VYPR

CVEs

101,963 total · page 1280 of 2,040

  • CVE-2021-40378HigSep 1, 2021
    risk 0.57cvss 8.1epss 0.15

    An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. /cgi-bin/support/killps.cgi deletes all data from the device.

  • CVE-2021-34435HigSep 1, 2021
    risk 0.50cvss 8.8epss 0.01

    In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file..

  • CVE-2021-30354HigSep 1, 2021
    risk 0.56cvss 8.6epss 0.07

    Amazon Kindle e-reader prior to and including version 5.13.4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function CJBig2Image::expand() and results in a memory corruption that leads to code execution when parsing a crafted PDF book.

  • CVE-2021-39847HigSep 1, 2021
    risk 0.51cvss 7.8epss 0.05

    XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

  • CVE-2021-39817HigSep 1, 2021
    risk 0.51cvss 7.8epss 0.03

    Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this…

  • CVE-2021-39816HigSep 1, 2021
    risk 0.51cvss 7.8epss 0.03

    Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this…

  • CVE-2021-36079HigSep 1, 2021
    risk 0.51cvss 7.8epss 0.03

    Adobe Bridge version 11.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .SGI file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context…

  • CVE-2021-36078HigSep 1, 2021
    risk 0.51cvss 7.8epss 0.03

    Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this…

  • CVE-2021-36076HigSep 1, 2021
    risk 0.51cvss 7.8epss 0.03

    Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this…

  • CVE-2021-36075HigSep 1, 2021
    risk 0.51cvss 7.8epss 0.06

    Adobe Bridge version 11.1 (and earlier) is affected by a Buffer Overflow vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this…

  • CVE-2021-36073HigSep 1, 2021
    risk 0.51cvss 7.8epss 0.06

    Adobe Bridge version 11.1 (and earlier) is affected by a heap-based buffer overflow vulnerability when parsing a crafted .SGI file. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user…

  • CVE-2021-36072HigSep 1, 2021
    risk 0.51cvss 7.8epss 0.02

    Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2021-36070HigSep 1, 2021
    risk 0.51cvss 7.8epss 0.03

    Adobe Media Encoder version 15.1 (and earlier) is affected by an improper memory access vulnerability when parsing a crafted .SVG file. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user…

  • CVE-2021-36069HigSep 1, 2021
    risk 0.51cvss 7.8epss 0.03

    Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this…

  • CVE-2021-36068HigSep 1, 2021
    risk 0.51cvss 7.8epss 0.03

    Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this…

  • CVE-2021-36067HigSep 1, 2021
    risk 0.51cvss 7.8epss 0.03

    Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this…

  • CVE-2021-36066HigSep 1, 2021
    risk 0.51cvss 7.8epss 0.02

    Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim…

  • CVE-2021-36065HigSep 1, 2021
    risk 0.51cvss 7.8epss 0.04

    Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier) are affected by a heap-based buffer overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a…

  • CVE-2021-36064HigSep 1, 2021
    risk 0.51cvss 7.8epss 0.03

    XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Underflow vulnerability which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2021-36059HigSep 1, 2021
    risk 0.51cvss 7.8epss 0.03

    Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this…

  • CVE-2021-36055HigSep 1, 2021
    risk 0.51cvss 7.8epss 0.03

    XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2021-36052HigSep 1, 2021
    risk 0.51cvss 7.8epss 0.03

    XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

  • CVE-2021-36050HigSep 1, 2021
    risk 0.51cvss 7.8epss 0.05

    XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

  • CVE-2021-36049HigSep 1, 2021
    risk 0.51cvss 7.8epss 0.03

    Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this…

  • CVE-2021-36048HigSep 1, 2021
    risk 0.51cvss 7.8epss 0.03

    XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

  • CVE-2021-36047HigSep 1, 2021
    risk 0.51cvss 7.8epss 0.03

    XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

  • CVE-2021-36046HigSep 1, 2021
    risk 0.51cvss 7.8epss 0.02

    XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

  • CVE-2021-36044HigSep 1, 2021
    risk 0.49cvss 7.5epss 0.02

    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could abuse this vulnerability to cause a server-side denial-of-service using a GraphQL field.

