VYPR

CVEs

101,972 total · page 1258 of 2,040

  • CVE-2021-3858HigOct 19, 2021
    risk 0.50cvss 8.8epss 0.01

    snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)

  • CVE-2021-3846HigOct 19, 2021
    risk 0.50cvss 8.8epss 0.01

    firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type

  • CVE-2021-38486HigOct 19, 2021
    risk 0.52cvss 8.0epss 0.01

    InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the…

  • CVE-2021-38482HigOct 19, 2021
    risk 0.57cvss 8.7epss 0.01

    InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 website used to control the router is vulnerable to stored cross-site scripting, which may allow an attacker to hijack sessions of users connected to the system.

  • CVE-2021-38468HigOct 19, 2021
    risk 0.57cvss 8.7epss 0.01

    InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the system.

  • CVE-2021-38466HigOct 19, 2021
    risk 0.57cvss 8.8epss 0.01

    InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not perform sufficient input validation on client requests from the help page. This may allow an attacker to perform a reflected cross-site scripting attack, which could allow an attacker to run code on…

  • CVE-2021-42261HigOct 19, 2021
    risk 0.49cvss 7.5epss 0.02

    Revisor Video Management System (VMS) before 2.0.0 has a directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of restricted directory on the remote server. This could lead…

  • CVE-2021-36512HigOct 19, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in function scanallsubs in src/sbbs3/scansubs.cpp in Synchronet BBS, which may allow attackers to view sensitive information due to an uninitialized value.

  • CVE-2021-41155HigOct 18, 2021
    risk 0.57cvss 8.8epss 0.01

    Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following…

  • CVE-2021-41154HigOct 18, 2021
    risk 0.57cvss 8.8epss 0.01

    Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community…

  • CVE-2021-41153HigOct 18, 2021
    risk 0.00cvss 8.7epss 0.01

    The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In `evm` crate `< 0.31.0`, `JUMPI` opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination…

  • CVE-2021-41152HigOct 18, 2021
    risk 0.00cvss 7.7epss 0.01

    OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to…

  • CVE-2021-36513HigOct 18, 2021
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch before 1.10.6, may allow attackers to view sensitive information due to an uninitialized value.

  • CVE-2021-41971HigOct 18, 2021
    risk 0.57cvss 8.8epss 0.02

    Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL.

  • CVE-2021-42098HigOct 18, 2021
    risk 0.57cvss 8.8epss 0.02

    An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell.

  • CVE-2021-41991HigOct 18, 2021
    risk 0.49cvss 7.5epss 0.05

    The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by…

  • CVE-2021-41990HigOct 18, 2021
    risk 0.49cvss 7.5epss 0.06

    The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.

  • CVE-2021-24754HigOct 18, 2021
    risk 0.47cvss 7.2epss 0.01

    The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue

  • CVE-2021-24684HigOct 18, 2021
    risk 0.58cvss 8.8epss 0.04

    The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript.

  • CVE-2021-38442HigOct 18, 2021
    risk 0.51cvss 7.8epss 0.01

    FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a heap-corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process.

  • CVE-2021-38438HigOct 18, 2021
    risk 0.51cvss 7.8epss 0.01

    A use after free vulnerability in FATEK Automation WinProladder versions 3.30 and prior may be exploited when a valid user opens a malformed project file, which may allow arbitrary code execution.

  • CVE-2021-38436HigOct 18, 2021
    risk 0.51cvss 7.8epss 0.01

    FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a memory-corruption condition. An attacker could leverage this vulnerability to execute arbitrary code in the context of the…

  • CVE-2021-38434HigOct 18, 2021
    risk 0.51cvss 7.8epss 0.01

    FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an unexpected sign extension. An attacker could leverage this vulnerability to execute arbitrary code.

  • CVE-2021-38430HigOct 18, 2021
    risk 0.51cvss 7.8epss 0.01

    FATEK Automation WinProladder versions 3.30 and prior proper validation of user-supplied data when parsing project files, which could result in a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code.

  • CVE-2021-38426HigOct 18, 2021
    risk 0.51cvss 7.8epss 0.01

    FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code.

  • CVE-2021-21797HigOct 18, 2021
    risk 0.52cvss 7.8epss 0.15

    An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a reference to a timeout object to be stored in two different places. When closed, the document will result in the reference being released…

  • CVE-2021-21796HigOct 18, 2021
    risk 0.52cvss 7.8epss 0.16

    An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause an object containing the path to a document to be destroyed and then later reused, resulting in a use-after-free vulnerability, which can…

  • CVE-2021-41611HigOct 18, 2021
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of…

  • CVE-2021-38562HigOct 18, 2021
    risk 0.00cvss 7.5epss 0.02

    Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.

  • CVE-2018-16060HigOct 15, 2021
    risk 0.53cvss 7.5epss 0.20

    Mitsubishi Electric Europe B.V. SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.

  • CVE-2021-29745HigOct 15, 2021
    risk 0.57cvss 8.8epss 0.01

    IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to. IBM X-Force ID: 201695.

  • CVE-2021-29679HigOct 15, 2021
    risk 0.57cvss 8.8epss 0.02

    IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915.

  • CVE-2021-28021HigOct 15, 2021
    risk 0.51cvss 7.8epss 0.01

    Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file.

  • CVE-2021-40998HigOct 15, 2021
    risk 0.47cvss 7.2epss 0.03

    A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has…

  • CVE-2021-40993HigOct 15, 2021
    risk 0.53cvss 8.1epss 0.01

    A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released…

  • CVE-2021-40991HigOct 15, 2021
    risk 0.47cvss 7.2epss 0.01

    A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1.…

  • CVE-2021-40731HigOct 15, 2021
    risk 0.51cvss 7.8epss 0.08

    Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by an out-of-bounds write vulnerability when parsing a crafted JPEG2000 file, which could result in arbitrary code…

  • CVE-2021-40728HigOct 15, 2021
    risk 0.55cvss 7.8epss 0.54

    Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by a use-after-free vulnerability in the processing of the GetURL function on a global object window that could result…

  • CVE-2021-40724HigOct 15, 2021
    risk 0.51cvss 7.8epss 0.03

    Acrobat Reader for Android versions 21.8.0 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user…

  • CVE-2021-41148HigOct 15, 2021
    risk 0.57cvss 8.8epss 0.01

    Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with the ability to add one the CI widget to…

  • CVE-2021-41147HigOct 15, 2021
    risk 0.47cvss 7.2epss 0.02

    Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with admin rights in one agile dashboard…

  • CVE-2021-40992HigOct 15, 2021
    risk 0.47cvss 7.2epss 0.01

    A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released…

  • CVE-2021-40989HigOct 15, 2021
    risk 0.51cvss 7.8epss 0.00

    A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has…

  • CVE-2021-40988HigOct 15, 2021
    risk 0.47cvss 7.2epss 0.04

    A remote directory traversal vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released…

  • CVE-2021-40987HigOct 15, 2021
    risk 0.47cvss 7.2epss 0.03

    A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has…

  • CVE-2021-40986HigOct 15, 2021
    risk 0.47cvss 7.2epss 0.03

    A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has…

  • CVE-2021-37739HigOct 15, 2021
    risk 0.47cvss 7.2epss 0.03

    A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has…

  • CVE-2021-37738HigOct 15, 2021
    risk 0.49cvss 7.5epss 0.01

    A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1.…

  • CVE-2021-37737HigOct 15, 2021
    risk 0.57cvss 8.8epss 0.01

    A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released…

  • CVE-2021-42334HigOct 15, 2021
    risk 0.57cvss 8.8epss 0.01

    The Easytest contains SQL injection vulnerabilities. After obtaining a user’s privilege, remote attackers can inject SQL commands into the parameters of the elective course management page to obtain all database and administrator permissions.