VYPR

CVEs

101,963 total · page 1297 of 2,040

  • CVE-2021-34832HigAug 4, 2021
    risk 0.51cvss 7.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2021-34831HigAug 4, 2021
    risk 0.51cvss 7.8epss 0.03

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.4.37651. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2021-26097HigAug 4, 2021
    risk 0.57cvss 8.8epss 0.01

    An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via…

  • CVE-2020-29011HigAug 4, 2021
    risk 0.57cvss 8.8epss 0.01

    Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated attacker to execute unauthorized code on the underlying SQL interpreter via specifically crafted…

  • CVE-2021-24010HigAug 4, 2021
    risk 0.53cvss 8.1epss 0.01

    Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated user to obtain unauthorized access to files and data via specifially crafted web requests.

  • CVE-2021-36765HigAug 4, 2021
    risk 0.49cvss 7.5epss 0.01

    In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer dereference in the downloaded vulnerable EtherNet/IP stack that is executed by the CODESYS Control runtime system.

  • CVE-2021-36764HigAug 4, 2021
    risk 0.49cvss 7.5epss 0.01

    In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.

  • CVE-2021-33338HigAug 4, 2021
    risk 0.49cvss 7.5epss 0.00

    The Layout module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 6, exposes the CSRF token in URLs, which allows man-in-the-middle attackers to obtain the token and conduct Cross-Site Request Forgery (CSRF) attacks via the…

  • CVE-2021-29765HigAug 4, 2021
    risk 0.49cvss 7.5epss 0.01

    IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obtain sensitive information if they gain service access to the FSP. IBM X-Force ID: 202476.

  • CVE-2021-36483HigAug 4, 2021
    risk 0.57cvss 8.8epss 0.03

    DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure deserialization.

  • CVE-2021-35397HigAug 4, 2021
    risk 0.49cvss 7.5epss 0.04

    A path traversal vulnerability in the static router for Drogon from 1.0.0-beta14 to 1.6.0 could allow an unauthenticated, remote attacker to arbitrarily read files. The vulnerability is due to lack of proper input validation for requested path. An attacker could exploit this…

  • CVE-2021-38084HigAug 3, 2021
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session.

  • CVE-2021-34273HigAug 3, 2021
    risk 0.49cvss 7.5epss 0.01

    A security flaw in the 'owned' function of a smart contract implementation for BTC2X (B2X), a tradeable Ethereum ERC20 token, allows attackers to hijack victim accounts and arbitrarily increase the digital supply of assets.

  • CVE-2021-34272HigAug 3, 2021
    risk 0.49cvss 7.5epss 0.01

    A security flaw in the 'owned' function of a smart contract implementation for RobotCoin (RBTC), a tradeable Ethereum ERC20 token, allows attackers to hijack victim accounts and arbitrarily increase the digital supply of assets.

  • CVE-2021-34270HigAug 3, 2021
    risk 0.49cvss 7.5epss 0.01

    An integer overflow in the mintToken function of a smart contract implementation for Doftcoin Token, an Ethereum ERC20 token, allows the owner to cause unexpected financial losses.

  • CVE-2021-33403HigAug 3, 2021
    risk 0.49cvss 7.5epss 0.01

    An integer overflow in the transfer function of a smart contract implementation for Lancer Token, an Ethereum ERC20 token, allows the owner to cause unexpected financial losses between two large accounts during a transaction.

  • CVE-2021-33335HigAug 3, 2021
    risk 0.47cvss 7.2epss 0.01

    Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9 allows remote authenticated users with permission to update/edit users to take over a company administrator user account by editing the…

  • CVE-2020-19304HigAug 3, 2021
    risk 0.49cvss 7.5epss 0.02

    An issue in /admin/index.php?n=system&c=filept&a=doGetFileList of Metinfo v7.0.0 allows attackers to perform a directory traversal and access sensitive information.

  • CVE-2020-19303HigAug 3, 2021
    risk 0.51cvss 7.8epss 0.01

    An arbitrary file upload vulnerability in /fileupload.php of hdcms 5.7 allows attackers to execute arbitrary code via a crafted file.