  • CVE-2021-36043HigSep 1, 2021
    risk 0.52cvss 8.0epss 0.02

    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a blind SSRF vulnerability in the bundled dotmailer extension. An attacker with admin privileges could abuse this to achieve remote code execution should Redis be…

  • CVE-2021-36032HigSep 1, 2021
    risk 0.54cvss 8.3epss 0.02

    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve…

  • CVE-2021-36031HigSep 1, 2021
    risk 0.47cvss 7.2epss 0.03

    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a Path Traversal vulnerability via the `theme[preview_image]` parameter. An attacker with admin privileges could leverage this vulnerability to achieve remote code…

  • CVE-2021-36030HigSep 1, 2021
    risk 0.49cvss 7.5epss 0.02

    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items.

  • CVE-2021-36020HigSep 1, 2021
    risk 0.54cvss 8.2epss 0.03

    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the 'City' field. An unauthenticated attacker can trigger a specially crafted script to achieve remote code execution.

  • CVE-2021-35218HigSep 1, 2021
    risk 0.64cvss 8.9epss 0.76

    Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server

  • CVE-2021-35216HigSep 1, 2021
    risk 0.64cvss 8.9epss 0.81

    Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution.

  • CVE-2021-35215HigSep 1, 2021
    risk 0.63cvss 8.9epss 0.70

    Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability.

  • CVE-2021-23428HigSep 1, 2021
    risk 0.56cvss 8.6epss 0.02

    This affects all versions of package elFinder.NetCore. The Path.Combine(...) method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to escape the Files directory via path traversal

  • CVE-2021-23427HigSep 1, 2021
    risk 0.56cvss 8.6epss 0.01

    This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation.

  • CVE-2021-39170HigSep 1, 2021
    risk 0.00cvss 8.0epss 0.01

    Pimcore is an open source data & experience management platform. Prior to version 10.1.2, an authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this issue in Pimcore version 10.1.2. As a workaround, users may apply the patch…

  • CVE-2021-39166HigSep 1, 2021
    risk 0.00cvss 8.0epss 0.01

    Pimcore is an open source data & experience management platform. Prior to version 10.1.2, text-values were not properly escaped before printed in the version preview. This allowed XSS by authenticated users with access to the resources. This issue is patched in Pimcore version…

  • CVE-2021-35508HigSep 1, 2021
    risk 0.57cvss 8.8epss 0.01

    NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows attackers to execute a malicious binary with SYSTEM privileges via a low-privileged user account. To exploit this, a low-privileged user must change the service configuration or overwrite the binary service.

  • CVE-2021-39373HigSep 1, 2021
    risk 0.51cvss 7.8epss 0.00

    Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers to bypass intended access controls on disk management. WideCharToMultiByte, WideCharStr, and MultiByteStr can contribute to password exposure.

  • CVE-2021-38703HigSep 1, 2021
    risk 0.58cvss 8.8epss 0.04

    Wireless devices running certain Arcadyan-derived firmware (such as KPN Experia WiFi 1.00.15) do not properly sanitise user input to the syslog configuration form. An authenticated remote attacker could leverage this to alter the device configuration and achieve remote code…

  • CVE-2020-9002HigSep 1, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in iPortalis iCS 7.1.13.0. An attacker can gain privileges by intercepting a request and changing UserRoleKey=COMPANY_ADMIN to UserRoleKey=DOMAIN_ADMIN (to achieve Domain Administrator access).

  • CVE-2020-9000HigSep 1, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in iPortalis iCS 7.1.13.0. Attackers can send a sequence of requests to rapidly cause .NET Input Validation errors. This increases the size of the log file on the remote server until memory is exhausted, therefore consuming the maximum amount of resources…

  • CVE-2021-39109HigSep 1, 2021
    risk 0.49cvss 7.5epss 0.02

    The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability.

  • CVE-2021-33582HigSep 1, 2021
    risk 0.49cvss 7.5epss 0.03

    Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and…

  • CVE-2021-36235HigSep 1, 2021
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges.

  • CVE-2020-20490HigAug 31, 2021
    risk 0.49cvss 7.5epss 0.01

    A heap buffer-overflow in the client_example1.c component of libiec_iccp_mod v1.5 leads to a denial of service (DOS).

  • CVE-2020-20486HigAug 31, 2021
    risk 0.49cvss 7.5epss 0.01

    IEC104 v1.0 contains a stack-buffer overflow in the parameter Iec10x_Sta_Addr.