, 2021
    risk 0.23cvss epss 1.00

    A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

  • CVE-2021-38406KEVSep 17, 2021
    risk 0.17cvss epss 0.78

    Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of…

  • CVE-2021-40438KEVSep 16, 2021
    risk 0.20cvss epss 1.00

    A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

  • CVE-2021-33045KEVSep 15, 2021
    risk 0.20cvss epss 1.00

    The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

  • CVE-2021-33044KEVSep 15, 2021
    risk 0.20cvss epss 1.00

    The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

  • CVE-2021-40444KEVSep 15, 2021
    risk 0.29cvss epss 0.97

    Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents. An attacker…

  • CVE-2021-38649KEVSep 15, 2021
    risk 0.13cvss epss 0.02

    Open Management Infrastructure Elevation of Privilege Vulnerability

  • CVE-2021-38648KEVSep 15, 2021
    risk 0.18cvss epss 0.11

    Open Management Infrastructure Elevation of Privilege Vulnerability

  • CVE-2021-38647KEVSep 15, 2021
    risk 0.29cvss epss 1.00

    Open Management Infrastructure Remote Code Execution Vulnerability

  • CVE-2021-38646KEVSep 15, 2021
    risk 0.22cvss epss 0.04

    Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

  • CVE-2021-38645KEVSep 15, 2021
    risk 0.13cvss epss 0.02

    Open Management Infrastructure Elevation of Privilege Vulnerability

  • CVE-2021-36955KEVSep 15, 2021
    risk 0.20cvss epss 0.03

    Windows Common Log File System Driver Elevation of Privilege Vulnerability

  • CVE-2021-38163KEVSep 14, 2021
    risk 0.19cvss epss 0.37

    SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with…

  • CVE-2021-40870KEVSep 13, 2021
    risk 0.20cvss epss 0.92

    An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.

  • CVE-2021-30663KEVSep 8, 2021
    risk 0.12cvss epss 0.03

    An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2021-30657KEVSep 8, 2021
    risk 0.22cvss epss 0.69

    A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited..

  • CVE-2021-30661KEVSep 8, 2021
    risk 0.12cvss epss 0.04

    A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is…

  • CVE-2021-30713KEVSep 8, 2021
    risk 0.12cvss epss 0.07

    A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited..

  • CVE-2021-30666KEVSep 8, 2021
    risk 0.12cvss epss 0.03

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..