VYPR

CVEs

101,963 total · page 1289 of 2,040

  • CVE-2021-0284HigAug 17, 2021
    risk 0.49cvss 7.5epss 0.01

    A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). By repeatedly sending these sequences of packets to the device, an attacker can…

  • CVE-2021-28372HigAug 17, 2021
    risk 0.54cvss 8.3epss 0.03

    ThroughTek's Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary ThroughTek (TUTK) device given a valid 20-byte uniquely assigned identifier (UID). This could result in an attacker hijacking a victim's connection and forcing them into supplying credentials…

  • CVE-2020-23334HigAug 17, 2021
    risk 0.49cvss 7.5epss 0.01

    A WRITE memory access in the AP4_NullTerminatedStringAtom::AP4_NullTerminatedStringAtom component of Bento4 version 06c39d9 can lead to a segmentation fault.

  • CVE-2020-23333HigAug 17, 2021
    risk 0.49cvss 7.5epss 0.01

    A heap-based buffer overflow exists in the AP4_CttsAtom::AP4_CttsAtom component located in /Core/Ap4Utils.h of Bento4 version 06c39d9. This can lead to a denial of service (DOS).

  • CVE-2020-23332HigAug 17, 2021
    risk 0.49cvss 7.5epss 0.01

    A heap-based buffer overflow exists in the AP4_StdcFileByteStream::ReadPartial component located in /StdC/Ap4StdCFileByteStream.cpp of Bento4 version 06c39d9. This issue can lead to a denial of service (DOS).

  • CVE-2020-23331HigAug 17, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Bento4 version 06c39d9. A NULL pointer dereference exists in the AP4_DescriptorListWriter::Action component located in /Core/Ap4Descriptor.h. It allows an attacker to cause a denial of service (DOS).

  • CVE-2020-23330HigAug 17, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Bento4 version 06c39d9. A NULL pointer dereference exists in the AP4_Stz2Atom::GetSampleSize component located in /Core/Ap4Stz2Atom.cpp. It allows an attacker to cause a denial of service (DOS).

  • CVE-2021-29990HigAug 17, 2021
    risk 0.57cvss 8.8epss 0.01

    Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects…

  • CVE-2021-29989HigAug 17, 2021
    risk 0.57cvss 8.8epss 0.01

    Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects…

  • CVE-2021-29988HigAug 17, 2021
    risk 0.57cvss 8.8epss 0.01

    Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.

  • CVE-2021-29986HigAug 17, 2021
    risk 0.53cvss 8.1epss 0.01

    A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91,…

  • CVE-2021-29985HigAug 17, 2021
    risk 0.57cvss 8.8epss 0.01

    A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.

  • CVE-2021-29984HigAug 17, 2021
    risk 0.57cvss 8.8epss 0.01

    Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91,…

  • CVE-2021-29981HigAug 17, 2021
    risk 0.57cvss 8.8epss 0.01

    An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91.

  • CVE-2021-29980HigAug 17, 2021
    risk 0.57cvss 8.8epss 0.01

    Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.

  • CVE-2020-28594HigAug 17, 2021
    risk 0.51cvss 7.8epss 0.01

    A use-after-free vulnerability exists in the _3MF_Importer::_handle_end_model() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this…

  • CVE-2020-13589HigAug 17, 2021
    risk 0.57cvss 8.8epss 0.01

    An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The entities_id parameter in the 'entities/fields page (mulitple_edit or copy_selected or export function) is vulnerable to authenticated SQL…

  • CVE-2020-13588HigAug 17, 2021
    risk 0.57cvss 8.8epss 0.01

    An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The heading_field_id parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can make authenticated…

  • CVE-2021-39242HigAug 17, 2021
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host and authority is mishandled.

  • CVE-2021-39240HigAug 17, 2021
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example, the authority field (as observed on a target HTTP/2 server) might differ from…

  • CVE-2021-25263HigAug 17, 2021
    risk 0.51cvss 7.8epss 0.00

    Local privilege vulnerability in Yandex Browser for Windows prior to 21.9.0.390 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating files in directory with insecure permissions during Yandex Browser update process.

