VYPR

CVEs

101,963 total · page 1302 of 2,040

  • CVE-2021-2380HigJul 21, 2021
    risk 0.49cvss 7.6epss 0.01

    Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access…

  • CVE-2021-2378HigJul 21, 2021
    risk 0.49cvss 7.5epss 0.02

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with…

  • CVE-2021-2376HigJul 21, 2021
    risk 0.49cvss 7.5epss 0.02

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker…

  • CVE-2021-2371HigJul 21, 2021
    risk 0.49cvss 7.5epss 0.01

    Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access…

  • CVE-2021-2365HigJul 21, 2021
    risk 0.53cvss 8.1epss 0.01

    Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: People Management). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise…

  • CVE-2021-2364HigJul 21, 2021
    risk 0.53cvss 8.1epss 0.01

    Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Accounts). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to…

  • CVE-2021-2363HigJul 21, 2021
    risk 0.53cvss 8.1epss 0.01

    Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Suite (component: Authorization). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via…

  • CVE-2021-2362HigJul 21, 2021
    risk 0.53cvss 8.1epss 0.01

    Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Wireless). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Field…

  • CVE-2021-2361HigJul 21, 2021
    risk 0.53cvss 8.1epss 0.01

    Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component: SDK client integration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network…

  • CVE-2021-2360HigJul 21, 2021
    risk 0.53cvss 8.1epss 0.01

    Vulnerability in the Oracle Approvals Management product of Oracle E-Business Suite (component: AME Page rendering). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise…

  • CVE-2021-2359HigJul 21, 2021
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2021-2351HigJul 21, 2021
    risk 0.54cvss 8.3epss 0.03

    Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced…

  • CVE-2021-2350HigJul 21, 2021
    risk 0.49cvss 7.5epss 0.02

    Vulnerability in the Hyperion Essbase Administration Services product of Oracle Essbase (component: EAS Console). Supported versions that are affected are 11.1.2.4 and 21.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to…

  • CVE-2021-2349HigJul 21, 2021
    risk 0.56cvss 8.6epss 0.02

    Vulnerability in the Hyperion Essbase Administration Services product of Oracle Essbase (component: EAS Console). Supported versions that are affected are 11.1.2.4 and 21.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to…

  • CVE-2021-2344HigJul 21, 2021
    risk 0.49cvss 7.5epss 0.01

    Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access…

  • CVE-2021-2337HigJul 21, 2021
    risk 0.47cvss 7.2epss 0.01

    Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Create Public Synonym privilege with network…

  • CVE-2021-25699HigJul 21, 2021
    risk 0.51cvss 7.8epss 0.00

    The OpenSSL component of the Teradici PCoIP Software Client prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a build configuration…

  • CVE-2021-25698HigJul 21, 2021
    risk 0.51cvss 7.8epss 0.00

    The OpenSSL component of the Teradici PCoIP Standard Agent prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a build configuration…

  • CVE-2021-25695HigJul 21, 2021
    risk 0.51cvss 7.8epss 0.00

    The USB vHub in the Teradici PCOIP Software Agent prior to version 21.07.0 would accept commands from any program, which may allow an attacker to elevate privileges by changing the flow of program execution within the vHub driver.

  • CVE-2021-22777HigJul 21, 2021
    risk 0.51cvss 7.8epss 0.01

    A CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause code execution by opening a malicious project file.

  • CVE-2021-22774HigJul 21, 2021
    risk 0.49cvss 7.5epss 0.01

    A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1…

  • CVE-2021-22771HigJul 21, 2021
    risk 0.48cvss 7.3epss 0.01

    A CWE-1236: Improper Neutralization of Formula Elements in a CSV File vulnerability exists in Easergy T300 with firmware V2.7.1 and older that would allow arbitrary command execution.

  • CVE-2021-22726HigJul 21, 2021
    risk 0.53cvss 8.1epss 0.01

    A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )…

  • CVE-2021-22708HigJul 21, 2021
    risk 0.47cvss 7.2epss 0.01

    A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to…

  • CVE-2021-22146HigJul 21, 2021
    risk 0.54cvss 7.5epss 0.28

    All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed clusters. While in the default setting the anonymous user has no permissions and is unable to successfully query any Elasticsearch APIs, an attacker could leverage…

  • CVE-2020-23283HigJul 21, 2021
    risk 0.49cvss 7.5epss 0.01

    Information disclosure in Logon Page in MV's mConnect application v02.001.00 allows an attacker to know valid users from the application's database via brute force.

  • CVE-2020-23282HigJul 21, 2021
    risk 0.49cvss 7.5epss 0.01

    SQL injection in Logon Page in MV's mConnect application, v02.001.00, allows an attacker to use a non existing user with a generic password to connect to the application and get access to unauthorized information.

  • CVE-2020-21934HigJul 21, 2021
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n where authentication to download the Syslog could be bypassed.

  • CVE-2020-21933HigJul 21, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n where the admin password and private key could be found in the log tar package.

  • CVE-2021-23409HigJul 21, 2021
    risk 0.42cvss 7.5epss 0.02

    The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable to Denial of Service (DoS) via creating connections without the proxy protocol header.

  • CVE-2021-1099HigJul 21, 2021
    risk 0.46cvss 7.0epss 0.00

    NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) that could allow an attacker to cause stack-based buffer overflow and put a customized ROP gadget on the stack. Such an attack may lead to information disclosure, data tampering, or denial of…

  • CVE-2021-1098HigJul 21, 2021
    risk 0.51cvss 7.8epss 0.00

    NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it doesn't release some resources during driver unload requests from guests. This flaw allows a malicious guest to perform operations by reusing those resources, which may lead to…

  • CVE-2021-1097HigJul 21, 2021
    risk 0.51cvss 7.8epss 0.00

    NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it improperly validates the length field in a request from a guest. This flaw allows a malicious guest to send a length field that is inconsistent with the actual length of the input,…

  • CVE-2021-2458HigJul 21, 2021
    risk 0.49cvss 7.6epss 0.01

    Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Identity Console). Supported versions that are affected are 11.1.2.2.0, 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network…

  • CVE-2021-2454HigJul 21, 2021
    risk 0.46cvss 7.0epss 0.00

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox…

  • CVE-2021-2453HigJul 21, 2021
    risk 0.49cvss 7.5epss 0.01

    Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…

  • CVE-2021-2452HigJul 21, 2021
    risk 0.49cvss 7.5epss 0.01

    Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…

  • CVE-2021-2451HigJul 21, 2021
    risk 0.49cvss 7.5epss 0.01

    Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…

  • CVE-2021-2450HigJul 21, 2021
    risk 0.49cvss 7.5epss 0.01

    Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…

  • CVE-2021-2449HigJul 21, 2021
    risk 0.49cvss 7.5epss 0.01

    Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…

  • CVE-2021-2329HigJul 21, 2021
    risk 0.47cvss 7.2epss 0.01

    Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Create Public Synonym privilege with network…

  • CVE-2021-2328HigJul 21, 2021
    risk 0.47cvss 7.2epss 0.01

    Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Alter Any Table privilege with network access…

  • CVE-2021-32751HigJul 20, 2021
    risk 0.49cvss 7.5epss 0.03

    Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user…

  • CVE-2021-36230HigJul 20, 2021
    risk 0.57cvss 8.8epss 0.01

    HashiCorp Terraform Enterprise releases up to v202106-1 did not properly perform authorization checks on a subset of API requests executed using the run token, allowing privilege escalation to organization owner. Fixed in v202107-1.

  • CVE-2020-23284HigJul 20, 2021
    risk 0.49cvss 7.5epss 0.01

    Information disclosure in aspx pages in MV's IDCE application v1.0 allows an attacker to copy and paste aspx pages in the end of the URL application that connect into the database which reveals internal and sensitive information without logging into the web application.

  • CVE-2021-33909HigJul 20, 2021
    risk 0.01cvss 7.8epss 0.10

    fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.

  • CVE-2020-25206HigJul 20, 2021
    risk 0.47cvss 7.2epss 0.05

    The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to a web console account may execute operating system commands on affected devices…

  • CVE-2021-3246HigJul 20, 2021
    risk 0.57cvss 8.8epss 0.03

    A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file.

  • CVE-2021-22235HigJul 20, 2021
    risk 0.49cvss 7.5epss 0.03

    Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file

  • CVE-2020-15660HigJul 20, 2021
    risk 0.57cvss 8.8epss 0.01

    Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution.