VYPR

CVEs

101,963 total · page 1293 of 2,040

  • CVE-2021-0160HigAug 11, 2021
    risk 0.51cvss 7.8epss 0.00

    Uncontrolled search path in some Intel(R) NUC Pro Chassis Element AverMedia Capture Card drivers before version 3.0.64.143 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2021-0084HigAug 11, 2021
    risk 0.51cvss 7.8epss 0.00

    Improper input validation in the Intel(R) Ethernet Controllers X722 and 800 series Linux RMDA driver before version 1.3.19 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2021-0062HigAug 11, 2021
    risk 0.51cvss 7.8epss 0.00

    Improper input validation in some Intel(R) Graphics Drivers before version 27.20.100.8935 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2021-0061HigAug 11, 2021
    risk 0.51cvss 7.8epss 0.00

    Improper initialization in some Intel(R) Graphics Driver before version 27.20.100.9030 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2021-0002HigAug 11, 2021
    risk 0.46cvss 7.1epss 0.00

    Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure or denial of service via local access.

  • CVE-2020-28589HigAug 11, 2021
    risk 0.57cvss 8.8epss 0.02

    An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this…

  • CVE-2021-38529HigAug 11, 2021
    risk 0.54cvss 8.3epss 0.02

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, and R9000 before 1.0.4.26.

  • CVE-2021-38527HigAug 11, 2021
    risk 0.53cvss 8.1epss 0.02

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.14, EX6100v2 before 1.0.1.98, EX6150v2 before 1.0.1.98, EX6250 before 1.0.0.132, EX6400 before 1.0.2.158, EX6400v2 before 1.0.0.132, EX6410 before 1.0.0.132,…

  • CVE-2021-38518HigAug 11, 2021
    risk 0.55cvss 8.4epss 0.01

    Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

  • CVE-2021-38515HigAug 11, 2021
    risk 0.48cvss 7.4epss 0.01

    Certain NETGEAR devices are affected by denial of service. This affects R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R7900 before 1.0.3.18, and R8000 before 1.0.4.46.

  • CVE-2021-38512HigAug 10, 2021
    risk 0.42cvss 7.5epss 0.02

    An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust. HTTP/1 request smuggling (aka HRS) can occur, potentially leading to credential disclosure.

  • CVE-2021-38511HigAug 10, 2021
    risk 0.00cvss 7.5epss 0.01

    An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal.

  • CVE-2021-38490HigAug 10, 2021
    risk 0.49cvss 7.5epss 0.01

    Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425.

  • CVE-2020-21688HigAug 10, 2021
    risk 0.57cvss 8.8epss 0.02

    A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.

  • CVE-2021-33708HigAug 10, 2021
    risk 0.57cvss 8.8epss 0.01

    Due to insufficient input validation in Kyma, authenticated users can pass a Header of their choice and escalate privileges.

  • CVE-2021-29296HigAug 10, 2021
    risk 0.49cvss 7.5epss 0.01

    Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. The vulnerability could be triggered by sending an HTTP request with URL /vct_wan; the sbin/httpd would invoke the strchr function and take NULL…

  • CVE-2021-29295HigAug 10, 2021
    risk 0.49cvss 7.5epss 0.01

    Null Pointer Dereference vulnerability exists in D-Link DSP-W215 1.10, which could let a remote malicious user cause a denial of servie via usr/bin/lighttpd. It could be triggered by sending an HTTP request without URL in the start line directly to the device. NOTE: The DSP-W215…

  • CVE-2021-29294HigAug 10, 2021
    risk 0.49cvss 7.5epss 0.01

    Null Pointer Dereference vulnerability exists in D-Link DSL-2740R UK_1.01, which could let a remove malicious user cause a denial of service via the send_hnap_unauthorized function. It could be triggered by sending crafted POST request to /HNAP1/. NOTE: The DSL-2740R and all…

  • CVE-2021-28845HigAug 10, 2021
    risk 0.49cvss 7.5epss 0.01

    Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending the POST request to apply_cgi via the lang action…

  • CVE-2021-38387HigAug 10, 2021
    risk 0.49cvss 7.5epss 0.01

    In Contiki 3.0, a Telnet server that silently quits (before disconnection with clients) leads to connected clients entering an infinite loop and waiting forever, which may cause excessive CPU consumption.

  • CVE-2021-38386HigAug 10, 2021
    risk 0.49cvss 7.5epss 0.01

    In Contiki 3.0, a buffer overflow in the Telnet service allows remote attackers to cause a denial of service because the ls command is mishandled when a directory has many files with long names.

  • CVE-2021-28844HigAug 10, 2021
    risk 0.49cvss 7.5epss 0.01

    Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi via a do_graph_auth action without a session_id key.

  • CVE-2021-28843HigAug 10, 2021
    risk 0.49cvss 7.5epss 0.01

    Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi with an unknown action name.

  • CVE-2021-28842HigAug 10, 2021
    risk 0.49cvss 7.5epss 0.01

    Null Pointer Deference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial os service by sending the POST request to apply_cgi via action do_graph_auth…

  • CVE-2021-28841HigAug 10, 2021
    risk 0.49cvss 7.5epss 0.01

    Null Pointer Dereference vulnerability in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending a POST request to apply_cgi via an action ping_test without a…

  • CVE-2021-21601HigAug 10, 2021
    risk 0.57cvss 8.8epss 0.00

    Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The…

  • CVE-2021-21597HigAug 10, 2021
    risk 0.47cvss 7.2epss 0.00

    Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclosure Vulnerability. An authenticated malicious user with physical access to the system could exploit this vulnerability to read sensitive information written to the log files.

  • CVE-2021-21567HigAug 10, 2021
    risk 0.51cvss 7.8epss 0.00

    Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. It may allow an authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE to elevate privilege.

  • CVE-2021-38380HigAug 10, 2021
    risk 0.49cvss 7.5epss 0.02

    Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. An attacker can leverage this to launch a DoS attack.

  • CVE-2021-28840HigAug 10, 2021
    risk 0.49cvss 7.5epss 0.02

    Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the upload_config function of…

  • CVE-2021-28839HigAug 10, 2021
    risk 0.49cvss 7.5epss 0.01

    Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the upload_certificate…

  • CVE-2021-28838HigAug 10, 2021
    risk 0.49cvss 7.5epss 0.02

    Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695 1.20RC093, DAP-3320 1.05RC027 BETA and DAP-3662 1.05rc069 in the sbin/httpd binary.…

  • CVE-2021-37367HigAug 10, 2021
    risk 0.51cvss 7.8epss 0.01

    CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Because The file "bl_categories_help.php" is vulnerable to directory traversal, an attacker can create a file that contains scripts and run arbitrary commands.

  • CVE-2021-37366HigAug 10, 2021
    risk 0.57cvss 8.8epss 0.01

    CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filtering for all standard users.

  • CVE-2021-38371HigAug 10, 2021
    risk 0.49cvss 7.5epss 0.02

    The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.

  • CVE-2021-22386HigAug 10, 2021
    risk 0.46cvss 7.0epss 0.00

    A component of the Huawei smartphone has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevation of Privileges.

  • CVE-2021-22385HigAug 10, 2021
    risk 0.51cvss 7.8epss 0.00

    A component of the Huawei smartphone has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution.

  • CVE-2021-3689HigAug 10, 2021
    risk 0.42cvss 7.5epss 0.02

    yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator

  • CVE-2021-37180HigAug 10, 2021
    risk 0.51cvss 7.8epss 0.01

    A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). The PSKERNEL.dll library lacks proper validation while parsing user-supplied OBJ files that could cause an out of bounds access to an uninitialized pointer. An attacker could leverage this…

  • CVE-2021-37179HigAug 10, 2021
    risk 0.51cvss 7.8epss 0.01

    A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). The PSKERNEL.dll library in affected application lacks proper validation while parsing user-supplied OBJ files that could lead to a use-after-free condition. An attacker could leverage this…

  • CVE-2021-37172HigAug 10, 2021
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (V4.5.0). Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to…

  • CVE-2021-33721HigAug 10, 2021
    risk 0.47cvss 7.2epss 0.03

    A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2). The affected application incorrectly neutralizes special elements when creating batch operations which could lead to command injection. An authenticated remote attacker with administrative privileges…

  • CVE-2021-25659HigAug 10, 2021
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0 SP9 Update 2). Sending specially crafted packets to port 4410/tcp of an affected system could lead to extensive memory being consumed and as such…

  • CVE-2021-21501HigAug 10, 2021
    risk 0.42cvss 7.5epss 0.04

    Improper configuration will cause ServiceComb ServiceCenter Directory Traversal problem in ServcieCenter 1.x.x versions and fixed in 2.0.0.

  • CVE-2020-23150HigAug 9, 2021
    risk 0.49cvss 7.5epss 0.02

    A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php.

  • CVE-2020-23149HigAug 9, 2021
    risk 0.49cvss 7.5epss 0.01

    The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information.

  • CVE-2020-23148HigAug 9, 2021
    risk 0.49cvss 7.5epss 0.02

    The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request.

  • CVE-2021-38311HigAug 9, 2021
    risk 0.49cvss 7.5epss 0.01

    In Contiki 3.0, potential nonterminating acknowledgment loops exist in the Telnet service. When the negotiated options are already disabled, servers still respond to DONT and WONT requests with WONT or DONT commands, which may lead to infinite acknowledgment loops, denial of…

  • CVE-2020-24742HigAug 9, 2021
    risk 0.51cvss 7.8epss 0.01

    An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.

  • CVE-2021-38305HigAug 9, 2021
    risk 0.00cvss 7.8epss 0.02

    23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When processing…