  • CVE-2021-30588HigAug 3, 2021
    risk 0.57cvss 8.8epss 0.02

    Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-30586HigAug 3, 2021
    risk 0.57cvss 8.8epss 0.01

    Use after free in dialog box handling in Windows in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-30585HigAug 3, 2021
    risk 0.57cvss 8.8epss 0.01

    Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-30581HigAug 3, 2021
    risk 0.57cvss 8.8epss 0.01

    Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-30579HigAug 3, 2021
    risk 0.57cvss 8.8epss 0.02

    Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-30578HigAug 3, 2021
    risk 0.57cvss 8.8epss 0.02

    Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.

  • CVE-2021-30577HigAug 3, 2021
    risk 0.51cvss 7.8epss 0.01

    Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file.

  • CVE-2021-30576HigAug 3, 2021
    risk 0.57cvss 8.8epss 0.01

    Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-30575HigAug 3, 2021
    risk 0.57cvss 8.8epss 0.02

    Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-30574HigAug 3, 2021
    risk 0.57cvss 8.8epss 0.02

    Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-30573HigAug 3, 2021
    risk 0.58cvss 8.8epss 0.06

    Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-30572HigAug 3, 2021
    risk 0.57cvss 8.8epss 0.02

    Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-30569HigAug 3, 2021
    risk 0.57cvss 8.8epss 0.01

    Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-30568HigAug 3, 2021
    risk 0.57cvss 8.8epss 0.02

    Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-30567HigAug 3, 2021
    risk 0.57cvss 8.8epss 0.01

    Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to open DevTools to potentially exploit heap corruption via specific user gesture.

  • CVE-2021-30566HigAug 3, 2021
    risk 0.57cvss 8.8epss 0.02

    Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit stack corruption via a crafted HTML page.

  • CVE-2021-30565HigAug 3, 2021
    risk 0.57cvss 8.8epss 0.02

    Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.

  • CVE-2021-33323HigAug 3, 2021
    risk 0.49cvss 7.5epss 0.01

    The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote attackers to view the autosaved values by viewing the form as an…

  • CVE-2021-33322HigAug 3, 2021
    risk 0.42cvss 7.5epss 0.01

    In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 18, and 7.2 before fix pack 5, password reset tokens are not invalidated after a user changes their password, which allows remote attackers to change the user’s password via the…

  • CVE-2021-33321HigAug 3, 2021
    risk 0.42cvss 7.5epss 0.01

    Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, and Liferay DXP before 7.3, allows remote attackers to enumerate user email address via the forgot password functionality. The portal.property login.secure.forgot.password should be defaulted to true.

  • CVE-2021-32804HigAug 3, 2021
    risk 0.48cvss 8.2epss 0.15

    The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into…

  • CVE-2021-32803HigAug 3, 2021
    risk 0.47cvss 8.2epss 0.08

    The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. `node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is not…

  • CVE-2021-30564HigAug 3, 2021
    risk 0.57cvss 8.8epss 0.01

    Heap buffer overflow in WebXR in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-30563HigKEVAug 3, 2021
    risk 0.70cvss 8.8epss 0.09

    Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-30562HigAug 3, 2021
    risk 0.57cvss 8.8epss 0.01

    Use after free in WebSerial in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-30561HigAug 3, 2021
    risk 0.58cvss 8.8epss 0.05

    Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-30560HigAug 3, 2021
    risk 0.59cvss 8.8epss 0.22

    Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-30559HigAug 3, 2021
    risk 0.57cvss 8.8epss 0.01

    Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-30541HigAug 3, 2021
    risk 0.57cvss 8.8epss 0.02

    Use after free in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-32018HigAug 3, 2021
    risk 0.55cvss 8.5epss 0.01

    An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The JUMP SOAP API was vulnerable to arbitrary file reading due to an improper limitation of file loading on the server filesystem, aka directory traversal.

  • CVE-2021-22425HigAug 3, 2021
    risk 0.51cvss 7.8epss 0.00

    A component of the HarmonyOS has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevating Privileges.