VYPR

CVEs

101,975 total · page 1268 of 2,040

  • CVE-2021-22013HigSep 23, 2021
    risk 0.49cvss 7.5epss 0.02

    The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

  • CVE-2021-22012HigSep 23, 2021
    risk 0.49cvss 7.5epss 0.01

    The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.

  • CVE-2021-22010HigSep 23, 2021
    risk 0.49cvss 7.5epss 0.02

    The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service condition due to excessive memory consumption by VPXD service.

  • CVE-2021-22009HigSep 23, 2021
    risk 0.49cvss 7.5epss 0.01

    The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to create a denial of service condition due to excessive memory consumption by VAPI…

  • CVE-2021-22008HigSep 23, 2021
    risk 0.49cvss 7.5epss 0.02

    The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information.

  • CVE-2021-22006HigSep 23, 2021
    risk 0.49cvss 7.5epss 0.06

    The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints.

  • CVE-2021-33035HigSep 23, 2021
    risk 0.04cvss 7.8epss 0.51

    Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document…

  • CVE-2021-34769HigSep 23, 2021
    risk 0.56cvss 8.6epss 0.01

    Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS)…

  • CVE-2021-34768HigSep 23, 2021
    risk 0.56cvss 8.6epss 0.01

    Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS)…

  • CVE-2021-34767HigSep 23, 2021
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a Layer 2 (L2) loop in a configured VLAN, resulting in a denial of service (DoS)…

  • CVE-2021-34740HigSep 23, 2021
    risk 0.48cvss 7.4epss 0.00

    A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due…

  • CVE-2021-34714HigSep 23, 2021
    risk 0.48cvss 7.4epss 0.00

    A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. This…

  • CVE-2021-34699HigSep 23, 2021
    risk 0.50cvss 7.7epss 0.01

    A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. An attacker could…

  • CVE-2021-1624HigSep 23, 2021
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the Rate Limiting Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization in the Cisco QuantumFlow Processor of an affected device, resulting in a denial of service (DoS)…

  • CVE-2021-1623HigSep 23, 2021
    risk 0.50cvss 7.7epss 0.01

    A vulnerability in the Simple Network Management Protocol (SNMP) punt handling function of Cisco cBR-8 Converged Broadband Routers could allow an authenticated, remote attacker to overload a device punt path, resulting in a denial of service (DoS) condition. This vulnerability…

  • CVE-2021-1622HigSep 23, 2021
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the Common Open Policy Service (COPS) of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause resource exhaustion, resulting in a denial of service (DoS) condition. This vulnerability is due…

  • CVE-2021-1621HigSep 23, 2021
    risk 0.48cvss 7.4epss 0.00

    A vulnerability in the Layer 2 punt code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a queue wedge on an interface that receives specific Layer 2 frames, resulting in a denial of service (DoS) condition. This vulnerability is due to…

  • CVE-2021-1620HigSep 23, 2021
    risk 0.50cvss 7.7epss 0.01

    A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to exhaust the free IP addresses from the assigned local pool. This vulnerability…

  • CVE-2021-1615HigSep 23, 2021
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the packet processing functionality of Cisco Embedded Wireless Controller (EWC) Software for Catalyst Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected AP. This vulnerability is due…

  • CVE-2021-1611HigSep 23, 2021
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in Ethernet over GRE (EoGRE) packet processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9800 Family Wireless Controller, Embedded Wireless Controller, and Embedded Wireless on Catalyst 9000 Series Switches could allow an…

  • CVE-2021-1565HigSep 23, 2021
    risk 0.56cvss 8.6epss 0.01

    Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS)…

  • CVE-2021-1419HigSep 23, 2021
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges. The vulnerability is due to improper checking on file operations…

  • CVE-2020-23478HigSep 22, 2021
    risk 0.42cvss 7.5epss 0.01

    Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py.

  • CVE-2020-23469HigSep 22, 2021
    risk 0.49cvss 7.5epss 0.01

    gmate v0.12+bionic contains a regular expression denial of service (ReDoS) vulnerability in the gedit3 plugin.

  • CVE-2021-21991HigSep 22, 2021
    risk 0.51cvss 7.8epss 0.00

    The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client…

  • CVE-2021-41011HigSep 22, 2021
    risk 0.49cvss 7.5epss 0.01

    LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information.

  • CVE-2021-40875HigSep 22, 2021
    risk 0.56cvss 7.5epss 0.48

    Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file…

  • CVE-2021-31847HigSep 22, 2021
    risk 0.53cvss 8.2epss 0.00

    Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as…

  • CVE-2021-31841HigSep 22, 2021
    risk 0.53cvss 8.2epss 0.00

    A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the…

  • CVE-2021-3583HigSep 22, 2021
    risk 0.39cvss 7.1epss 0.01

    A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special…

  • CVE-2021-38112HigSep 22, 2021
    risk 0.58cvss 8.8epss 0.07

    In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (CEF) --gpu-launcher argument. This is fixed in 3.1.9.

  • CVE-2021-41382HigSep 22, 2021
    risk 0.52cvss 7.5epss 0.09

    Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface.

  • CVE-2020-23267HigSep 22, 2021
    risk 0.46cvss 7.1epss 0.01

    An issue was discovered in gpac 0.8.0. The gf_hinter_track_process function in isom_hinter_track_process.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file

  • CVE-2021-41086HigSep 21, 2021
    risk 0.50cvss 8.7epss 0.01

    jsuites is an open source collection of common required javascript web components. In affected versions users are subject to cross site scripting (XSS) attacks via clipboard content. jsuites is vulnerable to DOM based XSS if the user can be tricked into copying _anything_ from a…

  • CVE-2020-19551HigSep 21, 2021
    risk 0.57cvss 8.8epss 0.02

    Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong.

  • CVE-2021-41084HigSep 21, 2021
    risk 0.50cvss 8.7epss 0.01

    http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names (`Header.name`å), Header values…

  • CVE-2021-40847HigSep 21, 2021
    risk 0.53cvss 8.1epss 0.10

    The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. While the parental controls themselves are not enabled by default on the routers, the Circle update daemon,…

  • CVE-2021-39230HigSep 21, 2021
    risk 0.00cvss 8.8epss 0.01

    Butter is a system usability utility. Due to a kernel error the JPNS kernel is being discontinued. Affected users are recommend to update to the Trinity kernel. There are no workarounds.

  • CVE-2021-29831HigSep 21, 2021
    risk 0.53cvss 8.1epss 0.01

    IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.…

  • CVE-2021-41531HigSep 21, 2021
    risk 0.49cvss 7.5epss 0.01

    NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the RPKI data set, effectively disabling Route Origin Validation.

  • CVE-2021-37741HigSep 21, 2021
    risk 0.57cvss 8.8epss 0.03

    ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.

  • CVE-2021-37419HigSep 21, 2021
    risk 0.49cvss 7.5epss 0.02

    Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.

  • CVE-2021-20037HigSep 21, 2021
    risk 0.51cvss 7.8epss 0.00

    SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts GVC 4.10.5 installer and earlier.

  • CVE-2021-41083HigSep 20, 2021
    risk 0.00cvss 8.0epss 0.00

    Dada Mail is a web-based e-mail list management system. In affected versions a bad actor could give someone a carefully crafted web page via email, SMS, etc, that - when visited, allows them control of the list control panel as if the bad actor was logged in themselves. This…

  • CVE-2021-39229HigSep 20, 2021
    risk 0.42cvss 7.5epss 0.02

    Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. In affected versions users who use Apprise granting them access to the IFTTT plugin (which just comes out of the box) are subject to a…

  • CVE-2021-41082HigSep 20, 2021
    risk 0.00cvss 7.5epss 0.02

    Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and participating user exposed to users that do not have access to the private messages. However, access control for the private messages was not…

  • CVE-2020-26301HigSep 20, 2021
    risk 0.42cvss 7.5epss 0.04

    ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable…

  • CVE-2021-32838HigSep 20, 2021
    risk 0.42cvss 7.5epss 0.02

    Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS (Regular Expression Denial of Service) in email_regex. This is fixed in version 0.5.1.

  • CVE-2021-32839HigSep 20, 2021
    risk 0.42cvss 7.5epss 0.02

    sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n'…

  • CVE-2021-25741HigSep 20, 2021
    risk 0.58cvss 8.8epss 0.07

    A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.