VYPR

CVEs

101,972 total · page 1267 of 2,040

  • CVE-2021-3828HigSep 27, 2021
    risk 0.42cvss 7.5epss 0.02

    nltk is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-3822HigSep 27, 2021
    risk 0.42cvss 7.5epss 0.01

    jsoneditor is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-3820HigSep 27, 2021
    risk 0.42cvss 7.5epss 0.01

    inflect is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-3819HigSep 27, 2021
    risk 0.50cvss 8.8epss 0.01

    firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

  • CVE-2021-23243HigSep 27, 2021
    risk 0.51cvss 7.8epss 0.00

    In Oppo's battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used.

  • CVE-2021-40104HigSep 27, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass.

  • CVE-2021-40103HigSep 27, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF.

  • CVE-2021-40097HigSep 27, 2021
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter.

  • CVE-2021-0612HigSep 27, 2021
    risk 0.51cvss 7.8epss 0.00

    In m4u, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05425834.

  • CVE-2021-0611HigSep 27, 2021
    risk 0.51cvss 7.8epss 0.00

    In m4u, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05425810.

  • CVE-2021-0610HigSep 27, 2021
    risk 0.51cvss 7.8epss 0.00

    In memory management driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID:…

  • CVE-2021-34570HigSep 27, 2021
    risk 0.49cvss 7.5epss 0.01

    Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests.

  • CVE-2021-40981HigSep 27, 2021
    risk 0.47cvss 7.3epss 0.00

    ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain privileges by placing a Trojan horse file in the publicly writable %PROGRAMDATA%\ASUS\GamingCenterLib directory.

  • CVE-2021-31606HigSep 27, 2021
    risk 0.42cvss 7.5epss 0.02

    furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to disconnect arbitrary clients.

  • CVE-2021-31605HigSep 27, 2021
    risk 0.49cvss 7.5epss 0.03

    furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM.

  • CVE-2021-34349HigSep 27, 2021
    risk 0.47cvss 7.2epss 0.01

    A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and…

  • CVE-2021-41617HigSep 26, 2021
    risk 0.39cvss 7.0epss 0.02

    sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with…

  • CVE-2020-20514HigSep 24, 2021
    risk 0.53cvss 8.1epss 0.00

    A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/.html allows authenticated attackers to delete all users.

  • CVE-2021-40655HigKEVSep 24, 2021
    risk 0.68cvss 7.5epss 0.87

    An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page

  • CVE-2016-6556HigSep 24, 2021
    risk 0.00cvss 7.1epss 0.01

    OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI…

  • CVE-2016-6555HigSep 24, 2021
    risk 0.00cvss 7.1epss 0.01

    OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This…

  • CVE-2021-41504HigSep 24, 2021
    risk 0.52cvss 8.0epss 0.00

    An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may allow further attack vectors that may compromise the cameras configuration and allow malicious users on the LAN…

  • CVE-2021-41503HigSep 24, 2021
    risk 0.52cvss 8.0epss 0.00

    DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the…

  • CVE-2021-2464HigSep 24, 2021
    risk 0.51cvss 7.8epss 0.00

    Vulnerability in Oracle Linux (component: OSwatcher). Supported versions that are affected are 7 and 8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Linux executes to compromise Oracle Linux. Successful attacks of…

  • CVE-2021-40309HigSep 24, 2021
    risk 0.57cvss 8.8epss 0.02

    A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. allows an attacker to inject their own SQL query. The cp_id_miss_attn parameter from TakeAttendance.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP…

  • CVE-2021-28130HigSep 24, 2021
    risk 0.51cvss 7.8epss 0.00

    Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applications signed by Dr.Web. A DLL for a custom payload within a legitimate binary (e.g., frwl_svc.exe) bypasses firewall filters.

  • CVE-2021-41588HigSep 24, 2021
    risk 0.53cvss 8.1epss 0.01

    In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys.

  • CVE-2021-41587HigSep 24, 2021
    risk 0.49cvss 7.5epss 0.01

    In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources.

  • CVE-2021-41586HigSep 24, 2021
    risk 0.49cvss 7.5epss 0.01

    In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password.

  • CVE-2021-40099HigSep 24, 2021
    risk 0.47cvss 7.2epss 0.02

    An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution.

  • CVE-2021-41584HigSep 24, 2021
    risk 0.49cvss 7.5epss 0.01

    Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header.

  • CVE-2021-41088HigSep 23, 2021
    risk 0.45cvss 8.0epss 0.01

    Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web UI backend (started by `elvish -web`) hosts an endpoint that allows executing the code sent from the web UI. The backend does not check the origin of…

  • CVE-2020-19951HigSep 23, 2021
    risk 0.57cvss 8.8epss 0.01

    A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application.

  • CVE-2021-38864HigSep 23, 2021
    risk 0.49cvss 7.5epss 0.01

    IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensitive information due to improper certificate validation. IBM X-Force ID: 208155.

  • CVE-2021-41381HigSep 23, 2021
    risk 0.56cvss 7.5epss 0.53

    Payara Micro Community 5.2021.6 and below allows Directory Traversal.

  • CVE-2021-26750HigSep 23, 2021
    risk 0.51cvss 7.8epss 0.00

    DLL hijacking in Panda Agent <=1.16.11 in Panda Security, S.L.U. Panda Adaptive Defense 360 <= 8.0.17 allows attacker to escalate privileges via maliciously crafted DLL file.

  • CVE-2021-32999HigSep 23, 2021
    risk 0.49cvss 7.5epss 0.01

    Improper handling of exceptional conditions in SuiteLink server while processing command 0x01

  • CVE-2021-32987HigSep 23, 2021
    risk 0.49cvss 7.5epss 0.01

    Null pointer dereference in SuiteLink server while processing command 0x0b

  • CVE-2021-32979HigSep 23, 2021
    risk 0.49cvss 7.5epss 0.01

    Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a

  • CVE-2021-32971HigSep 23, 2021
    risk 0.49cvss 7.5epss 0.01

    Null pointer dereference in SuiteLink server while processing command 0x07

  • CVE-2021-32963HigSep 23, 2021
    risk 0.49cvss 7.5epss 0.01

    Null pointer dereference in SuiteLink server while processing commands 0x03/0x10

  • CVE-2021-32959HigSep 23, 2021
    risk 0.53cvss 8.1epss 0.01

    Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06

  • CVE-2021-22952HigSep 23, 2021
    risk 0.57cvss 8.8epss 0.01

    A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk device(s) assigned to said network if they are not yet adopted. This vulnerability is fixed in UniFi Talk…

  • CVE-2021-22948HigSep 23, 2021
    risk 0.46cvss 7.1epss 0.03

    Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account.

  • CVE-2021-22019HigSep 23, 2021
    risk 0.49cvss 7.5epss 0.02

    The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition.

  • CVE-2021-22015HigSep 23, 2021
    risk 0.54cvss 7.8epss 0.02

    The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server…

  • CVE-2021-22014HigSep 23, 2021
    risk 0.47cvss 7.2epss 0.02

    The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating…

  • CVE-2021-22013HigSep 23, 2021
    risk 0.49cvss 7.5epss 0.02

    The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

  • CVE-2021-22012HigSep 23, 2021
    risk 0.49cvss 7.5epss 0.01

    The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

  • CVE-2021-22010HigSep 23, 2021
    risk 0.49cvss 7.5epss 0.02

    The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service condition due to excessive memory consumption by VPXD service.