VYPR

CVEs

101,975 total · page 1273 of 2,040

  • CVE-2021-23045HigSep 14, 2021
    risk 0.49cvss 7.5epss 0.01

    On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when an SCTP profile with multiple paths is configured on a virtual server, undisclosed requests can cause the Traffic Management…

  • CVE-2021-41077HigSep 14, 2021
    risk 0.49cvss 7.5epss 0.01

    The activation process in Travis CI, for certain 2021-09-03 through 2021-09-10 builds, causes secret data to have unexpected sharing that is not specified by the customer-controlled .travis.yml file. In particular, the desired behavior (if .travis.yml has been created locally by…

  • CVE-2021-23044HigSep 14, 2021
    risk 0.49cvss 7.5epss 0.01

    On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x, when the Intel QuickAssist Technology (QAT) compression driver is used on affected BIG-IP hardware and BIG-IP Virtual Edition (VE)…

  • CVE-2021-23042HigSep 14, 2021
    risk 0.49cvss 7.5epss 0.01

    On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, and 12.1.x before 12.1.6, when an HTTP profile is configured on a virtual server, undisclosed requests can cause a significant increase in system resource utilization.…

  • CVE-2021-23040HigSep 14, 2021
    risk 0.57cvss 8.8epss 0.01

    On BIG-IP AFM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This issue is exposed only when BIG-IP…

  • CVE-2021-23051HigSep 14, 2021
    risk 0.49cvss 7.5epss 0.01

    On BIG-IP versions 15.1.0.4 through 15.1.3, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP on Amazon Web Services (AWS) systems, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This is due…

  • CVE-2021-23050HigSep 14, 2021
    risk 0.49cvss 7.5epss 0.00

    On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the…

  • CVE-2021-23049HigSep 14, 2021
    risk 0.49cvss 7.5epss 0.01

    On BIG-IP version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3, when the iRules RESOLVER::summarize command is used on a virtual server, undisclosed requests can cause an increase in Traffic Management Microkernel (TMM) memory utilization resulting in an out-of-memory…

  • CVE-2021-23048HigSep 14, 2021
    risk 0.49cvss 7.5epss 0.01

    On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x, when GPRS Tunneling Protocol (GTP) iRules commands or a GTP profile is configured on a virtual server, undisclosed GTP…

  • CVE-2021-38177HigSep 14, 2021
    risk 0.49cvss 7.5epss 0.03

    SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null pointer dereference vulnerability when an unauthenticated attacker sends crafted malicious data in the HTTP requests over the network, this causes the SAP application to crash and has high impact on the…

  • CVE-2021-38176HigSep 14, 2021
    risk 0.57cvss 8.8epss 0.01

    Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject ABAP code to gain access to Backend Database. On successful exploitation the…

  • CVE-2021-38162HigSep 14, 2021
    risk 0.58cvss 8.9epss 0.03

    SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7.49, 7.53, 7.77, 7.81, 7.83 processes allow an unauthenticated attacker to submit a malicious crafted request over a network to a front-end…

  • CVE-2021-37531HigSep 14, 2021
    risk 0.57cvss 8.8epss 0.03

    SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a…

  • CVE-2021-40356HigSep 14, 2021
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The application contains a XML External Entity Injection…

  • CVE-2021-40355HigSep 14, 2021
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The affected application contains Insecure Direct Object…

  • CVE-2021-40354HigSep 14, 2021
    risk 0.46cvss 7.1epss 0.01

    A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The "surrogate" functionality on the user profile of the…

  • CVE-2021-37206HigSep 14, 2021
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Received webpackets are not properly…

  • CVE-2021-37203HigSep 14, 2021
    risk 0.46cvss 7.1epss 0.01

    A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated…

  • CVE-2021-37202HigSep 14, 2021
    risk 0.51cvss 7.8epss 0.01

    A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The IFC adapter in affected application contains a use-after-free vulnerability that could be triggered while parsing user-supplied IFC files. An attacker…

  • CVE-2021-37201HigSep 14, 2021
    risk 0.57cvss 8.8epss 0.00

    A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). The web interface of affected devices is vulnerable to a Cross-Site Request Forgery (CSRF) attack. This could allow an attacker to manipulate the SINEC NMS configuration by tricking an unsuspecting user…

  • CVE-2021-37200HigSep 14, 2021
    risk 0.53cvss 7.7epss 0.37

    A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request.

