VYPR

CVEs

101,963 total · page 1283 of 2,040

  • CVE-2021-30599HigAug 26, 2021
    risk 0.58cvss 8.8epss 0.05

    Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2021-30598HigAug 26, 2021
    risk 0.58cvss 8.8epss 0.07

    Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2021-30593HigAug 26, 2021
    risk 0.53cvss 8.1epss 0.02

    Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2021-30592HigAug 26, 2021
    risk 0.57cvss 8.8epss 0.02

    Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.

  • CVE-2021-30591HigAug 26, 2021
    risk 0.57cvss 8.8epss 0.03

    Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-30590HigAug 26, 2021
    risk 0.57cvss 8.8epss 0.03

    Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-18477HigAug 26, 2021
    risk 0.57cvss 8.8epss 0.01

    SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message con_content field.

  • CVE-2020-18476HigAug 26, 2021
    risk 0.57cvss 8.8epss 0.01

    SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image field.

  • CVE-2021-3734HigAug 26, 2021
    risk 0.50cvss 8.8epss 0.00

    yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames

  • CVE-2020-14160HigAug 26, 2021
    risk 0.00cvss 7.5epss 0.02

    An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources.

  • CVE-2020-19822HigAug 26, 2021
    risk 0.47cvss 7.2epss 0.03

    A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters.

  • CVE-2020-19821HigAug 26, 2021
    risk 0.57cvss 8.8epss 0.01

    A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attackers to execute arbitrary SQL commands via the orders[] parameter.

  • CVE-2021-20793HigAug 26, 2021
    risk 0.51cvss 7.8epss 0.00

    Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.

  • CVE-2021-40145HigAug 26, 2021
    risk 0.00cvss 7.5epss 0.02

    gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and…

  • CVE-2021-1588HigAug 25, 2021
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the MPLS Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation…

  • CVE-2021-1587HigAug 25, 2021
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the VXLAN Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software, known as NGOAM, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to…

  • CVE-2021-1586HigAug 25, 2021
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the Multi-Pod or Multi-Site network configurations for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to unexpectedly restart the device, resulting in a denial of service…

  • CVE-2021-1579HigAug 25, 2021
    risk 0.53cvss 8.1epss 0.02

    A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges…

  • CVE-2021-1578HigAug 25, 2021
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected device.…

  • CVE-2021-3713HigAug 25, 2021
    risk 0.48cvss 7.4epss 0.01

    An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields.…

  • CVE-2021-33015HigAug 25, 2021
    risk 0.51cvss 7.8epss 0.01

    Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write via an uninitialized pointer. An attacker could leverage this vulnerability to execute code in the context of the current…

  • CVE-2021-32995HigAug 25, 2021
    risk 0.51cvss 7.8epss 0.01

    Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute code in the context of the current process.

  • CVE-2021-32975HigAug 25, 2021
    risk 0.51cvss 7.8epss 0.01

    Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute code in the context of the current process.

  • CVE-2021-22242HigAug 25, 2021
    risk 0.62cvss 8.7epss 0.64

    Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown

  • CVE-2021-21869HigAug 25, 2021
    risk 0.51cvss 7.8epss 0.02

    An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious…

  • CVE-2021-21850HigAug 25, 2021
    risk 0.57cvss 8.8epss 0.02

    An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “trun” FOURCC…

  • CVE-2021-21849HigAug 25, 2021
    risk 0.57cvss 8.8epss 0.02

    An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “tfra” FOURCC…

  • CVE-2021-21848HigAug 25, 2021
    risk 0.57cvss 8.8epss 0.02

    An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The library will actually reuse the parser for atoms with the “stsz” FOURCC code when parsing atoms that use the “stz2”…

  • CVE-2021-21842HigAug 25, 2021
    risk 0.57cvss 8.8epss 0.02

    An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when processing an atom using the 'ssix' FOURCC code, due to…

  • CVE-2021-21841HigAug 25, 2021
    risk 0.57cvss 8.8epss 0.02

    An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when reading an atom using the 'sbgp' FOURCC code can cause an integer overflow due to unchecked…

  • CVE-2021-21840HigAug 25, 2021
    risk 0.57cvss 8.8epss 0.02

    An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input used to process an atom using the “saio” FOURCC code cause an integer overflow due to…

  • CVE-2021-21836HigAug 25, 2021
    risk 0.57cvss 8.8epss 0.02

    An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input using the “ctts” FOURCC code can cause an integer overflow due to unchecked arithmetic…

  • CVE-2021-21835HigAug 25, 2021
    risk 0.57cvss 8.8epss 0.01

    An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the atom associated with the “csgp” FOURCC can cause an integer overflow due…

  • CVE-2021-21834HigAug 25, 2021
    risk 0.57cvss 8.8epss 0.02

    An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the atom for the “co64” FOURCC can cause an integer overflow due to unchecked…

  • CVE-2021-21778HigAug 25, 2021
    risk 0.49cvss 7.5epss 0.01

    A denial of service vulnerability exists in the ASDU message processing functionality of MZ Automation GmbH lib60870.NET 2.2.0. A specially crafted network request can lead to loss of communications. An attacker can send an unauthenticated message to trigger this vulnerability.

  • CVE-2021-1523HigAug 25, 2021
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, remote attacker to cause a queue wedge on a leaf switch, which could result in critical control plane traffic to the device being dropped.…

  • CVE-2021-39136HigAug 25, 2021
    risk 0.50cvss 8.7epss 0.01

    baserCMS is an open source content management system with a focus on Japanese language support. In affected versions there is a cross-site scripting vulnerability in the file upload function of the management system of baserCMS. Users are advised to update as soon as possible.…

  • CVE-2018-10790HigAug 25, 2021
    risk 0.49cvss 7.5epss 0.02

    The AP4_CttsAtom class in Core/Ap4CttsAtom.cpp in Bento4 1.5.1.0 allows remote attackers to cause a denial of service (application crash), related to a memory allocation failure, as demonstrated by mp2aac.

  • CVE-2021-33886HigAug 25, 2021
    risk 0.53cvss 8.1epss 0.01

    An improper sanitization of input vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to gain user-level command-line access by passing a raw external string straight through to printf statements. The attacker is required to be on the…

  • CVE-2021-40083HigAug 25, 2021
    risk 0.49cvss 7.5epss 0.01

    Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof).

  • CVE-2021-39156HigAug 24, 2021
    risk 0.53cvss 8.1epss 0.01

    Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploitable vulnerability…

  • CVE-2021-39155HigAug 24, 2021
    risk 0.47cvss 8.3epss 0.01

    Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to [RFC 4343](https://datatracker.ietf.org/doc/html/rfc4343), Istio authorization policy…

  • CVE-2021-32781HigAug 24, 2021
    risk 0.56cvss 8.6epss 0.01

    Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is…

  • CVE-2021-32780HigAug 24, 2021
    risk 0.56cvss 8.6epss 0.01

    Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is…

  • CVE-2021-32779HigAug 24, 2021
    risk 0.56cvss 8.6epss 0.01

    Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI '#fragment' element as part of the path element. Envoy is configured with an RBAC filter for authorization or…

  • CVE-2021-32777HigAug 24, 2021
    risk 0.56cvss 8.6epss 0.03

    Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions when ext-authz extension is sending request headers to the external authorization service it must merge multiple value headers according to the…

  • CVE-2020-18917HigAug 24, 2021
    risk 0.57cvss 8.8epss 0.01

    The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control.

  • CVE-2020-18913HigAug 24, 2021
    risk 0.49cvss 7.5epss 0.01

    EARCLINK ESPCMS-P8 was discovered to contain a SQL injection vulnerability in the espcms_web/Search.php component via the attr_array parameter. This vulnerability allows attackers to access sensitive database information.

  • CVE-2021-39157HigAug 24, 2021
    risk 0.42cvss 7.5epss 0.02

    detect-character-encoding is an open source character encoding inspection library. In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. The problem has been patched in [detect-character-encoding…

  • CVE-2021-31010HigKEVAug 24, 2021
    risk 0.61cvss 7.5epss 0.04

    A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was…