VYPR

CVEs

101,963 total · page 1303 of 2,040

  • CVE-2021-32463HigJul 20, 2021
    risk 0.51cvss 7.8epss 0.00

    An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a local attacker to escalate privileges and delete files with system privileges on…

  • CVE-2021-27021HigJul 20, 2021
    risk 0.57cvss 8.8epss 0.01

    A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.

  • CVE-2021-26095HigJul 20, 2021
    risk 0.49cvss 7.5epss 0.01

    The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and…

  • CVE-2020-7866HigJul 20, 2021
    risk 0.57cvss 8.8epss 0.01

    When using XPLATFORM 9.2.2.270 or earlier versions ActiveX component, arbitrary commands can be executed due to improper input validation

  • CVE-2021-35054HigJul 20, 2021
    risk 0.49cvss 7.5epss 0.01

    Minecraft before 1.17.1, when online-mode=false is configured, allows path traversal for deletion of arbitrary JSON files.

  • CVE-2020-36430HigJul 20, 2021
    risk 0.44cvss 7.8epss 0.01

    libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction.

  • CVE-2020-36428HigJul 20, 2021
    risk 0.57cvss 8.8epss 0.01

    matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a heap-based buffer overflow in ReadInt32DataDouble (called from ReadInt32Data and Mat_VarRead4).

  • CVE-2019-25051HigJul 20, 2021
    risk 0.00cvss 7.8epss 0.01

    objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).

  • CVE-2019-25050HigJul 20, 2021
    risk 0.00cvss 7.8epss 0.00

    netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset).

  • CVE-2020-5321HigJul 19, 2021
    risk 0.49cvss 7.6epss 0.01

    Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an improper input validation vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this…

  • CVE-2020-5315HigJul 19, 2021
    risk 0.57cvss 8.8epss 0.00

    Dell EMC Repository Manager (DRM) version 3.2 contains a plain-text password storage vulnerability. Proxy server user password is stored in a plain text in a local database. A local authenticated malicious user with access to the local file system may use the exposed password to…

  • CVE-2021-31590HigJul 19, 2021
    risk 0.00cvss 8.8epss 0.03

    PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a user can keep his admin privileges even if he is downgraded to the "user"…

  • CVE-2020-22741HigJul 19, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Xuperchain 3.6.0 that allows for attackers to recover any arbitrary users' private key after obtaining the partial signature in multisignature.

  • CVE-2021-34820HigJul 19, 2021
    risk 0.49cvss 7.5epss 0.04

    Web Path Directory Traversal in the Novus HTTP Server. The Novus HTTP Server is affected by the Directory Traversal for Arbitrary File Access vulnerability. A remote, unauthenticated attacker using an HTTP GET request may be able to exploit this issue to access sensitive data.…

  • CVE-2021-36799HigJul 19, 2021
    risk 0.57cvss 8.8epss 0.00

    KNX ETS5 through 5.7.6 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

  • CVE-2021-34676HigJul 19, 2021
    risk 0.49cvss 7.5epss 0.02

    Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation.

  • CVE-2021-34675HigJul 19, 2021
    risk 0.49cvss 7.5epss 0.02

    Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports.

  • CVE-2020-36426HigJul 19, 2021
    risk 0.42cvss 7.5epss 0.02

    An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).

  • CVE-2020-36423HigJul 19, 2021
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator.

  • CVE-2020-22650HigJul 19, 2021
    risk 0.49cvss 7.5epss 0.01

    A memory leak vulnerability in sim-organizer.c of AlienVault Ossim v5 causes a denial of service (DOS) via a system crash triggered by the occurrence of a large number of alarm events.

  • CVE-2021-29707HigJul 19, 2021
    risk 0.51cvss 7.8epss 0.00

    IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 200879.

