VYPR

CVEs

101,963 total · page 1287 of 2,040

  • CVE-2021-39245HigAug 23, 2021
    risk 0.49cvss 7.5epss 0.01

    Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100…

  • CVE-2021-39244HigAug 23, 2021
    risk 0.57cvss 8.8epss 0.03

    Authenticated Semi-Blind Command Injection (via Parameter Injection) exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via the getlogs.cgi tcpdump feature. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto…

  • CVE-2020-36478HigAug 23, 2021
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way,…

  • CVE-2020-36476HigAug 23, 2021
    risk 0.42cvss 7.5epss 0.02

    An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.

  • CVE-2020-36475HigAug 23, 2021
    risk 0.42cvss 7.5epss 0.02

    An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.

  • CVE-2021-39371HigAug 23, 2021
    risk 0.42cvss 7.5epss 0.02

    An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected.

  • CVE-2020-24130HigAug 20, 2021
    risk 0.53cvss 8.1epss 0.00

    A cross site request forgery (CSRF) vulnerability in the configure.html component of Ponzu 0.11.0 allows attackers to change user and administrator credentials, and add or delete administrator accounts.

  • CVE-2021-36015HigAug 20, 2021
    risk 0.51cvss 7.8epss 0.03

    Adobe Media Encoder version 15.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.…

  • CVE-2021-36011HigAug 20, 2021
    risk 0.54cvss 8.3epss 0.02

    Adobe Illustrator version 25.2.3 (and earlier) is affected by a potential Command injection vulnerability when chained with a development and debugging tool for JavaScript scripts. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution…

  • CVE-2021-36009HigAug 20, 2021
    risk 0.51cvss 7.8epss 0.03

    Adobe Illustrator version 25.2.3 (and earlier) is affected by an memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.…

  • CVE-2021-36005HigAug 20, 2021
    risk 0.51cvss 7.8epss 0.05

    Adobe Photoshop versions 21.2.9 (and earlier) and 22.4.2 (and earlier) is affected by a stack overflow vulnerability due to insecure handling of a crafted PSD file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user…

  • CVE-2021-36000HigAug 20, 2021
    risk 0.51cvss 7.8epss 0.02

    Adobe Character Animator version 4.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.…

  • CVE-2021-35999HigAug 20, 2021
    risk 0.51cvss 7.8epss 0.02

    Adobe Prelude version 10.0 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of…

  • CVE-2021-35997HigAug 20, 2021
    risk 0.51cvss 7.8epss 0.03

    Adobe Premiere Pro version 15.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.…

  • CVE-2021-35990HigAug 20, 2021
    risk 0.51cvss 7.8epss 0.03

    Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation…

  • CVE-2021-35989HigAug 20, 2021
    risk 0.51cvss 7.8epss 0.03

    Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation…

  • CVE-2021-35983HigAug 20, 2021
    risk 0.51cvss 7.8epss 0.04

    Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the…

  • CVE-2021-35981HigAug 20, 2021
    risk 0.51cvss 7.8epss 0.04

    Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the…

  • CVE-2021-28642HigAug 20, 2021
    risk 0.57cvss 8.8epss 0.04

    Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Out-of-bounds write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the…

  • CVE-2021-28641HigAug 20, 2021
    risk 0.51cvss 7.8epss 0.04

    Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the…

  • CVE-2021-28640HigAug 20, 2021
    risk 0.52cvss 7.3epss 0.52

    Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context…

  • CVE-2021-28639HigAug 20, 2021
    risk 0.56cvss 7.8epss 0.66

    Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the…

  • CVE-2021-28638HigAug 20, 2021
    risk 0.51cvss 7.8epss 0.05

    Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Heap-based Buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in…

  • CVE-2021-28637HigAug 20, 2021
    risk 0.51cvss 7.8epss 0.03

    Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an out-of-bounds read vulnerability. An unauthenticated attacker could leverage this vulnerability achieve arbitrary read / write system…

  • CVE-2021-28636HigAug 20, 2021
    risk 0.48cvss 7.3epss 0.02

    Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. An attacker with access to the victim's C:/ folder could leverage this vulnerability to…

  • CVE-2021-28635HigAug 20, 2021
    risk 0.55cvss 7.8epss 0.51

    Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context…

  • CVE-2021-28634HigAug 20, 2021
    risk 0.53cvss 8.2epss 0.02

    Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command. An authenticated attacker could leverage this vulnerability to achieve…

