VYPR

CVEs

1,630 total · page 9 of 33

  • CVE-2024-29988KEVApr 9, 2024
    risk 0.17cvss epss 0.45

    SmartScreen Prompt Security Feature Bypass Vulnerability

  • CVE-2024-29748KEVApr 5, 2024
    risk 0.12cvss epss 0.01

    there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

  • CVE-2024-29745KEVApr 5, 2024
    risk 0.12cvss epss 0.00

    there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-3273KEVApr 4, 2024
    risk 0.20cvss epss 1.00

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The…

  • CVE-2024-3272KEVApr 4, 2024
    risk 0.20cvss epss 0.98

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET…

  • CVE-2024-29059KEVMar 22, 2024
    risk 0.19cvss epss 0.99

    .NET Framework Information Disclosure Vulnerability

  • CVE-2024-20767KEVMar 18, 2024
    risk 0.23cvss epss 0.99

    ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify restricted files. Exploitation of this issue does not…

  • CVE-2024-26169KEVMar 12, 2024
    risk 0.21cvss epss 0.04

    Windows Error Reporting Service Elevation of Privilege Vulnerability

  • CVE-2023-48788KEVMar 12, 2024
    risk 0.29cvss epss 0.98

    A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.

  • CVE-2024-23296HigKEVMar 5, 2024
    risk 0.63cvss 7.8epss 0.01

    A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.7, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary…

  • CVE-2024-23225HigKEVMar 5, 2024
    risk 0.63cvss 7.8epss 0.01

    A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. An attacker with arbitrary…

  • CVE-2024-27199HigKEVMar 4, 2024
    risk 0.73cvss 7.3epss 1.00

    In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible

  • CVE-2024-27198KEVMar 4, 2024
    risk 0.28cvss epss 1.00

    In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

  • CVE-2024-1212KEVFeb 21, 2024
    risk 0.23cvss epss 0.95

    Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.

  • CVE-2024-1708HigKEVFeb 21, 2024
    risk 0.82cvss 8.4epss 0.88

    ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.

  • CVE-2024-1709KEVFeb 21, 2024
    risk 0.29cvss epss 1.00

    ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.

  • CVE-2024-20953KEVFeb 17, 2024
    risk 0.17cvss epss 0.03

    Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful…

  • CVE-2024-23113KEVFeb 15, 2024
    risk 0.16cvss epss 0.62

    A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0…

  • CVE-2024-21412KEVFeb 13, 2024
    risk 0.26cvss epss 0.95

    Internet Shortcut Files Security Feature Bypass Vulnerability

  • CVE-2024-21410KEVFeb 13, 2024
    risk 0.12cvss epss 0.13

    Microsoft Exchange Server Elevation of Privilege Vulnerability

  • CVE-2024-21413KEVFeb 13, 2024
    risk 0.19cvss epss 0.95

    Microsoft Outlook Remote Code Execution Vulnerability

  • CVE-2024-21351KEVFeb 13, 2024
    risk 0.13cvss epss 0.30

    Windows SmartScreen Security Feature Bypass Vulnerability

  • CVE-2024-21338KEVFeb 13, 2024
    risk 0.27cvss epss 0.52

    Windows Kernel Elevation of Privilege Vulnerability

  • CVE-2024-21762KEVFeb 9, 2024
    risk 0.25cvss epss 0.81

    A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through…

  • CVE-2024-21893KEVJan 31, 2024
    risk 0.29cvss epss 1.00

    A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

  • CVE-2024-1086KEVJan 31, 2024
    risk 0.18cvss epss 0.28

    A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can…

  • CVE-2024-23897KEVJan 24, 2024
    risk 0.22cvss epss 1.00

    Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins…

  • CVE-2024-23222HigKEVJan 23, 2024
    risk 0.69cvss 8.8epss 0.11

    A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.8.7, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3, visionOS 1.0.2.…

  • CVE-2024-0769KEVJan 21, 2024
    risk 0.18cvss epss 0.83

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP POST Request Handler. The manipulation of the argument service…

  • CVE-2023-6549KEVJan 17, 2024
    risk 0.18cvss epss 0.58

    Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read

  • CVE-2023-6548KEVJan 17, 2024
    risk 0.13cvss epss 0.03

    Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.

  • CVE-2024-0519KEVJan 16, 2024
    risk 0.12cvss epss 0.04

    Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-22527KEVJan 16, 2024
    risk 0.29cvss epss 1.00

    A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data…

  • CVE-2024-21887KEVJan 12, 2024
    risk 0.29cvss epss 1.00

    A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

  • CVE-2023-46805KEVJan 12, 2024
    risk 0.29cvss epss 1.00

    An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

  • CVE-2023-7028KEVJan 12, 2024
    risk 0.22cvss epss 0.95

    An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could…

  • CVE-2023-41974KEVJan 10, 2024
    risk 0.12cvss epss 0.01

    A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, iOS 15.8.7 and iPadOS 15.8.7. An app may be able to execute arbitrary code with kernel privileges.

  • CVE-2022-48618KEVJan 9, 2024
    risk 0.12cvss epss 0.00

    The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this…

  • CVE-2022-2586KEVJan 8, 2024
    risk 0.12cvss epss 0.13

    It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.

  • CVE-2023-7101KEVDec 24, 2023
    risk 0.16cvss epss 0.17

    Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems…

  • CVE-2023-7024KEVDec 21, 2023
    risk 0.12cvss epss 0.07

    Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-47565KEVDec 8, 2023
    risk 0.19cvss epss 0.73

    An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following…

  • CVE-2023-49897KEVDec 6, 2023
    risk 0.14cvss epss 0.51

    An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.

  • CVE-2023-44221KEVDec 5, 2023
    risk 0.14cvss epss 0.75

    Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.

  • CVE-2023-6448KEVDec 5, 2023
    risk 0.13cvss epss 0.02

    Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system.

  • CVE-2023-33107KEVDec 5, 2023
    risk 0.12cvss epss 0.01

    Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

  • CVE-2023-33106KEVDec 5, 2023
    risk 0.12cvss epss 0.01

    Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.

  • CVE-2023-33063KEVDec 5, 2023
    risk 0.12cvss epss 0.01

    Memory corruption in DSP Services during a remote call from HLOS to DSP.

  • CVE-2023-42917KEVNov 30, 2023
    risk 0.12cvss epss 0.09

    A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been…

  • CVE-2023-42916KEVNov 30, 2023
    risk 0.12cvss epss 0.18

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been…