VYPR

CVEs

101,962 total · page 1279 of 2,040

  • CVE-2021-30623HigSep 3, 2021
    risk 0.58cvss 8.8epss 0.04

    Chromium: CVE-2021-30623 Use after free in Bookmarks

  • CVE-2021-30622HigSep 3, 2021
    risk 0.58cvss 8.8epss 0.04

    Chromium: CVE-2021-30622 Use after free in WebApp Installs

  • CVE-2021-30620HigSep 3, 2021
    risk 0.58cvss 8.8epss 0.04

    Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink

  • CVE-2021-30618HigSep 3, 2021
    risk 0.58cvss 8.8epss 0.04

    Chromium: CVE-2021-30618 Inappropriate implementation in DevTools

  • CVE-2021-30616HigSep 3, 2021
    risk 0.58cvss 8.8epss 0.04

    Chromium: CVE-2021-30616 Use after free in Media

  • CVE-2021-30614HigSep 3, 2021
    risk 0.58cvss 8.8epss 0.04

    Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip

  • CVE-2021-30613HigSep 3, 2021
    risk 0.58cvss 8.8epss 0.04

    Chromium: CVE-2021-30613 Use after free in Base internals

  • CVE-2021-30612HigSep 3, 2021
    risk 0.57cvss 8.8epss 0.03

    Chromium: CVE-2021-30612 Use after free in WebRTC

  • CVE-2021-30611HigSep 3, 2021
    risk 0.57cvss 8.8epss 0.03

    Chromium: CVE-2021-30611 Use after free in WebRTC

  • CVE-2021-30610HigSep 3, 2021
    risk 0.58cvss 8.8epss 0.04

    Chromium: CVE-2021-30610 Use after free in Extensions API

  • CVE-2021-30609HigSep 3, 2021
    risk 0.58cvss 8.8epss 0.04

    Chromium: CVE-2021-30609 Use after free in Sign-In

  • CVE-2021-30608HigSep 3, 2021
    risk 0.58cvss 8.8epss 0.04

    Chromium: CVE-2021-30608 Use after free in Web Share

  • CVE-2021-30607HigSep 3, 2021
    risk 0.58cvss 8.8epss 0.04

    Chromium: CVE-2021-30607 Use after free in Permissions

  • CVE-2021-30606HigSep 3, 2021
    risk 0.58cvss 8.8epss 0.04

    Chromium: CVE-2021-30606 Use after free in Blink

  • CVE-2021-23437HigSep 3, 2021
    risk 0.42cvss 7.5epss 0.03

    The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.

  • CVE-2021-40490HigSep 3, 2021
    risk 0.00cvss 7.0epss 0.00

    A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.

  • CVE-2021-38312HigSep 2, 2021
    risk 0.46cvss 7.1epss 0.01

    The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in “redux-templates/classes/class-api.php”. The `permissions_callback`…

  • CVE-2021-36017HigSep 2, 2021
    risk 0.51cvss 7.8epss 0.02

    Adobe After Effects version 18.2.1 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.…

  • CVE-2021-35996HigSep 2, 2021
    risk 0.51cvss 7.8epss 0.02

    Adobe After Effects version 18.2.1 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.…

  • CVE-2021-35994HigSep 2, 2021
    risk 0.51cvss 7.8epss 0.02

    Adobe After Effects version 18.2.1 (and earlier) is affected by an out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.…

  • CVE-2021-35993HigSep 2, 2021
    risk 0.51cvss 7.8epss 0.02

    Adobe After Effects version 18.2.1 (and earlier) is affected by an out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.…

  • CVE-2021-28564HigSep 2, 2021
    risk 0.57cvss 8.8epss 0.04

    Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Write vulnerability within the ImageTool component. An unauthenticated attacker could leverage this vulnerability to…

  • CVE-2021-28561HigSep 2, 2021
    risk 0.57cvss 8.8epss 0.03

    Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in…

  • CVE-2021-28560HigSep 2, 2021
    risk 0.63cvss 8.8epss 0.67

    Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code…

  • CVE-2021-28558HigSep 2, 2021
    risk 0.58cvss 8.8epss 0.10

    Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Heap-based buffer overflow vulnerability in the PDFLibTool component. An unauthenticated attacker could leverage this vulnerability…