  • CVE-2021-28624HigAug 20, 2021
    risk 0.51cvss 7.8epss 0.05

    Adobe Bridge version 11.0.2 (and earlier) are affected by a Heap-based Buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user…

  • CVE-2021-28595HigAug 20, 2021
    risk 0.51cvss 7.8epss 0.03

    Adobe Dimension version 3.4 (and earlier) is affected by an Uncontrolled Search Path Element element. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user…

  • CVE-2021-28592HigAug 20, 2021
    risk 0.51cvss 7.8epss 0.02

    Adobe Illustrator version 25.2.3 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.…

  • CVE-2021-28591HigAug 20, 2021
    risk 0.51cvss 7.8epss 0.02

    Adobe Illustrator version 25.2.3 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.…

  • CVE-2020-27466HigAug 20, 2021
    risk 0.51cvss 7.8epss 0.02

    An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file.

  • CVE-2020-27464HigAug 20, 2021
    risk 0.51cvss 7.8epss 0.02

    An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows attackers to execute arbitrary code via a crafted ZIP file.

  • CVE-2020-27461HigAug 20, 2021
    risk 0.57cvss 8.8epss 0.04

    A remote code execution vulnerability in SEOPanel 4.6.0 has been fixed for 4.7.0. This vulnerability allowed for remote code execution through an authenticated file upload via the Settings Panel>Import website function.

  • CVE-2021-36748HigAug 20, 2021
    risk 0.50cvss 7.5epss 0.15

    A SQL Injection issue in the list controller of the Prestahome Blog (aka ph_simpleblog) module before 1.7.8 for Prestashop allows a remote attacker to extract data from the database via the sb_category parameter.

  • CVE-2021-35529HigAug 20, 2021
    risk 0.50cvss 7.7epss 0.01

    Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This…

  • CVE-2021-22255HigAug 20, 2021
    risk 0.50cvss 7.7epss 0.01

    SSRF in URL file upload in Baserow <1.1.0 allows remote authenticated users to retrieve files from the internal server network exposed over HTTP by inserting an internal address.

  • CVE-2021-22246HigAug 20, 2021
    risk 0.50cvss 7.7epss 0.01

    A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial of service attacks.

  • CVE-2021-21823HigAug 20, 2021
    risk 0.49cvss 7.5epss 0.01

    An information disclosure vulnerability exists in the Friend finder functionality of GmbH Komoot version 10.26.9 up to 11.1.11. A specially crafted series of network requests can lead to the disclosure of sensitive information.

  • CVE-2021-34433HigAug 20, 2021
    risk 0.49cvss 7.5epss 0.00

    In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's…

  • CVE-2020-18886HigAug 20, 2021
    risk 0.47cvss 7.2epss 0.02

    Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/upload_file_do.php'.

  • CVE-2020-18885HigAug 20, 2021
    risk 0.47cvss 7.2epss 0.04

    Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'.

  • CVE-2020-18877HigAug 20, 2021
    risk 0.49cvss 7.5epss 0.01

    SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'.

  • CVE-2020-18897HigAug 19, 2021
    risk 0.51cvss 7.8epss 0.01

    An use-after-free vulnerability in the libpff_item_tree_create_node function of libyal Libpff before 20180623 allows attackers to cause a denial of service (DOS) or execute arbitrary code via a crafted pff file.

  • CVE-2021-28490HigAug 19, 2021
    risk 0.57cvss 8.8epss 0.01

    In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token.

  • CVE-2020-20642HigAug 19, 2021
    risk 0.57cvss 8.8epss 0.01

    Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn.

  • CVE-2021-37698HigAug 19, 2021
    risk 0.49cvss 7.5epss 0.01

    Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions 2.5.0 through 2.13.0, ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer do not verify the…

  • CVE-2021-34645HigAug 19, 2021
    risk 0.57cvss 8.8epss 0.01

    The Shopping Cart & eCommerce Store WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_currency_settings function found in the ~/admin/inc/wp_easycart_admin_initial_setup.php file which allows attackers to inject arbitrary web scripts, in versions up to…

  • CVE-2021-31338HigAug 19, 2021
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.0 SP1). Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute own code on the device.

  • CVE-2021-24038HigAug 19, 2021
    risk 0.51cvss 7.8epss 0.00

    Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507.