VYPR

CVEs

101,972 total · page 1265 of 2,040

  • CVE-2021-41297HigSep 30, 2021
    risk 0.57cvss 8.8epss 0.01

    ECOA BAS controller is vulnerable to weak access control mechanism allowing authenticated user to remotely escalate privileges by disclosing credentials of administrative accounts in plain-text.

  • CVE-2021-41295HigSep 30, 2021
    risk 0.57cvss 8.8epss 0.00

    ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated attacker can remotely place a forged request at a malicious web page and execute CRUD commands (GET, POST, PUT, DELETE) to perform arbitrary operations in the system.

  • CVE-2021-41293HigSep 30, 2021
    risk 0.50cvss 7.5epss 0.20

    ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files disclosure. Using the specific POST parameter, unauthenticated attackers can remotely disclose arbitrary files on the affected device and disclose sensitive and system information.

  • CVE-2021-41291HigSep 30, 2021
    risk 0.55cvss 7.5epss 0.79

    ECOA BAS controller suffers from a path traversal content disclosure vulnerability. Using the GET parameter in File Manager, unauthenticated attackers can remotely disclose directory content on the affected device.

  • CVE-2021-41829HigSep 30, 2021
    risk 0.49cvss 7.5epss 0.03

    Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key.

  • CVE-2021-41828HigSep 30, 2021
    risk 0.49cvss 7.5epss 0.05

    Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml.

  • CVE-2021-41827HigSep 30, 2021
    risk 0.49cvss 7.5epss 0.05

    Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive.

  • CVE-2021-41824HigSep 30, 2021
    risk 0.50cvss 8.8epss 0.01

    Craft CMS before 3.7.14 allows CSV injection.

  • CVE-2021-41034HigSep 29, 2021
    risk 0.53cvss 8.1epss 0.00

    The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As a consequence the builds of such stacks are vulnerable to MITM attacks that allow the replacement of the original binaries with arbitrary ones. The…

  • CVE-2020-20128HigSep 29, 2021
    risk 0.49cvss 7.5epss 0.01

    LaraCMS v1.0.1 transmits sensitive information in cleartext which can be intercepted by attackers.

  • CVE-2021-41764HigSep 29, 2021
    risk 0.57cvss 8.8epss 0.01

    A cross-site request forgery (CSRF) vulnerability exists in Streama up to and including v1.10.3. The application does not have CSRF checks in place when performing actions such as uploading local files. As a result, attackers could make a logged-in administrator upload arbitrary…

  • CVE-2021-3653HigSep 29, 2021
    risk 0.57cvss 8.8epss 0.00

    A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue…

  • CVE-2021-35945HigSep 29, 2021
    risk 0.49cvss 7.5epss 0.01

    Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached.

  • CVE-2021-35944HigSep 29, 2021
    risk 0.49cvss 7.5epss 0.01

    Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached.

  • CVE-2021-22946HigSep 29, 2021
    risk 0.42cvss 7.5epss 0.04

    A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed…

  • CVE-2021-41732HigSep 29, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in zeek version 4.1.0. There is a HTTP request splitting vulnerability that will invalidate any ZEEK HTTP based security analysis. NOTE: the vendor's position is that the observed behavior is intended

  • CVE-2021-41573HigSep 29, 2021
    risk 0.49cvss 7.5epss 0.01

    Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows information disclosure. If authenticated user creates a link to a file or folder while the system was running version 4.3.x or earlier and then shares the link and then later deletes the file or folder without…

  • CVE-2021-23446HigSep 29, 2021
    risk 0.00cvss 7.5epss 0.03

    The package handsontable before 10.0.0; the package handsontable from 0 and before 10.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) in Handsontable.helper.isNumeric function.

  • CVE-2021-40715HigSep 29, 2021
    risk 0.51cvss 7.8epss 0.02

    Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .exr file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim…

  • CVE-2021-40710HigSep 29, 2021
    risk 0.51cvss 7.8epss 0.02

    Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .svg file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim…

  • CVE-2021-40708HigSep 29, 2021
    risk 0.48cvss 7.3epss 0.02

    Adobe Genuine Service versions 7.3 (and earlier) are affected by a privilege escalation vulnerability in the AGSService installer. An authenticated attacker could leverage this vulnerability to achieve read / write privileges to execute arbitrary code. User interaction is…

  • CVE-2021-39863HigSep 29, 2021
    risk 0.52cvss 7.8epss 0.13

    Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to…

  • CVE-2021-39843HigSep 29, 2021
    risk 0.57cvss 7.8epss 0.76

    Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this…

  • CVE-2021-39842HigSep 29, 2021
    risk 0.52cvss 7.8epss 0.17

    Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue…

  • CVE-2021-39841HigSep 29, 2021
    risk 0.52cvss 7.8epss 0.11

    Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Type Confusion vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current user.…

