VYPR

CVEs

1,631 total · page 17 of 33

  • CVE-2021-30665KEVSep 8, 2021
    risk 0.12cvss epss 0.03

    A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is…

  • CVE-2021-30762KEVSep 8, 2021
    risk 0.12cvss epss 0.11

    A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

  • CVE-2021-30761KEVSep 8, 2021
    risk 0.12cvss epss 0.11

    A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

  • CVE-2021-40539KEVSep 7, 2021
    risk 0.29cvss epss 0.99

    Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.

  • CVE-2021-28550KEVSep 2, 2021
    risk 0.14cvss epss 0.52

    Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in…

  • CVE-2021-37415KEVSep 1, 2021
    risk 0.19cvss epss 1.00

    Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.

  • CVE-2021-26084KEVAug 30, 2021
    risk 0.29cvss epss 1.00

    In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version…

  • CVE-2021-32648KEVAug 26, 2021
    risk 0.12cvss epss 0.90

    octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472…

  • CVE-2021-31010KEVAug 24, 2021
    risk 0.12cvss epss 0.04

    A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was…

  • CVE-2021-30983KEVAug 24, 2021
    risk 0.12cvss epss 0.03

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.2 and iPadOS 15.2. An application may be able to execute arbitrary code with kernel privileges.

  • CVE-2021-30952KEVAug 24, 2021
    risk 0.12cvss epss 0.08

    An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2021-30900KEVAug 24, 2021
    risk 0.12cvss epss 0.05

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1. A malicious application may be able to execute arbitrary code with kernel privileges.

  • CVE-2021-30883KEVAug 24, 2021
    risk 0.12cvss epss 0.15

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code…

  • CVE-2021-30869KEVAug 24, 2021
    risk 0.12cvss epss 0.04

    A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, Security Update 2021-006 Catalina. A malicious application may…

  • CVE-2021-30860KEVAug 24, 2021
    risk 0.18cvss epss 0.76

    An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a…

  • CVE-2021-30858KEVAug 24, 2021
    risk 0.12cvss epss 0.13

    A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been…

  • CVE-2021-39144KEVAug 23, 2021
    risk 0.23cvss epss 0.99

    XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed…

  • CVE-2021-35394KEVAug 16, 2021
    risk 0.20cvss epss 1.00

    Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be…

  • CVE-2021-35395KEVAug 16, 2021
    risk 0.19cvss epss 0.98

    Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both…

  • CVE-2021-26086KEVAug 16, 2021
    risk 0.23cvss epss 1.00

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version…

  • CVE-2021-36380KEVAug 13, 2021
    risk 0.19cvss epss 0.98

    Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi.

  • CVE-2021-36948KEVAug 12, 2021
    risk 0.12cvss epss 0.20

    Windows Update Medic Service Elevation of Privilege Vulnerability

  • CVE-2021-36942KEVAug 12, 2021
    risk 0.28cvss epss 0.66

    Windows LSA Spoofing Vulnerability

  • CVE-2021-34486KEVAug 12, 2021
    risk 0.15cvss epss 0.07

    Windows Event Tracing Elevation of Privilege Vulnerability

  • CVE-2021-34484KEVAug 12, 2021
    risk 0.12cvss epss 0.14

    Windows User Profile Service Elevation of Privilege Vulnerability

  • CVE-2021-20028KEVAug 4, 2021
    risk 0.24cvss epss 0.30

    Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier

  • CVE-2021-30563KEVAug 3, 2021
    risk 0.12cvss epss 0.09

    Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-26085KEVAug 3, 2021
    risk 0.29cvss epss 1.00

    Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.

  • CVE-2021-36742KEVJul 29, 2021
    risk 0.12cvss epss 0.01

    A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to…

  • CVE-2021-36741KEVJul 29, 2021
    risk 0.12cvss epss 0.05

    An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the…

  • CVE-2021-35464KEVJul 22, 2021
    risk 0.29cvss epss 1.00

    ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the…

  • CVE-2021-36934KEVJul 22, 2021
    risk 0.22cvss epss 0.67

    An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with…

  • CVE-2021-34448KEVJul 16, 2021
    risk 0.12cvss epss 0.31

    Scripting Engine Memory Corruption Vulnerability

  • CVE-2021-35211KEVJul 14, 2021
    risk 0.26cvss epss 0.91

    Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File…

  • CVE-2021-34523KEVJul 14, 2021
    risk 0.29cvss epss 1.00

    Microsoft Exchange Server Elevation of Privilege Vulnerability

  • CVE-2021-34473KEVJul 14, 2021
    risk 0.29cvss epss 1.00

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2021-33771KEVJul 14, 2021
    risk 0.13cvss epss 0.06

    Windows Kernel Elevation of Privilege Vulnerability

  • CVE-2021-33766KEVJul 14, 2021
    risk 0.20cvss epss 0.97

    Microsoft Exchange Server Information Disclosure Vulnerability

  • CVE-2021-31979KEVJul 14, 2021
    risk 0.12cvss epss 0.03

    Windows Kernel Elevation of Privilege Vulnerability

  • CVE-2021-31196KEVJul 14, 2021
    risk 0.12cvss epss 0.46

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2021-30116KEVJul 9, 2021
    risk 0.22cvss epss 0.86

    Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker…

  • CVE-2021-22555KEVJul 7, 2021
    risk 0.21cvss epss 0.79

    A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space

  • CVE-2021-34527KEVJul 2, 2021
    risk 0.29cvss epss 1.00

    A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install…

  • CVE-2021-30554KEVJul 2, 2021
    risk 0.12cvss epss 0.07

    Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-30551KEVJun 15, 2021
    risk 0.19cvss epss 0.65

    Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-22175KEVJun 11, 2021
    risk 0.18cvss epss 0.53

    When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled

  • CVE-2021-25395KEVJun 11, 2021
    risk 0.12cvss epss 0.00

    A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised.

  • CVE-2021-25394KEVJun 11, 2021
    risk 0.12cvss epss 0.00

    A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised.

  • CVE-2021-26828KEVJun 11, 2021
    risk 0.18cvss epss 0.39

    OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.

  • CVE-2021-26829KEVJun 11, 2021
    risk 0.13cvss epss 0.48

    OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.