  • CVE-2021-0646HigAug 17, 2021
    risk 0.51cvss 7.8epss 0.00

    In sqlite3_str_vappendf of sqlite3.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if the user can also inject a printf into a privileged process's SQL with no additional execution privileges needed.…

  • CVE-2021-0645HigAug 17, 2021
    risk 0.51cvss 7.8epss 0.00

    In shouldBlockFromTree of ExternalStorageProvider.java, there is a possible permissions bypass. This could lead to local escalation of privilege, allowing an app to read private app directories in external storage, which should be restricted in Android 11, with no additional…

  • CVE-2021-0640HigAug 17, 2021
    risk 0.51cvss 7.8epss 0.00

    In noteAtomLogged of StatsdStats.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-0593HigAug 17, 2021
    risk 0.51cvss 7.8epss 0.00

    In sendDevicePickedIntent of DevicePickerFragment.java, there is a possible way to invoke a privileged broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for…

  • CVE-2021-0591HigAug 17, 2021
    risk 0.47cvss 7.3epss 0.00

    In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, there is a possible way to invoke privileged broadcast receivers due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for…

  • CVE-2021-0576HigAug 17, 2021
    risk 0.51cvss 7.8epss 0.00

    In flv extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid…

  • CVE-2021-0574HigAug 17, 2021
    risk 0.51cvss 7.8epss 0.00

    In asf extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid…

  • CVE-2021-0573HigAug 17, 2021
    risk 0.51cvss 7.8epss 0.00

    In asf extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid…

  • CVE-2021-0519HigAug 17, 2021
    risk 0.51cvss 7.8epss 0.00

    In BITSTREAM_FLUSH of ih264e_bitstream.h, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-29548HigAug 17, 2021
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session.

  • CVE-2021-3633HigAug 17, 2021
    risk 0.47cvss 7.3epss 0.00

    A DLL preloading vulnerability was reported in Lenovo Driver Management prior to version 2.9.0719.1104 that could allow privilege escalation.

  • CVE-2021-3617HigAug 17, 2021
    risk 0.47cvss 7.2epss 0.02

    A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow command injection by setting a specially crafted network configuration. This vulnerability is the same as CNVD-2020-68652.

  • CVE-2021-25957HigAug 17, 2021
    risk 0.50cvss 8.8epss 0.01

    In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using the password reset link the user received through email when requested for…

  • CVE-2021-37711HigAug 16, 2021
    risk 0.50cvss 8.8epss 0.01

    Versions prior to 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.

  • CVE-2021-37710HigAug 16, 2021
    risk 0.45cvss 8.0epss 0.01

    Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a Cross-Site Scripting vulnerability via SVG media files. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available…

  • CVE-2021-36281HigAug 16, 2021
    risk 0.49cvss 7.5epss 0.01

    Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerability. A low privileged authenticated user can potentially exploit this vulnerability to escalate privileges.

  • CVE-2021-36280HigAug 16, 2021
    risk 0.51cvss 7.8epss 0.00

    Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster.

  • CVE-2021-36279HigAug 16, 2021
    risk 0.51cvss 7.8epss 0.00

    Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster.

  • CVE-2021-36278HigAug 16, 2021
    risk 0.53cvss 8.1epss 0.01

    Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain a sensitive information exposure vulnerability in log files. A local malicious user with ISI_PRIV_LOGIN_SSH, ISI_PRIV_LOGIN_CONSOLE, or ISI_PRIV_SYS_SUPPORT privileges may exploit this vulnerability to access…

  • CVE-2021-21594HigAug 16, 2021
    risk 0.53cvss 8.2epss 0.01

    Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive query strings vulnerability. It can lead to potential disclosure of sensitive data. Dell recommends upgrading at your earliest opportunity.

  • CVE-2021-38608HigAug 16, 2021
    risk 0.51cvss 7.8epss 0.00

    Incorrect Access Control in Tranquil WAPT Enterprise - before 1.8.2.7373 and before 2.0.0.9450 allows guest OS users to escalate privileges via WAPT Agent.

  • CVE-2021-37708HigAug 16, 2021
    risk 0.50cvss 8.8epss 0.02

    Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a command injection vulnerability in mail agent settings. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available…

  • CVE-2021-21861HigAug 16, 2021
    risk 0.57cvss 8.8epss 0.02

    An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the 'hdlr' FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a…

  • CVE-2021-21860HigAug 16, 2021
    risk 0.57cvss 8.8epss 0.02

    An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes…

  • CVE-2021-21859HigAug 16, 2021
    risk 0.57cvss 8.8epss 0.02

    An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The stri_box_read function is used when processing atoms using the 'stri' FOURCC code. An attacker can convince a user to open…

  • CVE-2021-22940HigAug 16, 2021
    risk 0.50cvss 7.5epss 0.14

    Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.

  • CVE-2021-22938HigAug 16, 2021
    risk 0.47cvss 7.2epss 0.02

    A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console.

  • CVE-2021-22937HigAug 16, 2021
    risk 0.47cvss 7.2epss 0.08

    A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.

  • CVE-2021-22935HigAug 16, 2021
    risk 0.47cvss 7.2epss 0.02

    A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter.