VYPR

CVEs

101,975 total · page 1271 of 2,040

  • CVE-2021-41079HigSep 16, 2021
    risk 0.42cvss 7.5epss 0.07

    Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a…

  • CVE-2021-39239HigSep 16, 2021
    risk 0.49cvss 7.5epss 0.04

    A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.

  • CVE-2021-39214HigSep 16, 2021
    risk 0.53cvss 8.1epss 0.01

    mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through…

  • CVE-2021-36160HigSep 16, 2021
    risk 0.54cvss 7.5epss 0.63

    A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).

  • CVE-2021-34798HigSep 16, 2021
    risk 0.54cvss 7.5epss 0.65

    Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

  • CVE-2020-14109HigSep 16, 2021
    risk 0.47cvss 7.2epss 0.02

    There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12

  • CVE-2021-39128HigSep 16, 2021
    risk 0.47cvss 7.2epss 0.02

    Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected…

  • CVE-2021-40639HigSep 15, 2021
    risk 0.49cvss 7.5epss 0.01

    Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js.

  • CVE-2020-21483HigSep 15, 2021
    risk 0.47cvss 7.2epss 0.02

    An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file.

  • CVE-2020-21481HigSep 15, 2021
    risk 0.47cvss 7.2epss 0.02

    An arbitrary file upload vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted .txt file which is later changed to a PHP file.

  • CVE-2020-21480HigSep 15, 2021
    risk 0.47cvss 7.2epss 0.02

    An arbitrary file write vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted PHP file.

  • CVE-2021-40862HigSep 15, 2021
    risk 0.57cvss 8.8epss 0.01

    HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthorized modification of a Terraform configuration. Fixed in v202109-1.

  • CVE-2021-33705HigSep 15, 2021
    risk 0.53cvss 8.1epss 0.02

    The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request Forgery (SSRF) vulnerability which allows an unauthenticated attacker to craft a malicious URL which when clicked by a user can make any type of…

  • CVE-2021-33704HigSep 15, 2021
    risk 0.57cvss 8.8epss 0.01

    The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function, no in-depth system knowledge is required. Once exploited…

  • CVE-2021-33700HigSep 15, 2021
    risk 0.51cvss 7.8epss 0.00

    SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without knowing his/her password. The attacker could so obtain highly sensitive information which the attacker could use to take…

  • CVE-2021-33698HigSep 15, 2021
    risk 0.57cvss 8.8epss 0.01

    SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation.

  • CVE-2021-33692HigSep 15, 2021
    risk 0.49cvss 7.5epss 0.01

    SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. This backup file can be tricked to inject special elements such as '..' and '/' separators, for attackers to escape outside of the restricted location to access files or directories.

  • CVE-2021-40965HigSep 15, 2021
    risk 0.57cvss 8.8epss 0.01

    A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker.

  • CVE-2021-39215HigSep 15, 2021
    risk 0.00cvss 7.5epss 0.01

    Jitsi Meet is an open source video conferencing application. In versions prior to 2.0.5963, a Prosody module allows the use of symmetrical algorithms to validate JSON web tokens. This means that tokens generated by arbitrary sources can be used to gain authorization to protected…

  • CVE-2021-29750HigSep 15, 2021
    risk 0.49cvss 7.5epss 0.01

    IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201778.

  • CVE-2021-40156HigSep 15, 2021
    risk 0.51cvss 7.8epss 0.01

    A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to write beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.

  • CVE-2021-40155HigSep 15, 2021
    risk 0.51cvss 7.8epss 0.01

    A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.

  • CVE-2021-3795HigSep 15, 2021
    risk 0.42cvss 7.5epss 0.01

    semver-regex is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-27046HigSep 15, 2021
    risk 0.51cvss 7.8epss 0.00

    A Memory Corruption vulnerability for PDF files in Autodesk Navisworks 2019, 2020, 2021, 2022 may lead to code execution through maliciously crafted DLL files.

  • CVE-2021-27045HigSep 15, 2021
    risk 0.51cvss 7.8epss 0.01

    A maliciously crafted PDF file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the PDF file. This vulnerability can be exploited to execute arbitrary code.

  • CVE-2020-21126HigSep 15, 2021
    risk 0.57cvss 8.8epss 0.01

    MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo.

  • CVE-2021-39209HigSep 15, 2021
    risk 0.57cvss 8.8epss 0.01

    GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in…

  • CVE-2021-40157HigSep 15, 2021
    risk 0.51cvss 7.8epss 0.01

    A user may be tricked into opening a malicious FBX file which may exploit an Untrusted Pointer Dereference vulnerability in FBX’s Review version 1.5.0 and prior causing it to run arbitrary code on the system.

  • CVE-2021-27044HigSep 15, 2021
    risk 0.51cvss 7.8epss 0.01

    A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure.

  • CVE-2021-21798HigSep 15, 2021
    risk 0.52cvss 7.8epss 0.16

    An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code…

  • CVE-2020-19159HigSep 15, 2021
    risk 0.57cvss 8.8epss 0.01

    Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code via the component '/index.php?module=member&action=add'.

  • CVE-2020-19155HigSep 15, 2021
    risk 0.58cvss 8.8epss 0.08

    Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'.

  • CVE-2020-19151HigSep 15, 2021
    risk 0.58cvss 8.8epss 0.05

    Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'.

  • CVE-2020-19150HigSep 15, 2021
    risk 0.53cvss 8.1epss 0.03

    Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the component 'modules/filemanager/FileManagerController.java'.

  • CVE-2021-40845HigSep 15, 2021
    risk 0.58cvss 8.8epss 0.05

    The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd…

  • CVE-2021-3796HigSep 15, 2021
    risk 0.00cvss 7.3epss 0.02

    vim is vulnerable to Use After Free

  • CVE-2021-3794HigSep 15, 2021
    risk 0.42cvss 7.5epss 0.01

    vuelidate is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-30137HigSep 15, 2021
    risk 0.50cvss 7.7epss 0.01

    Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. The application allows users to send JSON or XML data to the server. It was possible to inject malicious XML data through several access points.

  • CVE-2021-27662HigSep 15, 2021
    risk 0.56cvss 8.6epss 0.01

    The KT-1 door controller is susceptible to replay or man-in-the-middle attacks where an attacker can record and replay TCP packets. This issue affects Johnson Controls KT-1 all versions up to and including 3.01

  • CVE-2020-3960HigSep 15, 2021
    risk 0.55cvss 8.4epss 0.00

    VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a…

  • CVE-2021-40447HigSep 15, 2021
    risk 0.51cvss 7.8epss 0.01

    Windows Print Spooler Elevation of Privilege Vulnerability

  • CVE-2021-40444HigKEVSep 15, 2021
    risk 0.86cvss 8.8epss 0.97

    Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents. An attacker…

  • CVE-2021-38671HigSep 15, 2021
    risk 0.51cvss 7.8epss 0.00

    Windows Print Spooler Elevation of Privilege Vulnerability

  • CVE-2021-38667HigSep 15, 2021
    risk 0.51cvss 7.8epss 0.00

    Windows Print Spooler Elevation of Privilege Vulnerability

  • CVE-2021-38661HigSep 15, 2021
    risk 0.51cvss 7.8epss 0.02

    HEVC Video Extensions Remote Code Execution Vulnerability

  • CVE-2021-38660HigSep 15, 2021
    risk 0.51cvss 7.8epss 0.02

    Microsoft Office Graphics Remote Code Execution Vulnerability

  • CVE-2021-38659HigSep 15, 2021
    risk 0.51cvss 7.8epss 0.05

    Microsoft Office Graphics Remote Code Execution Vulnerability

  • CVE-2021-38658HigSep 15, 2021
    risk 0.51cvss 7.8epss 0.05

    Microsoft Office Graphics Remote Code Execution Vulnerability

  • CVE-2021-38656HigSep 15, 2021
    risk 0.51cvss 7.8epss 0.05

    Microsoft Word Remote Code Execution Vulnerability

  • CVE-2021-38655HigSep 15, 2021
    risk 0.51cvss 7.8epss 0.05

    Microsoft Excel Remote Code Execution Vulnerability