VYPR

CVEs

1,631 total · page 18 of 33

  • CVE-2020-11261KEVJun 9, 2021
    risk 0.12cvss epss 0.02

    Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &…

  • CVE-2021-33742KEVJun 8, 2021
    risk 0.18cvss epss 0.59

    Windows MSHTML Platform Remote Code Execution Vulnerability

  • CVE-2021-33739KEVJun 8, 2021
    risk 0.13cvss epss 0.07

    Microsoft DWM Core Library Elevation of Privilege Vulnerability

  • CVE-2021-31955KEVJun 8, 2021
    risk 0.12cvss epss 0.80

    Windows Kernel Information Disclosure Vulnerability

  • CVE-2021-31956KEVJun 8, 2021
    risk 0.19cvss epss 0.20

    Windows NTFS Elevation of Privilege Vulnerability

  • CVE-2021-31199KEVJun 8, 2021
    risk 0.12cvss epss 0.03

    Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability

  • CVE-2021-31201KEVJun 8, 2021
    risk 0.12cvss epss 0.03

    Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability

  • CVE-2021-1675KEVJun 8, 2021
    risk 0.29cvss epss 0.86

    Windows Print Spooler Remote Code Execution Vulnerability

  • CVE-2021-30533KEVJun 7, 2021
    risk 0.13cvss epss 0.17

    Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.

  • CVE-2021-27852KEVMay 27, 2021
    risk 0.14cvss epss 0.32

    Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. This issue affects: Checkbox Survey versions prior to 7.

  • CVE-2021-22900KEVMay 27, 2021
    risk 0.12cvss epss 0.14

    A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.

  • CVE-2021-22899KEVMay 27, 2021
    risk 0.14cvss epss 0.22

    A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature

  • CVE-2021-22894KEVMay 27, 2021
    risk 0.15cvss epss 0.41

    A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room.

  • CVE-2021-21985KEVMay 26, 2021
    risk 0.29cvss epss 1.00

    The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute…

  • CVE-2021-27562MedKEVMay 25, 2021
    risk 0.42cvss 5.5epss 0.03

    In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.

  • CVE-2021-29256KEVMay 24, 2021
    risk 0.12cvss epss 0.03

    . The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0…

  • CVE-2021-28799KEVMay 13, 2021
    risk 0.25cvss epss 0.78

    An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2;…

  • CVE-2021-31207KEVMay 11, 2021
    risk 0.29cvss epss 1.00

    Microsoft Exchange Server Security Feature Bypass Vulnerability

  • CVE-2021-31166KEVMay 11, 2021
    risk 0.22cvss epss 1.00

    HTTP Protocol Stack Remote Code Execution Vulnerability

  • CVE-2021-28664KEVMay 10, 2021
    risk 0.12cvss epss 0.05

    The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0,…

  • CVE-2021-28663KEVMay 10, 2021
    risk 0.12cvss epss 0.12

    The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0…

  • CVE-2021-31755KEVMay 7, 2021
    risk 0.20cvss epss 0.86

    An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.

  • CVE-2021-1906KEVMay 7, 2021
    risk 0.12cvss epss 0.01

    Improper handling of address deregistration on failure can lead to new GPU address allocation failure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon…

  • CVE-2021-1905KEVMay 7, 2021
    risk 0.12cvss epss 0.01

    Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon…

  • CVE-2021-32030KEVMay 6, 2021
    risk 0.20cvss epss 0.99

    The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This…

  • CVE-2021-1498KEVMay 6, 2021
    risk 0.23cvss epss 1.00

    Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this…

  • CVE-2021-1497KEVMay 6, 2021
    risk 0.23cvss epss 1.00

    Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this…

  • CVE-2021-21551KEVMay 4, 2021
    risk 0.21cvss epss 0.57

    Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

  • CVE-2021-20090KEVApr 29, 2021
    risk 0.20cvss epss 1.00

    A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication.

  • CVE-2021-21224KEVApr 26, 2021
    risk 0.15cvss epss 0.58

    Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2021-21206KEVApr 26, 2021
    risk 0.13cvss epss 0.09

    Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-21220KEVApr 26, 2021
    risk 0.22cvss epss 0.70

    Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-22205KEVApr 23, 2021
    risk 0.29cvss epss 1.00

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.

  • CVE-2021-22204KEVApr 23, 2021
    risk 0.23cvss epss 1.00

    Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image

  • CVE-2021-22893KEVApr 23, 2021
    risk 0.25cvss epss 0.47

    Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code…

  • CVE-2021-20023KEVApr 20, 2021
    risk 0.22cvss epss 0.51

    SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.

  • CVE-2021-3493KEVApr 17, 2021
    risk 0.19cvss epss 0.44

    The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu…

  • CVE-2020-2509KEVApr 17, 2021
    risk 0.19cvss epss 0.34

    A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build…

  • CVE-2021-28310KEVApr 13, 2021
    risk 0.16cvss epss 0.08

    Win32k Elevation of Privilege Vulnerability

  • CVE-2021-20022KEVApr 9, 2021
    risk 0.21cvss epss 0.17

    SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.

  • CVE-2021-20021KEVApr 9, 2021
    risk 0.25cvss epss 0.83

    A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.

  • CVE-2021-1879KEVApr 2, 2021
    risk 0.12cvss epss 0.07

    This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue…

  • CVE-2021-1871KEVApr 2, 2021
    risk 0.12cvss epss 0.07

    A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a…

  • CVE-2021-1870KEVApr 2, 2021
    risk 0.12cvss epss 0.08

    A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a…

  • CVE-2021-1789KEVApr 2, 2021
    risk 0.12cvss epss 0.15

    A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web…

  • CVE-2021-1782KEVApr 2, 2021
    risk 0.12cvss epss 0.02

    A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple…

  • CVE-2021-21975KEVMar 31, 2021
    risk 0.29cvss epss 0.78

    Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.

  • CVE-2021-22991KEVMar 31, 2021
    risk 0.18cvss epss 0.61

    On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel (TMM) URI normalization, which…

  • CVE-2021-22986KEVMar 31, 2021
    risk 0.29cvss epss 1.00

    On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution…

  • CVE-2021-25372KEVMar 26, 2021
    risk 0.12cvss epss 0.01

    An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.