  • CVE-2021-39840HigSep 29, 2021
    risk 0.55cvss 7.8epss 0.50

    Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForms that could result in arbitrary code execution in the context of the current user. User…

  • CVE-2021-39839HigSep 29, 2021
    risk 0.56cvss 7.8epss 0.64

    Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm getItem action that could result in arbitrary code execution in the context of…

  • CVE-2021-39838HigSep 29, 2021
    risk 0.56cvss 7.8epss 0.64

    Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm buttonGetCaption action that could result in arbitrary code execution in the…

  • CVE-2021-39837HigSep 29, 2021
    risk 0.56cvss 7.8epss 0.64

    Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm deleteItemAt action that could result in arbitrary code execution in the…

  • CVE-2021-39836HigSep 29, 2021
    risk 0.56cvss 7.8epss 0.69

    Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm buttonGetIcon action that could result in arbitrary code execution in the…

  • CVE-2021-39832HigSep 29, 2021
    risk 0.51cvss 7.8epss 0.02

    Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by a memory corruption vulnerability due to insecure handling of a malicious PDF file, potentially resulting in arbitrary code execution in the context of the current user.…

  • CVE-2021-39831HigSep 29, 2021
    risk 0.51cvss 7.8epss 0.02

    Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user…

  • CVE-2021-39830HigSep 29, 2021
    risk 0.51cvss 7.8epss 0.02

    Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by a memory corruption vulnerability due to insecure handling of a malicious PDF file, potentially resulting in arbitrary code execution in the context of the current user.…

  • CVE-2021-39829HigSep 29, 2021
    risk 0.51cvss 7.8epss 0.02

    Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user…

  • CVE-2021-39821HigSep 29, 2021
    risk 0.51cvss 7.8epss 0.04

    Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must…

  • CVE-2021-35982HigSep 29, 2021
    risk 0.48cvss 7.3epss 0.02

    Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. A local attacker with non-administrative privileges can plant a malicious DLL to achieve…

  • CVE-2021-28547HigSep 29, 2021
    risk 0.51cvss 7.8epss 0.01

    Adobe Creative Cloud Desktop Application for macOS version 5.3 (and earlier) is affected by a privilege escalation vulnerability that could allow a normal user to delete the OOBE directory and get permissions of any directory under the administrator authority.

  • CVE-2021-25962HigSep 29, 2021
    risk 0.45cvss 8.0epss 0.01

    “Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the…

  • CVE-2021-25961HigSep 29, 2021
    risk 0.00cvss 8.0epss 0.01

    In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id.

  • CVE-2021-25960HigSep 29, 2021
    risk 0.00cvss 8.0epss 0.01

    In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection). A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access…

  • CVE-2021-35028HigSep 29, 2021
    risk 0.47cvss 7.3epss 0.00

    A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands.

  • CVE-2021-35027HigSep 29, 2021
    risk 0.49cvss 7.5epss 0.02

    A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information.

  • CVE-2021-32466HigSep 29, 2021
    risk 0.46cvss 7.0epss 0.01

    An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing a custom crafted file in a specific directory to load a malicious library.…

  • CVE-2020-20124HigSep 28, 2021
    risk 0.57cvss 8.8epss 0.03

    Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php.

  • CVE-2021-36297HigSep 28, 2021
    risk 0.51cvss 7.8epss 0.00

    SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arbitrary .dll file via .dll planting/hijacking, only by a separate administrative action that is not a default part of the SOSInstallerTool.exe installation…

  • CVE-2021-36286HigSep 28, 2021
    risk 0.46cvss 7.1epss 0.00

    Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links can be created by any(non-privileged) user…

  • CVE-2021-36283HigSep 28, 2021
    risk 0.49cvss 7.5epss 0.00

    Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

  • CVE-2021-21522HigSep 28, 2021
    risk 0.53cvss 8.2epss 0.00

    Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface.

  • CVE-2021-37273HigSep 28, 2021
    risk 0.49cvss 7.5epss 0.01

    A Denial of Service issue exists in China Telecom Corporation EPON Tianyi Gateway ZXHN F450(EPON ONU) 3.0. Tianyi Gateway is a hardware terminal of "Optical Modem Smart Router." Attackers can use this vulnerability to restart the device multiple times.

  • CVE-2021-41104HigSep 28, 2021
    risk 0.42cvss 7.5epss 0.01

    ESPHome is a system to control the ESP8266/ESP32. Anyone with web_server enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which `web_server` allows over-the-air (OTA) updates without checking user defined basic auth username &…