VYPR

CVEs

101,963 total · page 1298 of 2,040

  • CVE-2021-22423HigAug 3, 2021
    risk 0.51cvss 7.8epss 0.00

    A component of the HarmonyOS has a Out-of-bounds Write Vulnerability. Local attackers may exploit this vulnerability to cause integer overflow.

  • CVE-2021-22422HigAug 3, 2021
    risk 0.51cvss 7.8epss 0.00

    A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting.

  • CVE-2021-22421HigAug 3, 2021
    risk 0.51cvss 7.8epss 0.00

    A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to cause further Elevation of Privileges.

  • CVE-2021-22420HigAug 3, 2021
    risk 0.51cvss 7.8epss 0.00

    A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause the underlying trust of the application trustlist mechanism is missing..

  • CVE-2021-22418HigAug 3, 2021
    risk 0.51cvss 7.8epss 0.00

    A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting.

  • CVE-2021-22416HigAug 3, 2021
    risk 0.51cvss 7.8epss 0.00

    A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution.

  • CVE-2019-14453HigAug 3, 2021
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Comelit "App lejos de casa (web)" 2.8.0. It allows privilege escalation via modified domus and logged fields, related to js/bridge.min.js and login.json. For example, an attacker can achieve high privileges (installer or administrator) for the…

  • CVE-2021-32814HigAug 3, 2021
    risk 0.00cvss 8.8epss 0.02

    Skytable is a NoSQL database with automated snapshots and TLS. Versions prior to 0.5.1 are vulnerable to a a directory traversal attack enabling remotely connected clients to destroy and/or manipulate critical files on the host's file system. This security bug has been patched…

  • CVE-2021-37557HigAug 3, 2021
    risk 0.60cvss 8.8epss 0.29

    A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage.php index parameter.

  • CVE-2021-37556HigAug 3, 2021
    risk 0.02cvss 8.8epss 0.29

    A SQL injection vulnerability in reporting export in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/reporting/dashboard/csvExport/csv_HostGroupLogs.php start and end…

  • CVE-2021-36763HigAug 3, 2021
    risk 0.49cvss 7.5epss 0.01

    In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.

  • CVE-2021-33486HigAug 3, 2021
    risk 0.49cvss 7.5epss 0.01

    All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions.

  • CVE-2021-31504HigAug 3, 2021
    risk 0.51cvss 7.8epss 0.01

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.3.84 (package 16.6.3.134). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a…

  • CVE-2021-31503HigAug 3, 2021
    risk 0.51cvss 7.8epss 0.01

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.3.84 (package 16.6.3.134). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a…

  • CVE-2021-32772HigAug 3, 2021
    risk 0.57cvss 8.8epss 0.02

    Poddycast is a podcast app made with Electron. Prior to version 0.8.1, an attacker can create a podcast or episode with malicious characters and execute commands on the client machine. The application does not clean the HTML characters of the podcast information obtained from…

  • CVE-2021-31630HigAug 3, 2021
    risk 0.59cvss 8.8epss 0.27

    Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.

  • CVE-2021-27954HigAug 3, 2021
    risk 0.53cvss 8.2epss 0.01

    A heap-based buffer overflow vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HKProcessConfig function of the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to force the device to connect to a SSID or cause a denial…

  • CVE-2021-27953HigAug 3, 2021
    risk 0.49cvss 7.5epss 0.02

    A NULL pointer dereference vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to cause a denial of service, forcing the device to reboot via a crafted HTTP request.

  • CVE-2021-21553HigAug 3, 2021
    risk 0.47cvss 7.3epss 0.00

    Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user to elevate privileges and break out of Compliance mode. This is a critical vulnerability and Dell recommends upgrading…

  • CVE-2021-32811HigAug 2, 2021
    risk 0.42cvss 7.5epss 0.02

    Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one's Zope deployment, run Zope 4 below version 4.6.3 or Zope 5 below version 5.3, and…

  • CVE-2021-34637HigAug 2, 2021
    risk 0.57cvss 8.8epss 0.01

    The Post Index WordPress plugin is vulnerable to Cross-Site Request Forgery via the OptionsPage function found in the ~/php/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.5.

  • CVE-2021-34632HigAug 2, 2021
    risk 0.57cvss 8.8epss 0.01

    The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request Forgery via the loc_config function found in the ~/seo-backlinks.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.1.