  • CVE-2021-37174HigSep 14, 2021
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1),…

  • CVE-2021-37173HigSep 14, 2021
    risk 0.57cvss 8.8epss 0.02

    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1),…

  • CVE-2021-33737HigSep 14, 2021
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1…

  • CVE-2021-33720HigSep 14, 2021
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port…

  • CVE-2021-25665HigSep 14, 2021
    risk 0.51cvss 7.8epss 0.01

    A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < V2021.2.1). The starview+.exe application lacks proper validation of user-supplied data when parsing scene files. This could result in an out of bounds write past the end of an allocated structure.…

  • CVE-2021-39123HigSep 14, 2021
    risk 0.49cvss 7.5epss 0.02

    Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the /rest/gadget/1.0/createdVsResolved/generate endpoint. The affected versions are before…

  • CVE-2021-41072HigSep 14, 2021
    risk 0.00cvss 8.1epss 0.02

    squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs…

  • CVE-2020-20672HigSep 13, 2021
    risk 0.51cvss 7.8epss 0.01

    An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file.

  • CVE-2020-20671HigSep 13, 2021
    risk 0.57cvss 8.8epss 0.01

    A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account.

  • CVE-2020-20670HigSep 13, 2021
    risk 0.57cvss 8.8epss 0.02

    An arbitrary file upload vulnerability in /admin/media/upload of ZKEACMS V3.2.0 allows attackers to execute arbitrary code via a crafted HTML file.

  • CVE-2021-41054HigSep 13, 2021
    risk 0.49cvss 7.5epss 0.03

    tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options.

  • CVE-2021-41033HigSep 13, 2021
    risk 0.53cvss 8.1epss 0.01

    In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local…

  • CVE-2021-33362HigSep 13, 2021
    risk 0.00cvss 7.8epss 0.01

    Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

  • CVE-2021-33554HigSep 13, 2021
    risk 0.54cvss 7.2epss 0.57

    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.

  • CVE-2021-33553HigSep 13, 2021
    risk 0.54cvss 7.2epss 0.49

    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.

  • CVE-2021-33552HigSep 13, 2021
    risk 0.54cvss 7.2epss 0.49

    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.

  • CVE-2021-33551HigSep 13, 2021
    risk 0.54cvss 7.2epss 0.49

    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.

  • CVE-2021-33550HigSep 13, 2021
    risk 0.54cvss 7.2epss 0.57

    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.

  • CVE-2021-33549HigSep 13, 2021
    risk 0.55cvss 7.2epss 0.66

    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code.

  • CVE-2021-33548HigSep 13, 2021
    risk 0.54cvss 7.2epss 0.57

    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.

  • CVE-2021-33547HigSep 13, 2021
    risk 0.47cvss 7.2epss 0.03

    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code.

  • CVE-2021-33546HigSep 13, 2021
    risk 0.47cvss 7.2epss 0.03

    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code.

  • CVE-2021-33545HigSep 13, 2021
    risk 0.47cvss 7.2epss 0.03

    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code.

  • CVE-2021-33544HigSep 13, 2021
    risk 0.57cvss 7.2epss 0.96

    Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code.

  • CVE-2021-24728HigSep 13, 2021
    risk 0.57cvss 8.8epss 0.02

    The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.

  • CVE-2021-24727HigSep 13, 2021
    risk 0.57cvss 8.8epss 0.02

    The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections

  • CVE-2021-24726HigSep 13, 2021
    risk 0.57cvss 8.8epss 0.02

    The WP Simple Booking Calendar WordPress plugin before 2.0.6 did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to an authenticated SQL injection issue

  • CVE-2021-24620HigSep 13, 2021
    risk 0.57cvss 8.8epss 0.01

    The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin through 2.2.5 does not check for the uploaded Downloadable Digital product file, allowing any file, such as PHP to be uploaded by an administrator. Furthermore, as there is no CSRF in place,…

  • CVE-2021-24491HigSep 13, 2021
    risk 0.57cvss 8.8epss 0.01

    The Fileviewer WordPress plugin through 2.2 does not have CSRF checks in place when performing actions such as upload and delete files. As a result, attackers could make a logged in administrator delete and upload arbitrary files via a CSRF attack