  • CVE-2021-35449HigJul 19, 2021
    risk 0.54cvss 7.8epss 0.01

    The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of…

  • CVE-2021-20109HigJul 19, 2021
    risk 0.49cvss 7.5epss 0.01

    Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as…

  • CVE-2021-20108HigJul 19, 2021
    risk 0.49cvss 7.5epss 0.03

    Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. The HTTPS certificates are not verified which allows any arbitrary user on the network to send commands over port 9000. While these commands may not be…

  • CVE-2021-31216HigJul 19, 2021
    risk 0.53cvss 8.1epss 0.01

    Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default). An attacker with access to the Investigate installation can specify an arbitrary URL in the parameters of the image proxy route…

  • CVE-2021-35964HigJul 19, 2021
    risk 0.48cvss 7.3epss 0.01

    The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access members’ information, modify and delete the courses in system, thus causing users…

  • CVE-2021-24453HigJul 19, 2021
    risk 0.58cvss 8.8epss 0.05

    The Include Me WordPress plugin through 1.2.1 is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution (RCE) of the system due to log poisoning and therefore potentially a full compromise of the underlying structure

  • CVE-2021-36773HigJul 18, 2021
    risk 0.49cvss 7.5epss 0.01

    uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking…

  • CVE-2021-36213HigJul 17, 2021
    risk 0.49cvss 7.5epss 0.02

    HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic. Fixed in 1.9.8 and 1.10.1.

  • CVE-2021-32574HigJul 17, 2021
    risk 0.49cvss 7.5epss 0.01

    HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1.

  • CVE-2019-3752HigJul 16, 2021
    risk 0.53cvss 8.2epss 0.01

    Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially…

  • CVE-2021-3550HigJul 16, 2021
    risk 0.51cvss 7.8epss 0.00

    A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.500.5102, that could allow privilege escalation.

  • CVE-2021-34481HigJul 16, 2021
    risk 0.61cvss 8.8epss 0.45

    A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install…

  • CVE-2021-34467HigJul 16, 2021
    risk 0.47cvss 7.1epss 0.05

    Microsoft SharePoint Server Remote Code Execution Vulnerability

  • CVE-2021-34464HigJul 16, 2021
    risk 0.51cvss 7.8epss 0.03

    Microsoft Defender Remote Code Execution Vulnerability

  • CVE-2021-34462HigJul 16, 2021
    risk 0.46cvss 7.0epss 0.01

    Windows AppX Deployment Extensions Elevation of Privilege Vulnerability

  • CVE-2021-34461HigJul 16, 2021
    risk 0.51cvss 7.8epss 0.00

    Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability

  • CVE-2021-34460HigJul 16, 2021
    risk 0.51cvss 7.8epss 0.00

    Storage Spaces Controller Elevation of Privilege Vulnerability

  • CVE-2021-34459HigJul 16, 2021
    risk 0.51cvss 7.8epss 0.00

    Windows AppContainer Elevation Of Privilege Vulnerability

  • CVE-2021-34456HigJul 16, 2021
    risk 0.51cvss 7.8epss 0.00

    Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

  • CVE-2021-34455HigJul 16, 2021
    risk 0.51cvss 7.8epss 0.00

    Windows File History Service Elevation of Privilege Vulnerability

  • CVE-2021-34452HigJul 16, 2021
    risk 0.51cvss 7.8epss 0.02

    Microsoft Word Remote Code Execution Vulnerability

  • CVE-2021-34450HigJul 16, 2021
    risk 0.55cvss 8.5epss 0.02

    Windows Hyper-V Remote Code Execution Vulnerability

  • CVE-2021-34449HigJul 16, 2021
    risk 0.46cvss 7.0epss 0.02

    Win32k Elevation of Privilege Vulnerability

  • CVE-2021-34446HigJul 16, 2021
    risk 0.52cvss 8.0epss 0.02

    Windows HTML Platforms Security Feature Bypass Vulnerability

  • CVE-2021-34445HigJul 16, 2021
    risk 0.51cvss 7.8epss 0.01

    Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

  • CVE-2021-34442HigJul 16, 2021
    risk 0.57cvss 8.8epss 0.03

    Windows DNS Server Remote Code Execution Vulnerability

  • CVE-2021-34441HigJul 16, 2021
    risk 0.51cvss 7.8epss 0.02

    Microsoft Windows Media Foundation Remote Code Execution Vulnerability

  • CVE-2021-34439HigJul 16, 2021
    risk 0.51cvss 7.8epss 0.03

    Microsoft Windows Media Foundation Remote Code Execution Vulnerability

  • CVE-2021-34438HigJul 16, 2021
    risk 0.51cvss 7.8epss 0.02

    Windows Font Driver Host Remote Code Execution Vulnerability