VYPR

CVEs

101,963 total · page 1301 of 2,040

  • CVE-2021-1600HigJul 22, 2021
    risk 0.54cvss 8.3epss 0.00

    Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are…

  • CVE-2021-29143HigJul 22, 2021
    risk 0.47cvss 7.2epss 0.03

    A remote execution of arbitrary commands vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): Aruba…

  • CVE-2021-22001HigJul 22, 2021
    risk 0.49cvss 7.5epss 0.01

    In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion request of an identity provider( IdP) of type “oauth 1.0” was sent to UAA server.

  • CVE-2021-30110HigJul 22, 2021
    risk 0.49cvss 7.5epss 0.02

    dttray.exe in Greyware Automation Products Inc Domain Time II before 5.2.b.20210331 allows remote attackers to execute arbitrary code via a URL to a malicious update in a spoofed response to the UDP query used to check for updates.

  • CVE-2021-30486HigJul 22, 2021
    risk 0.57cvss 8.8epss 0.01

    SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp (GET computerID), AssetManagementChart.jsp (POST group1), AssetManagementList.jsp (GET computerID or group1), or AssetManagementSummary.jsp (GET group1).

  • CVE-2021-22523HigJul 22, 2021
    risk 0.49cvss 7.6epss 0.01

    XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. The vulnerability could allow the control of web browser and hijacking user sessions.

  • CVE-2021-22522HigJul 22, 2021
    risk 0.46cvss 7.1epss 0.01

    Reflected Cross-Site Scripting vulnerability in Micro Focus Verastream Host Integrator, affecting version version 7.8 Update 1 and earlier versions. The vulnerability could allow disclosure of confidential data.

  • CVE-2021-20596HigJul 22, 2021
    risk 0.49cvss 7.5epss 0.02

    NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version 1.14 and prior, FX3U-ENET-L firmware version 1.14 and prior and FX3U-ENET-P502 firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a DoS condition in communication by sending…

  • CVE-2021-28131HigJul 22, 2021
    risk 0.49cvss 7.5epss 0.03

    Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed…

  • CVE-2021-36934HigKEVJul 22, 2021
    risk 0.71cvss 7.8epss 0.67

    An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with…

  • CVE-2021-1092HigJul 22, 2021
    risk 0.46cvss 7.1epss 0.00

    NVIDIA GPU Display Driver for Windows contains a vulnerability in the NVIDIA Control Panel application where it is susceptible to a Windows file system symbolic link attack where an unprivileged attacker can cause the applications to overwrite privileged files, resulting in…

  • CVE-2021-1091HigJul 22, 2021
    risk 0.46cvss 7.1epss 0.00

    NVIDIA GPU Display driver for Windows contains a vulnerability where an unprivileged user can create a file hard link that causes the driver to overwrite a file that requires elevated privilege to modify, which could lead to data loss or denial of service.

  • CVE-2021-1090HigJul 22, 2021
    risk 0.46cvss 7.1epss 0.00

    NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for control calls where the software reads or writes to a buffer by using an index or pointer that references a memory location after the end of the buffer,…

  • CVE-2021-1089HigJul 22, 2021
    risk 0.51cvss 7.8epss 0.00

    NVIDIA GPU Display Driver for Windows contains a vulnerability in nvidia-smi where an uncontrolled DLL loading path may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.

  • CVE-2021-32775HigJul 21, 2021
    risk 0.50cvss 7.7epss 0.01

    Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.4, a non admin user can get access to many class/field values through GroupBy Dashlet error message. This issue is fixed in versions 2.7.4 and 3.0.0.

  • CVE-2021-32761HigJul 21, 2021
    risk 0.51cvss 7.5epss 0.31

    Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to…

  • CVE-2021-32756HigJul 21, 2021
    risk 0.57cvss 8.8epss 0.02

    ManageIQ is an open-source management platform. In versions prior to jansa-4, kasparov-2, and lasker-1, there is a flaw in the MiqExpression module of ManageIQ where a low privilege user could enter a crafted Ruby string which would be evaluated. Successful exploitation will…

  • CVE-2021-35482HigJul 21, 2021
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Barco MirrorOp Windows Sender before 2.5.4.70. An attacker in the local network is able to achieve Remote Code Execution (with user privileges of the local user) on any device that tries to connect to a WePresent presentation system.

  • CVE-2021-34816HigJul 21, 2021
    risk 0.47cvss 7.2epss 0.02

    An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source.

  • CVE-2021-32745HigJul 21, 2021
    risk 0.47cvss 7.3epss 0.01

    Collabora Online is a collaborative online office suite. A reflected XSS vulnerability was found in Collabora Online prior to version 6.4.9-5. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the…

  • CVE-2020-19499HigJul 21, 2021
    risk 0.00cvss 8.8epss 0.01

    An issue was discovered in heif::Box_iref::get_references in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impact due to an invalid memory read.

  • CVE-2020-19498HigJul 21, 2021
    risk 0.00cvss 8.8epss 0.01

    Floating point exception in function Fraction in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impacts.

  • CVE-2020-19497HigJul 21, 2021
    risk 0.00cvss 8.8epss 0.01

    Integer overflow vulnerability in Mat_VarReadNextInfo5 in mat5.c in tbeu matio (aka MAT File I/O Library) 1.5.17, allows attackers to cause a Denial of Service or possibly other unspecified impacts.

  • CVE-2020-19492HigJul 21, 2021
    risk 0.00cvss 7.8epss 0.01

    There is a floating point exception in ReadImage that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.

  • CVE-2020-19491HigJul 21, 2021
    risk 0.00cvss 7.8epss 0.01

    There is an invalid memory access bug in cgif.c that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.

  • CVE-2021-21407HigJul 21, 2021
    risk 0.52cvss 8.0epss 0.00

    Combodo iTop is an open source, web based IT Service Management tool. Prior to version 2.7.4, the CSRF token validation can be bypassed through iTop portal via a tricky browser procedure. The vulnerability is patched in version 2.7.4 and 3.0.0.

  • CVE-2021-34619HigJul 21, 2021
    risk 0.57cvss 8.8epss 0.01

    The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file validation in the /woocommerce-stock-manager/trunk/admin/views/import-export.php file.

  • CVE-2021-2443HigJul 21, 2021
    risk 0.47cvss 7.3epss 0.00

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox…

  • CVE-2021-2436HigJul 21, 2021
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network…

  • CVE-2021-2435HigJul 21, 2021
    risk 0.53cvss 8.1epss 0.01

    Vulnerability in the Essbase Analytic Provider Services product of Oracle Essbase (component: JAPI). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Analytic…

  • CVE-2021-2434HigJul 21, 2021
    risk 0.53cvss 8.1epss 0.01

    Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Application Service). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network…

  • CVE-2021-2433HigJul 21, 2021
    risk 0.49cvss 7.5epss 0.02

    Vulnerability in the Essbase Analytic Provider Services product of Oracle Essbase (component: Web Services). Supported versions that are affected are 11.1.2.4 and 21.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…

  • CVE-2021-2431HigJul 21, 2021
    risk 0.49cvss 7.5epss 0.01

    Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…

  • CVE-2021-2430HigJul 21, 2021
    risk 0.49cvss 7.5epss 0.01

    Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…

  • CVE-2021-2428HigJul 21, 2021
    risk 0.53cvss 8.1epss 0.02

    Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via T3,…

  • CVE-2021-2423HigJul 21, 2021
    risk 0.49cvss 7.5epss 0.01

    Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…

  • CVE-2021-2420HigJul 21, 2021
    risk 0.49cvss 7.5epss 0.01

    Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…

  • CVE-2021-2419HigJul 21, 2021
    risk 0.49cvss 7.5epss 0.01

    Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…

  • CVE-2021-2415HigJul 21, 2021
    risk 0.53cvss 8.1epss 0.01

    Vulnerability in the Oracle Time and Labor product of Oracle E-Business Suite (component: Timecard). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to…

  • CVE-2021-2409HigJul 21, 2021
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox…

  • CVE-2021-2406HigJul 21, 2021
    risk 0.53cvss 8.1epss 0.01

    Vulnerability in the Oracle Collaborative Planning product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise…

  • CVE-2021-2405HigJul 21, 2021
    risk 0.53cvss 8.1epss 0.01

    Vulnerability in the Oracle Engineering product of Oracle E-Business Suite (component: Change Management). Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle…

  • CVE-2021-2400HigJul 21, 2021
    risk 0.55cvss 7.5epss 0.83

    Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with…

  • CVE-2021-2398HigJul 21, 2021
    risk 0.53cvss 8.1epss 0.01

    Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Region Mapping). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access…

  • CVE-2021-2396HigJul 21, 2021
    risk 0.60cvss 8.8epss 0.36

    Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with…

  • CVE-2021-2395HigJul 21, 2021
    risk 0.53cvss 8.1epss 0.01

    Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: iCare, Configuration). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network…

  • CVE-2021-2393HigJul 21, 2021
    risk 0.53cvss 8.1epss 0.01

    Vulnerability in the Oracle E-Records product of Oracle E-Business Suite (component: E-signatures). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to…

  • CVE-2021-2392HigJul 21, 2021
    risk 0.57cvss 8.8epss 0.03

    Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with…

  • CVE-2021-2391HigJul 21, 2021
    risk 0.60cvss 8.8epss 0.35

    Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Scheduler). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via…

  • CVE-2021-2388HigJul 21, 2021
    risk 0.49cvss 7.5epss 0.04

    Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability…