VYPR

CVEs

1,631 total · page 19 of 33

  • CVE-2021-25371KEVMar 26, 2021
    risk 0.12cvss epss 0.01

    A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP.

  • CVE-2021-25370KEVMar 26, 2021
    risk 0.12cvss epss 0.01

    An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.

  • CVE-2021-25369KEVMar 26, 2021
    risk 0.12cvss epss 0.01

    An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.

  • CVE-2021-22506KEVMar 26, 2021
    risk 0.13cvss epss 0.26

    Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage.

  • CVE-2021-21193KEVMar 16, 2021
    risk 0.13cvss epss 0.10

    Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-27059KEVMar 11, 2021
    risk 0.12cvss epss 0.03

    Microsoft Office Remote Code Execution Vulnerability

  • CVE-2021-27085KEVMar 11, 2021
    risk 0.12cvss epss 0.04

    Internet Explorer Remote Code Execution Vulnerability

  • CVE-2021-26411KEVMar 11, 2021
    risk 0.25cvss epss 0.81

    Internet Explorer Memory Corruption Vulnerability

  • CVE-2021-21166KEVMar 9, 2021
    risk 0.15cvss epss 0.27

    Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-25337KEVMar 4, 2021
    risk 0.12cvss epss 0.03

    Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.

  • CVE-2021-22681KEVMar 3, 2021
    risk 0.13cvss epss 0.25

    Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580;…

  • CVE-2021-27065KEVMar 2, 2021
    risk 0.29cvss epss 1.00

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2021-26858KEVMar 2, 2021
    risk 0.24cvss epss 0.90

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2021-26855KEVMar 2, 2021
    risk 0.29cvss epss 1.00

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2021-26857KEVMar 2, 2021
    risk 0.21cvss epss 0.94

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2021-27877KEVMar 1, 2021
    risk 0.24cvss epss 0.65

    An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely…

  • CVE-2021-27878KEVMar 1, 2021
    risk 0.21cvss epss 0.24

    An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an…

  • CVE-2021-27876KEVMar 1, 2021
    risk 0.21cvss epss 0.13

    An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an…

  • CVE-2021-1732KEVFeb 25, 2021
    risk 0.28cvss epss 0.78

    Windows Win32k Elevation of Privilege Vulnerability

  • CVE-2021-21972KEVFeb 24, 2021
    risk 0.29cvss epss 1.00

    The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter…

  • CVE-2021-21973KEVFeb 24, 2021
    risk 0.19cvss epss 0.88

    The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin…

  • CVE-2021-27104KEVFeb 16, 2021
    risk 0.19cvss epss 0.57

    Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later.

  • CVE-2021-27103KEVFeb 16, 2021
    risk 0.18cvss epss 0.11

    Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.

  • CVE-2021-27102KEVFeb 16, 2021
    risk 0.18cvss epss 0.04

    Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.

  • CVE-2021-27101KEVFeb 16, 2021
    risk 0.18cvss epss 0.06

    Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.

  • CVE-2021-21315KEVFeb 16, 2021
    risk 0.12cvss epss 0.90

    The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was…

  • CVE-2021-25297KEVFeb 15, 2021
    risk 0.22cvss epss 0.43

    Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead…

  • CVE-2021-25296KEVFeb 15, 2021
    risk 0.22cvss epss 0.72

    Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which…

  • CVE-2021-25298KEVFeb 15, 2021
    risk 0.21cvss epss 0.75

    Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can…

  • CVE-2021-21311KEVFeb 11, 2021
    risk 0.12cvss epss 0.90

    Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version…

  • CVE-2021-21017KEVFeb 11, 2021
    risk 0.19cvss epss 0.86

    Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code…

  • CVE-2021-23874KEVFeb 10, 2021
    risk 0.12cvss epss 0.01

    Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.

  • CVE-2021-21148KEVFeb 9, 2021
    risk 0.14cvss epss 0.20

    Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-22502KEVFeb 8, 2021
    risk 0.23cvss epss 0.97

    Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.

  • CVE-2021-20016KEVFeb 3, 2021
    risk 0.24cvss epss 0.40

    A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.

  • CVE-2020-2506KEVFeb 3, 2021
    risk 0.13cvss epss 0.02

    The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP…

  • CVE-2020-25506KEVFeb 2, 2021
    risk 0.20cvss epss 1.00

    D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution.

  • CVE-2020-29557KEVJan 29, 2021
    risk 0.19cvss epss 0.54

    An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution.

  • CVE-2021-3156KEVJan 26, 2021
    risk 0.22cvss epss 0.99

    Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

  • CVE-2020-36193KEVJan 18, 2021
    risk 0.11cvss epss 0.71

    Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.

  • CVE-2020-6572KEVJan 14, 2021
    risk 0.14cvss epss 0.11

    Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

  • CVE-2021-1647KEVJan 12, 2021
    risk 0.18cvss epss 0.40

    Microsoft Defender Remote Code Execution Vulnerability

  • CVE-2021-3129KEVJan 12, 2021
    risk 0.22cvss epss 1.00

    Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.

  • CVE-2020-16017KEVJan 8, 2021
    risk 0.14cvss epss 0.03

    Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2020-16013KEVJan 8, 2021
    risk 0.14cvss epss 0.03

    Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-17519KEVJan 5, 2021
    risk 0.23cvss epss 0.98

    A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager…

  • CVE-2020-10148KEVDec 29, 2020
    risk 0.20cvss epss 0.92

    The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds…

  • CVE-2020-35730KEVDec 28, 2020
    risk 0.10cvss epss 0.33

    An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.

  • CVE-2020-29583KEVDec 22, 2020
    risk 0.20cvss epss 0.90

    Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin…

  • CVE-2020-29574KEVDec 11, 2020
    risk 0.13cvss epss 0.05

    An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.