  • CVE-2021-28553HigSep 2, 2021
    risk 0.57cvss 8.8epss 0.04

    Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in…

  • CVE-2021-28550HigKEVSep 2, 2021
    risk 0.73cvss 8.8epss 0.52

    Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in…

  • CVE-2021-22793HigSep 2, 2021
    risk 0.47cvss 7.2epss 0.01

    A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exist in AccuSine PCS+ / PFV+ (Versions prior to V1.6.7) and AccuSine PCSn (Versions prior to V2.2.4) that could allow an authenticated attacker to access the device via FTP protocol.

  • CVE-2021-22792HigSep 2, 2021
    risk 0.49cvss 7.5epss 0.01

    A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all…

  • CVE-2021-22775HigSep 2, 2021
    risk 0.51cvss 7.8epss 0.00

    A CWE-427: Uncontrolled Search Path Element vulnerability exists in GP-Pro EX,V4.09.250 and prior, that could cause local code execution with elevated privileges when installing the software.

  • CVE-2020-13929HigSep 2, 2021
    risk 0.49cvss 7.5epss 0.03

    Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

  • CVE-2021-39187HigSep 2, 2021
    risk 0.42cvss 7.5epss 0.02

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the `explain` option. This is due to a bug in the MongoDB Node.js driver…

  • CVE-2021-21086HigSep 2, 2021
    risk 0.51cvss 7.8epss 0.05

    Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve…

  • CVE-2021-33938HigSep 2, 2021
    risk 0.49cvss 7.5epss 0.01

    Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service.

  • CVE-2021-33930HigSep 2, 2021
    risk 0.49cvss 7.5epss 0.01

    Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.

  • CVE-2021-33929HigSep 2, 2021
    risk 0.49cvss 7.5epss 0.01

    Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.

  • CVE-2021-33928HigSep 2, 2021
    risk 0.49cvss 7.5epss 0.01

    Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.

  • CVE-2021-31796HigSep 2, 2021
    risk 0.49cvss 7.5epss 0.02

    An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually…

  • CVE-2021-39115HigSep 1, 2021
    risk 0.47cvss 7.2epss 0.04

    Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template…

  • CVE-2021-40387HigSep 1, 2021
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is authenticated remote code execution.

  • CVE-2021-40385HigSep 1, 2021
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is a privilege escalation from read-only user to admin.

  • CVE-2021-39181HigSep 1, 2021
    risk 0.00cvss 8.8epss 0.02

    OpenOlat is a web-based learning management system (LMS). Prior to version 15.3.18, 15.5.3, and 16.0.0, using a prepared import XML file (e.g. a course) any class on the Java classpath can be instantiated, including spring AOP bean factories. This can be used to execute code…

  • CVE-2020-20341HigSep 1, 2021
    risk 0.49cvss 7.5epss 0.01

    YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function.

  • CVE-2020-20340HigSep 1, 2021
    risk 0.49cvss 7.5epss 0.01

    A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information.

  • CVE-2021-30355HigSep 1, 2021
    risk 0.56cvss 8.6epss 0.07

    Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to root.

  • CVE-2021-40382HigSep 1, 2021
    risk 0.54cvss 7.5epss 0.23

    An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. mjpegStreamer.cgi allows video screenshot access.

  • CVE-2021-40381HigSep 1, 2021
    risk 0.54cvss 7.5epss 0.23

    An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. index_MJpeg.cgi allows video access.

  • CVE-2021-40380HigSep 1, 2021
    risk 0.54cvss 7.5epss 0.23

    An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. cameralist.cgi and setcamera.cgi disclose credentials.

  • CVE-2021-40379HigSep 1, 2021
    risk 0.53cvss 7.5epss 0.22

    An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. rstp://.../medias2 does not require authorization.

  • CVE-2021-40378HigSep 1, 2021
    risk 0.57cvss 8.1epss 0.15

    An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. /cgi-bin/support/killps.cgi deletes all data from the device.