  • CVE-2021-34628HigAug 2, 2021
    risk 0.57cvss 8.8epss 0.01

    The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the ~/includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including…

  • CVE-2021-27943HigAug 2, 2021
    risk 0.49cvss 7.5epss 0.01

    The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs and mobile application is vulnerable to a brute-force attack (against only 10000 possibilities), allowing a threat actor to forcefully pair the device, leading to remote control of the TV…

  • CVE-2021-21866HigAug 2, 2021
    risk 0.51cvss 7.8epss 0.02

    A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a…

  • CVE-2021-21865HigAug 2, 2021
    risk 0.51cvss 7.8epss 0.01

    A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to…

  • CVE-2021-21864HigAug 2, 2021
    risk 0.51cvss 7.8epss 0.02

    A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a…

  • CVE-2021-37848HigAug 2, 2021
    risk 0.00cvss 7.5epss 0.02

    common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison.

  • CVE-2021-37847HigAug 2, 2021
    risk 0.00cvss 7.5epss 0.02

    crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification.

  • CVE-2021-35450HigAug 2, 2021
    risk 0.47cvss 7.2epss 0.02

    A Server Side Template Injection in the Entando Admin Console 6.3.9 and before allows a user with privileges to execute FreeMarker template with command execution via freemarker.template.utility.Execute

  • CVE-2021-3673HigAug 2, 2021
    risk 0.49cvss 7.5epss 0.02

    A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS.

  • CVE-2021-33198HigAug 2, 2021
    risk 0.49cvss 7.5epss 0.03

    In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.

  • CVE-2021-33196HigAug 2, 2021
    risk 0.49cvss 7.5epss 0.03

    In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.

  • CVE-2021-33195HigAug 2, 2021
    risk 0.48cvss 7.3epss 0.03

    Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.

  • CVE-2021-22447HigAug 2, 2021
    risk 0.49cvss 7.5epss 0.01

    There is an Improper Check for Unusual or Exceptional Conditions Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.

  • CVE-2021-22446HigAug 2, 2021
    risk 0.49cvss 7.5epss 0.01

    There is an Information Disclosure Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.

  • CVE-2021-22445HigAug 2, 2021
    risk 0.49cvss 7.5epss 0.01

    There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.

  • CVE-2021-29696HigAug 2, 2021
    risk 0.47cvss 7.2epss 0.03

    IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

  • CVE-2021-22443HigAug 2, 2021
    risk 0.49cvss 7.5epss 0.01

    There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause random address access.

  • CVE-2021-22442HigAug 2, 2021
    risk 0.49cvss 7.5epss 0.00

    There is an Improper Validation of Integrity Check Value Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.

  • CVE-2021-22428HigAug 2, 2021
    risk 0.53cvss 8.1epss 0.01

    There is an Incomplete Cleanup Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to authentication bypass.

  • CVE-2021-22427HigAug 2, 2021
    risk 0.53cvss 8.1epss 0.01

    There is a Heap-based Buffer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to authentication bypass.

  • CVE-2021-22415HigAug 2, 2021
    risk 0.49cvss 7.5epss 0.01

    There is an Incorrect Calculation of Buffer Size Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause kernel exceptions with the code.

  • CVE-2021-22414HigAug 2, 2021
    risk 0.49cvss 7.5epss 0.01

    There is a Memory Buffer Errors Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.

  • CVE-2021-22413HigAug 2, 2021
    risk 0.49cvss 7.5epss 0.01

    There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.

  • CVE-2021-22412HigAug 2, 2021
    risk 0.49cvss 7.5epss 0.01

    There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause random kernel address access.

  • CVE-2021-22396HigAug 2, 2021
    risk 0.51cvss 7.8epss 0.00

    There is a privilege escalation vulnerability in some Huawei products. Due to improper privilege management, a local attacker with common privilege may access some specific files in the affected products. Successful exploit will cause privilege escalation.Affected product…

  • CVE-2021-22392HigAug 2, 2021
    risk 0.49cvss 7.5epss 0.01

    There is an Incorrect Calculation of Buffer Size in Huawei Smartphone.Successful exploitation of this vulnerability may cause verification bypass and directions to abnormal addresses.

  • CVE-2021-22391HigAug 2, 2021
    risk 0.49cvss 7.5epss 0.01

    There is an Incorrect Calculation of Buffer Size in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.

  • CVE-2021-22384HigAug 2, 2021
    risk 0.53cvss 8.1epss 0.01

    There is an Information Disclosure Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to authentication bypass.