VYPR

CVEs

101,963 total · page 1292 of 2,040

  • CVE-2021-32808HigAug 12, 2021
    risk 0.49cvss 7.6epss 0.01

    ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could…

  • CVE-2021-38604HigAug 12, 2021
    risk 0.49cvss 7.5epss 0.03

    In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.

  • CVE-2021-38599HigAug 12, 2021
    risk 0.42cvss 7.5epss 0.01

    WAL-G before 1.1, when a non-libsodium build (e.g., one of the official binary releases published as GitHub Releases) is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user…

  • CVE-2021-38291HigAug 12, 2021
    risk 0.49cvss 7.5epss 0.03

    FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.

  • CVE-2021-27794HigAug 12, 2021
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.

  • CVE-2021-27792HigAug 12, 2021
    risk 0.51cvss 7.8epss 0.00

    The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP…

  • CVE-2021-27790HigAug 12, 2021
    risk 0.51cvss 7.8epss 0.00

    The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution…

  • CVE-2020-20981HigAug 12, 2021
    risk 0.49cvss 7.5epss 0.01

    A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information.

  • CVE-2021-38088HigAug 12, 2021
    risk 0.51cvss 7.8epss 0.00

    Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking.

  • CVE-2021-38086HigAug 12, 2021
    risk 0.51cvss 7.8epss 0.00

    Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to build 26226 allowed local privilege escalation via DLL hijacking.

  • CVE-2021-37841HigAug 12, 2021
    risk 0.51cvss 7.8epss 0.01

    Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads…

  • CVE-2020-24576HigAug 12, 2021
    risk 0.57cvss 8.8epss 0.02

    Netskope Client through 77 allows low-privileged users to elevate their privileges to NT AUTHORITY\SYSTEM.

  • CVE-2021-38593HigAug 12, 2021
    risk 0.00cvss 7.5epss 0.03

    Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

  • CVE-2021-38592HigAug 12, 2021
    risk 0.49cvss 7.5epss 0.01

    Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called from EvaluateExpression and m3_LoadModule).

  • CVE-2021-38589HigAug 11, 2021
    risk 0.53cvss 8.1epss 0.01

    In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588).

  • CVE-2021-38588HigAug 11, 2021
    risk 0.53cvss 8.1epss 0.00

    In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587).

  • CVE-2021-38587HigAug 11, 2021
    risk 0.49cvss 7.5epss 0.01

    In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586).

  • CVE-2021-38585HigAug 11, 2021
    risk 0.47cvss 7.2epss 0.01

    The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585).

  • CVE-2021-38584HigAug 11, 2021
    risk 0.47cvss 7.2epss 0.01

    The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585).

  • CVE-2021-37697HigAug 11, 2021
    risk 0.00cvss 7.1epss 0.01

    tmerc-cogs are a collection of open source plugins for the Red Discord bot. A vulnerability has been found in the code that allows any user to access sensitive information by crafting a specific membership event message. Issue is patched in commit…

  • CVE-2021-37696HigAug 11, 2021
    risk 0.00cvss 7.1epss 0.01

    tmerc-cogs are a collection of open source plugins for the Red Discord bot. A vulnerability has been found in the code that allows any user to access sensitive information by crafting a specific MassDM message. Issue is patched in commit 92325be650a6c17940cc52611797533ed95dbbe1.…

  • CVE-2021-37627HigAug 11, 2021
    risk 0.52cvss 8.0epss 0.01

    Contao is an open source CMS that allows creation of websites and scalable web applications. In affected versions it is possible to gain privileged rights in the Contao back end. Installations are only affected if they have untrusted back end users who have access to the form…

  • CVE-2021-37626HigAug 11, 2021
    risk 0.47cvss 7.2epss 0.01

    Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the…

  • CVE-2021-36770HigAug 11, 2021
    risk 0.00cvss 7.8epss 0.01

    Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021…

  • CVE-2021-38571HigAug 11, 2021
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows DLL hijacking, aka CNVD-C-2021-68000 and CNVD-C-2021-68502.

  • CVE-2021-38569HigAug 11, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects.

  • CVE-2021-38567HigAug 11, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Reader before 11.0.1 on macOS. It mishandles missing dictionary entries, leading to a NULL pointer dereference, aka CNVD-C-2021-95204.

