VYPR

CVEs

101,963 total · page 1294 of 2,040

  • CVE-2021-36277HigAug 9, 2021
    risk 0.51cvss 7.8epss 0.00

    Dell Command | Update, Dell Update, and Alienware Update versions before 4.3 contains an Improper Verification of Cryptographic Signature Vulnerability. A local authenticated malicious user may exploit this vulnerability by executing arbitrary code on the system.

  • CVE-2021-36276HigAug 9, 2021
    risk 0.57cvss 8.8epss 0.00

    Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

  • CVE-2021-32797HigAug 9, 2021
    risk 0.41cvss 7.4epss 0.03

    JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn’t sanitize the action attribute of html ``. Using this it is…

  • CVE-2021-21584HigAug 9, 2021
    risk 0.50cvss 7.7epss 0.01

    Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability. An authenticated low privileged attacker may potentially exploit this vulnerability leading to disclosure of the OIDC server credentials.

  • CVE-2021-37634HigAug 9, 2021
    risk 0.48cvss 7.4epss 0.01

    Leafkit is a templating language with Swift-inspired syntax. Versions prior to 1.3.0 are susceptible to Cross-site Scripting (XSS) attacks. This affects anyone passing unsanitised data to Leaf's variable tags. Before this fix, Leaf would not escape any strings passed to tags as…

  • CVE-2021-37633HigAug 9, 2021
    risk 0.00cvss 7.4epss 0.01

    Discourse is an open source discussion platform. In versions prior to 2.7.8 rendering of d-popover tooltips can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy. This issue is patched…

  • CVE-2015-2074HigAug 9, 2021
    risk 0.49cvss 7.5epss 0.04

    The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681.

  • CVE-2015-2073HigAug 9, 2021
    risk 0.49cvss 7.5epss 0.04

    The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682.

  • CVE-2013-4717HigAug 9, 2021
    risk 0.57cvss 8.8epss 0.01

    Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to…

  • CVE-2021-33256HigAug 9, 2021
    risk 0.64cvss 8.8epss 0.79

    A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The j_username parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "User…

  • CVE-2021-36798HigAug 9, 2021
    risk 0.49cvss 7.5epss 0.04

    A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote attackers to crash the C2 server thread and block beacons' communication with it.

  • CVE-2021-38290HigAug 9, 2021
    risk 0.00cvss 8.1epss 0.01

    A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. An attacker can use a man in the middle attack such as phishing.

  • CVE-2021-37214HigAug 9, 2021
    risk 0.57cvss 8.8epss 0.01

    The employee management page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID in specific parameters to arbitrary access employee's data, modify it, and then…

  • CVE-2021-24521HigAug 9, 2021
    risk 0.47cvss 7.2epss 0.02

    The Side Menu Lite – add sticky fixed buttons WordPress plugin before 2.2.1 does not properly sanitize input values from the browser when building an SQL statement. Users with the administrator role or permission to manage this plugin could perform an SQL Injection attack.

  • CVE-2021-24520HigAug 9, 2021
    risk 0.57cvss 8.8epss 0.02

    The Stock in & out WordPress plugin through 1.0.4 lacks proper sanitization before passing variables to an SQL request, making it vulnerable to SQL Injection attacks. Users with a role of contributor or higher can exploit this vulnerability.

  • CVE-2021-24501HigAug 9, 2021
    risk 0.53cvss 8.1epss 0.01

    The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objects. This allowed a logged in user to modify or delete objects belonging to other…

  • CVE-2021-24500HigAug 9, 2021
    risk 0.53cvss 8.1epss 0.01

    Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site,…

  • CVE-2021-38207HigAug 8, 2021
    risk 0.00cvss 7.5epss 0.03

    drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes.

  • CVE-2021-38202HigAug 8, 2021
    risk 0.49cvss 7.5epss 0.03

    fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd.

  • CVE-2021-38201HigAug 8, 2021
    risk 0.00cvss 7.5epss 0.03

    net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.

  • CVE-2021-23419HigAug 8, 2021
    risk 0.41cvss 7.3epss 0.01

    This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a __proto__ or constructor payload.

  • CVE-2021-38192HigAug 8, 2021
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in the prost-types crate before 0.8.0 for Rust. An overflow can occur during conversion from Timestamp to SystemTime.

  • CVE-2020-36465HigAug 8, 2021
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in the generic-array crate before 0.13.3 for Rust. It violates soundness by using the arr! macro to extend lifetimes.

  • CVE-2020-36464HigAug 8, 2021
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in the heapless crate before 0.6.1 for Rust. The IntoIter Clone implementation clones an entire underlying Vec without considering whether it has already been partially consumed.

  • CVE-2020-36463HigAug 8, 2021
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in the multiqueue crate through 2020-12-25 for Rust. There are unconditional implementations of Send for InnerSend<RW, T>, InnerRecv<RW, T>, FutInnerSend<RW, T>, and FutInnerRecv<RW, T>.

  • CVE-2020-36462HigAug 8, 2021
    risk 0.46cvss 8.1epss 0.01

    An issue was discovered in the syncpool crate before 0.1.6 for Rust. There is an unconditional implementation of Send for Bucket2.

  • CVE-2020-36461HigAug 8, 2021
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in the noise_search crate through 2020-12-10 for Rust. There are unconditional implementations of Send and Sync for MvccRwLock.

  • CVE-2020-36460HigAug 8, 2021
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in the model crate through 2020-11-10 for Rust. The Shared data structure has an implementation of the Send and Sync traits without regard for the inner type.

  • CVE-2020-36459HigAug 8, 2021
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in the dces crate through 2020-12-09 for Rust. The World type is marked as Send but lacks bounds on its EntityStore and ComponentStore.

  • CVE-2020-36458HigAug 8, 2021
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in the lexer crate through 2020-11-10 for Rust. For ReaderResult<T, E>, there is an implementation of Sync with a trait bound of T: Send, E: Send.

  • CVE-2020-36457HigAug 8, 2021
    risk 0.46cvss 8.1epss 0.01

    An issue was discovered in the lever crate before 0.1.1 for Rust. AtomicBox implements the Send and Sync traits for all types T.

  • CVE-2020-36456HigAug 8, 2021
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in the toolshed crate through 2020-11-15 for Rust. In CopyCell, the Send trait lacks bounds on the contained type.

  • CVE-2020-36455HigAug 8, 2021
    risk 0.46cvss 8.1epss 0.01

    An issue was discovered in the slock crate through 2020-11-17 for Rust. Slock unconditionally implements Send and Sync.

  • CVE-2020-36454HigAug 8, 2021
    risk 0.00cvss 8.1epss 0.01

    An issue was discovered in the parc crate through 2020-11-14 for Rust. LockWeak has an unconditional implementation of Send without trait bounds on T.

  • CVE-2020-36453HigAug 8, 2021
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in the scottqueue crate through 2020-11-15 for Rust. There are unconditional implementations of Send and Sync for Queue.

  • CVE-2020-36451HigAug 8, 2021
    risk 0.00cvss 8.1epss 0.01

    An issue was discovered in the rcu_cell crate through 2020-11-14 for Rust. There are unconditional implementations of Send and Sync for RcuCell.

  • CVE-2020-36450HigAug 8, 2021
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in the bunch crate through 2020-11-12 for Rust. There are unconditional implementations of Send and Sync for Bunch.

  • CVE-2020-36449HigAug 8, 2021
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in the kekbit crate before 0.3.4 for Rust. For ShmWriter, Send is implemented without requiring H: Send.

  • CVE-2020-36448HigAug 8, 2021
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in the cache crate through 2020-11-24 for Rust. There are unconditional implementations of Send and Sync for Cache.

  • CVE-2020-36447HigAug 8, 2021
    risk 0.46cvss 8.1epss 0.01

    An issue was discovered in the v9 crate through 2020-12-18 for Rust. There is an unconditional implementation of Sync for SyncRef.

  • CVE-2020-36446HigAug 8, 2021
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in the signal-simple crate through 2020-11-15 for Rust. There are unconditional implementations of Send and Sync for SyncChannel.

  • CVE-2020-36445HigAug 8, 2021
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in the convec crate through 2020-11-24 for Rust. There are unconditional implementations of Send and Sync for ConVec.

  • CVE-2020-36444HigAug 8, 2021
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in the async-coap crate through 2020-12-08 for Rust. Send and Sync are implemented for ArcGuard<RC, T> without trait bounds on RC.

  • CVE-2020-36442HigAug 8, 2021
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in the beef crate before 0.5.0 for Rust. beef::Cow has no Sync bound on its Send trait.

  • CVE-2020-36441HigAug 8, 2021
    risk 0.46cvss 8.1epss 0.01

    An issue was discovered in the abox crate before 0.4.1 for Rust. It implements Send and Sync for AtomicBox with no requirement for T: Send and T: Sync.

  • CVE-2020-36440HigAug 8, 2021
    risk 0.46cvss 8.1epss 0.01

    An issue was discovered in the libsbc crate before 0.1.5 for Rust. For Decoder, it implements Send for any R: Read.

  • CVE-2020-36439HigAug 8, 2021
    risk 0.46cvss 8.1epss 0.01

    An issue was discovered in the ticketed_lock crate before 0.3.0 for Rust. There are unconditional implementations of Send for ReadTicket and WriteTicket.

  • CVE-2020-36438HigAug 8, 2021
    risk 0.46cvss 8.1epss 0.01

    An issue was discovered in the tiny_future crate before 0.4.0 for Rust. Future does not have bounds on its Send and Sync traits.

  • CVE-2020-36437HigAug 8, 2021
    risk 0.46cvss 8.1epss 0.01

    An issue was discovered in the conqueue crate before 0.4.0 for Rust. There are unconditional implementations of Send and Sync for QueueSender.

  • CVE-2020-36436HigAug 8, 2021
    risk 0.46cvss 8.1epss 0.01

    An issue was discovered in the unicycle crate before 0.7.1 for Rust. PinSlab and Unordered<T, S> do not have bounds on their Send and Sync traits.