VYPR

CVEs

101,963 total · page 1288 of 2,040

  • CVE-2021-39273HigAug 19, 2021
    risk 0.57cvss 8.8epss 0.03

    In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) are set upon application execution, allowing an unprivileged user to modify the application, modules, and configuration files. This leads to arbitrary code execution with root privileges.

  • CVE-2021-36762HigAug 19, 2021
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd():tftpsrv.c TFTP packet processing function doesn't ensure that a filename is adequately '\0' terminated; therefore, a subsequent call to strlen for the filename might read out of bounds of the…

  • CVE-2021-31401HigAug 19, 2021
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the…

  • CVE-2021-27565HigAug 19, 2021
    risk 0.49cvss 7.5epss 0.03

    The web server in InterNiche NicheStack through 4.0.1 allows remote attackers to cause a denial of service (infinite loop and networking outage) via an unexpected valid HTTP request such as OPTIONS. This occurs because the HTTP request handler enters a miscoded wbs_loop()…

  • CVE-2020-35684HigAug 19, 2021
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is…

  • CVE-2020-35683HigAug 19, 2021
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the…

  • CVE-2021-31400HigAug 19, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment's data. If the panic…

  • CVE-2021-31228HigAug 19, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query's source port in order to send forged DNS response packets that will be accepted as valid answers to the DNS client's requests (without sniffing the specific…

  • CVE-2021-31227HigAug 19, 2021
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a…

  • CVE-2020-22345HigAug 18, 2021
    risk 0.00cvss 8.8epss 0.04

    /graphStatus/displayServiceStatus.php in Centreon 19.10.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the RRDdatabase_path parameter.

  • CVE-2021-34745HigAug 18, 2021
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the AppDynamics .NET Agent for Windows could allow an attacker to leverage an authenticated, local user account to gain SYSTEM privileges. This vulnerability is due to the .NET Agent Coordinator Service executing code with SYSTEM privileges. An attacker with…

  • CVE-2021-39270HigAug 18, 2021
    risk 0.49cvss 7.5epss 0.00

    In Ping Identity RSA SecurID Integration Kit before 3.2, user impersonation can occur.

  • CVE-2021-25218HigAug 18, 2021
    risk 0.49cvss 7.5epss 0.04

    In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition When a vulnerable version of named receives a query under the circumstances described above, the named process will terminate due to a failed assertion check. The vulnerability affects only BIND…

  • CVE-2020-25927HigAug 18, 2021
    risk 0.49cvss 7.5epss 0.02

    The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service (remote). The component is: DNS response processing in function: dns_upcall(). The attack vector is: a specific DNS response packet. The code does not…

  • CVE-2020-25926HigAug 18, 2021
    risk 0.49cvss 7.5epss 0.01

    The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning (remote). The component is: dns_query_type(). The attack vector is: a specific DNS response packet.

  • CVE-2020-25767HigAug 18, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnc_copy_in routine for parsing DNS domain names does not check whether a domain name compression pointer is pointing within the bounds of the packet (e.g., forward compression pointer jumps are allowed), which…

  • CVE-2020-19669HigAug 18, 2021
    risk 0.57cvss 8.8epss 0.01

    Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&c=Admin&a=admin_add&lang=cn.

  • CVE-2021-37617HigAug 18, 2021
    risk 0.00cvss 7.3epss 0.00

    The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextcloud Desktop Client invokes its uninstaller script when being installed to make sure there are no remnants of previous installations. In versions 3.0.3 through 3.2.4, the…

  • CVE-2020-22124HigAug 18, 2021
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access sensitive information.

  • CVE-2020-22122HigAug 18, 2021
    risk 0.49cvss 7.5epss 0.01

    A SQL injection vulnerability in /oa.php?c=Staff&a=read of Find a Place LJCMS v 1.3 allows attackers to access sensitive database information via a crafted POST request.

  • CVE-2020-22120HigAug 18, 2021
    risk 0.57cvss 8.8epss 0.02

    A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code.

  • CVE-2021-39282HigAug 18, 2021
    risk 0.49cvss 7.5epss 0.02

    Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files.

  • CVE-2021-23424HigAug 18, 2021
    risk 0.42cvss 7.5epss 0.02

    This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time.

  • CVE-2020-18875HigAug 18, 2021
    risk 0.57cvss 8.8epss 0.02

    Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl (velocity) files.

  • CVE-2021-37714HigAug 18, 2021
    risk 0.49cvss 7.5epss 0.07

    jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop…

  • CVE-2021-37702HigAug 18, 2021
    risk 0.00cvss 8.0epss 0.01

    Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround.

  • CVE-2021-21868HigAug 18, 2021
    risk 0.51cvss 7.8epss 0.02

    An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious…

  • CVE-2021-21867HigAug 18, 2021
    risk 0.51cvss 7.8epss 0.02

    An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a…

  • CVE-2021-21862HigAug 18, 2021
    risk 0.57cvss 8.8epss 0.01

    Multiple exploitable integer truncation vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that…

  • CVE-2020-18746HigAug 18, 2021
    risk 0.47cvss 7.2epss 0.02

    SQL Injection in AiteCMS v1.0 allows remote attackers to execute arbitrary code via the component "aitecms/login/diy_list.php".

  • CVE-2021-21858HigAug 18, 2021
    risk 0.57cvss 8.8epss 0.02

    Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a…

  • CVE-2021-21857HigAug 18, 2021
    risk 0.57cvss 8.8epss 0.02

    Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a…

  • CVE-2021-21856HigAug 18, 2021
    risk 0.57cvss 8.8epss 0.01

    Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a…

  • CVE-2021-21855HigAug 18, 2021
    risk 0.57cvss 8.8epss 0.02

    Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a…

  • CVE-2021-21854HigAug 18, 2021
    risk 0.57cvss 8.8epss 0.02

    Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a…

  • CVE-2021-21853HigAug 18, 2021
    risk 0.57cvss 8.8epss 0.02

    Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a…

  • CVE-2021-21852HigAug 18, 2021
    risk 0.57cvss 8.8epss 0.02

    Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “stss” decoder can cause an integer overflow due to unchecked arithmetic resulting…

  • CVE-2021-21851HigAug 18, 2021
    risk 0.57cvss 8.8epss 0.02

    Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “csgp” decoder sample group description indices can cause an integer overflow due…

  • CVE-2021-21847HigAug 18, 2021
    risk 0.57cvss 8.8epss 0.02

    Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stts” decoder can cause an integer overflow due to unchecked arithmetic resulting…

  • CVE-2021-21846HigAug 18, 2021
    risk 0.57cvss 8.8epss 0.02

    Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsz” decoder can cause an integer overflow due to unchecked arithmetic resulting…

  • CVE-2021-21845HigAug 18, 2021
    risk 0.57cvss 8.8epss 0.02

    Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsc” decoder can cause an integer overflow due to unchecked arithmetic resulting…

  • CVE-2021-21844HigAug 18, 2021
    risk 0.57cvss 8.8epss 0.02

    Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when encountering an atom using the “stco” FOURCC code, can cause an integer overflow…

  • CVE-2021-21843HigAug 18, 2021
    risk 0.57cvss 8.8epss 0.02

    Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based…

  • CVE-2021-21839HigAug 18, 2021
    risk 0.57cvss 8.8epss 0.02

    Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based…

  • CVE-2021-21838HigAug 18, 2021
    risk 0.57cvss 8.8epss 0.02

    Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based…

  • CVE-2021-21837HigAug 18, 2021
    risk 0.57cvss 8.8epss 0.02

    Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based…

  • CVE-2021-31820HigAug 18, 2021
    risk 0.49cvss 7.5epss 0.01

    In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI.

  • CVE-2021-33580HigAug 18, 2021
    risk 0.49cvss 7.5epss 0.03

    User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker…

  • CVE-2021-20758HigAug 18, 2021
    risk 0.52cvss 8.0epss 0.00

    Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors.

  • CVE-2021-39131HigAug 17, 2021
    risk 0.42cvss 7.5epss 0.02

    ced detects character encoding using Google’s compact_enc_det library. In ced v0.1.0, passing data types other than `Buffer` causes the Node.js process to crash. The problem has been patched in ced v1.0.0. As a workaround, before passing an argument to ced, verify it’s a…