  • CVE-2021-38566HigAug 11, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows stack consumption during recursive processing of embedded XML nodes.

  • CVE-2021-38565HigAug 11, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows writing to arbitrary files via submitForm.

  • CVE-2021-1110HigAug 11, 2021
    risk 0.46cvss 7.1epss 0.00

    NVIDIA Linux kernel distributions on Jetson Xavier contain a vulnerability in camera firmware where a user can change input data after validation, which may lead to complete denial of service and serious data corruption of all kernel components.

  • CVE-2021-1109HigAug 11, 2021
    risk 0.47cvss 7.2epss 0.00

    NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized modification by camera resources may result in loss of data integrity or denial of service across several streams.

  • CVE-2021-1108HigAug 11, 2021
    risk 0.47cvss 7.3epss 0.00

    NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack of input validation may lead to complete denial of service, partial integrity, and serious confidentiality loss for all processes in the system.

  • CVE-2021-1107HigAug 11, 2021
    risk 0.51cvss 7.8epss 0.00

    NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access controls may lead to code execution, complete denial of service, and seriously compromised integrity of all system components.

  • CVE-2021-1106HigAug 11, 2021
    risk 0.51cvss 7.8epss 0.00

    NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, which may result in escalation of privileges, complete denial of service, unconstrained information disclosure, and serious data tampering of all processes on…

  • CVE-2020-25564HigAug 11, 2021
    risk 0.57cvss 8.8epss 0.01

    In SapphireIMS 5.0, it is possible to create local administrator on any client with credentials of a non-privileged user by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature.

  • CVE-2020-25561HigAug 11, 2021
    risk 0.51cvss 7.8epss 0.00

    SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server. This credential is saved in ServerConf.config file in the client.

  • CVE-2017-16632HigAug 11, 2021
    risk 0.49cvss 7.5epss 0.01

    In SapphireIMS 4097_1, the password in the database is stored in Base64 format.

  • CVE-2017-16630HigAug 11, 2021
    risk 0.57cvss 8.8epss 0.01

    In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function.

  • CVE-2017-16629HigAug 11, 2021
    risk 0.49cvss 7.5epss 0.01

    In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an error "The application failed to identify the user. Please contact…

  • CVE-2021-32439HigAug 11, 2021
    risk 0.00cvss 7.8epss 0.01

    Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

  • CVE-2021-38085HigAug 11, 2021
    risk 0.54cvss 7.8epss 0.01

    The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue. During the add printer process, a local attacker can overwrite CNMurGE.dll and, if timed properly, the overwritten DLL will be loaded into a SYSTEM process resulting in escalation of…

  • CVE-2021-37694HigAug 11, 2021
    risk 0.57cvss 8.7epss 0.01

    @asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream (SCSt) microservice. In versions prior to 0.7.0 arbitrary code injection was possible when an attacker controls the AsyncAPI document. An example is provided in GHSA-xj6r-2jpm-qvxp. There are no…

  • CVE-2020-21976HigAug 11, 2021
    risk 0.57cvss 8.8epss 0.02

    An arbitrary file upload in the component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands.

  • CVE-2021-3050HigAug 11, 2021
    risk 0.57cvss 8.8epss 0.02

    An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 9.0 version 9.0.10 through PAN-OS 9.0.14; PAN-OS 9.1 version 9.1.4…

  • CVE-2021-20427HigAug 11, 2021
    risk 0.49cvss 7.5epss 0.01

    IBM Security Guardium 11.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196314.

  • CVE-2021-32947HigAug 11, 2021
    risk 0.51cvss 7.8epss 0.02

    FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.

  • CVE-2021-32939HigAug 11, 2021
    risk 0.51cvss 7.8epss 0.02

    FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a project file that may permit arbitrary code execution.

  • CVE-2021-32931HigAug 11, 2021
    risk 0.51cvss 7.8epss 0.02

    An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5.88 and prior may be exploited while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.

  • CVE-2021-23420HigAug 11, 2021
    risk 0.43cvss 7.7epss 0.03

    This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation.

  • CVE-2021-0196HigAug 11, 2021
    risk 0.51cvss 7.8epss 0.00

    Improper access control in kernel mode driver for some Intel(R) NUC 9 Extreme Laptop Kits before version 2.2.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.