VYPR

CVEs

100,472 total · page 1308 of 2,010

  • CVE-2020-27518HigMay 4, 2021
    risk 0.51cvss 7.8epss 0.00

    All versions of Windscribe VPN for Mac and Windows <= v2.02.10 contain a local privilege escalation vulnerability in the WindscribeService component. A low privilege user could leverage several openvpn options to execute code as root/SYSTEM.

  • CVE-2021-29240HigMay 4, 2021
    risk 0.51cvss 7.8epss 0.01

    The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content.

  • CVE-2021-31164HigMay 4, 2021
    risk 0.49cvss 7.5epss 0.02

    Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements.

  • CVE-2020-35756HigMay 3, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service GETPASS Configuration Password Information Leak. The luci_service daemon running on port 7777 does not require authentication to return the device configuration password in cleartext when…

  • CVE-2020-35755HigMay 3, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service Read_ NVRAM Direct Access Information Leak. The luci_service deamon running on port 7777 provides a sub-category of commands for which Read_ is prepended. Commands in this category are…

  • CVE-2021-29242HigMay 3, 2021
    risk 0.48cvss 7.3epss 0.01

    CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove or change low level communication packages.

  • CVE-2021-29241HigMay 3, 2021
    risk 0.49cvss 7.5epss 0.01

    CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).

  • CVE-2021-29239HigMay 3, 2021
    risk 0.51cvss 7.8epss 0.00

    CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity.

  • CVE-2021-29238HigMay 3, 2021
    risk 0.57cvss 8.8epss 0.01

    CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF).

  • CVE-2021-25631HigMay 3, 2021
    risk 0.58cvss 8.8epss 0.04

    In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.

  • CVE-2021-31996HigMay 3, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in the algorithmica crate through 2021-03-07 for Rust. There is a double free in merge_sort::merge().

  • CVE-2020-28944HigApr 30, 2021
    risk 0.49cvss 7.5epss 0.02

    OX Guard 2.10.4 and earlier allows a Denial of Service via a WKS server that responds slowly or with a large amount of data.

  • CVE-2021-31933HigApr 30, 2021
    risk 0.04cvss 7.2epss 0.14

    A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated administrator is able to…

  • CVE-2021-21531HigApr 30, 2021
    risk 0.53cvss 8.1epss 0.01

    Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions.

  • CVE-2021-21530HigApr 30, 2021
    risk 0.54cvss 8.3epss 0.01

    Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.30.00 contain a security bypass vulnerability. An authenticated malicious user with low privileges may potentially exploit the vulnerability to escape from the restricted environment and gain access to sensitive…

  • CVE-2021-21507HigApr 30, 2021
    risk 0.57cvss 8.8epss 0.01

    Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading…

  • CVE-2021-21233HigApr 30, 2021
    risk 0.57cvss 8.8epss 0.01

    Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-21232HigApr 30, 2021
    risk 0.57cvss 8.8epss 0.01

    Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-21231HigApr 30, 2021
    risk 0.57cvss 8.8epss 0.01

    Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-21230HigApr 30, 2021
    risk 0.57cvss 8.8epss 0.02

    Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-21227HigApr 30, 2021
    risk 0.57cvss 8.8epss 0.01

    Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-29486HigApr 30, 2021
    risk 0.00cvss 7.5epss 0.02

    cumulative-distribution-function is an open source npm library used which calculates statistical cumulative distribution function from data array of x values. In versions prior to 2.0.0 apps using this library on improper data may crash or go into an infinite-loop. In the case…

  • CVE-2021-21535HigApr 30, 2021
    risk 0.48cvss 7.4epss 0.00

    Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain root level access to the system.

  • CVE-2020-7731HigApr 30, 2021
    risk 0.42cvss 7.5epss 0.02

    This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.

  • CVE-2020-4039HigApr 30, 2021
    risk 0.56cvss 8.6epss 0.01

    SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Server before version d27ed0f has a directory traversal vulnerability due to insufficient input validation. Any admin config and file readable by the app can be retrieved by the attacker. Furthermore, some files…

  • CVE-2020-15153HigApr 30, 2021
    risk 0.00cvss 8.2epss 0.02

    Ampache before version 4.2.2 allows unauthenticated users to perform SQL injection. Refer to the referenced GitHub Security Advisory for details and a workaround. This is fixed in version 4.2.2 and the development branch.

  • CVE-2020-27519HigApr 30, 2021
    risk 0.00cvss 7.8epss 0.00

    Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged…

  • CVE-2021-26807HigApr 30, 2021
    risk 0.51cvss 7.8epss 0.00

    GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, libgcc_s_dw2-1.dll and libwinpthread-1.dll from PATH, which allows an attacker to potentially run code locally through unsigned DLL loading.

  • CVE-2021-31871HigApr 30, 2021
    risk 0.00cvss 7.5epss 0.02

    An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems.

  • CVE-2021-31919HigApr 30, 2021
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in the rkyv crate before 0.6.0 for Rust. When an archive is created via serialization, the archive content may contain uninitialized values of certain parts of a struct.

  • CVE-2021-29468HigApr 29, 2021
    risk 0.57cvss 8.8epss 0.01

    Cygwin Git is a patch set for the git command line tool for the cygwin environment. A specially crafted repository that contains symbolic links as well as files with backslash characters in the file name may cause just-checked out code to be executed while checking out a…

  • CVE-2020-15225HigApr 29, 2021
    risk 0.42cvss 7.5epss 0.02

    django-filter is a generic system for filtering Django QuerySets based on user selections. In django-filter before version 2.4.0, automatically generated `NumberFilter` instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input…

  • CVE-2021-1086HigApr 29, 2021
    risk 0.46cvss 7.1epss 0.00

    NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it allows guests to control unauthorized resources, which may lead to integrity and confidentiality loss or information disclosure. This affects vGPU version 12.x (prior to 12.2), version…

  • CVE-2021-1085HigApr 29, 2021
    risk 0.47cvss 7.3epss 0.00

    NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to write to a shared memory location and manipulate the data after the data has been validated, which may lead to denial of service and escalation of privileges and…

  • CVE-2021-1084HigApr 29, 2021
    risk 0.51cvss 7.8epss 0.00

    NVIDIA vGPU driver contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data or denial of service. This affects vGPU version 12.x (prior…

  • CVE-2021-1083HigApr 29, 2021
    risk 0.51cvss 7.8epss 0.00

    NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x…

  • CVE-2021-1082HigApr 29, 2021
    risk 0.51cvss 7.8epss 0.00

    NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4)…

  • CVE-2021-1081HigApr 29, 2021
    risk 0.51cvss 7.8epss 0.00

    NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x…

  • CVE-2021-1080HigApr 29, 2021
    risk 0.51cvss 7.8epss 0.00

    NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which certain input data is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2), version 11.x…

  • CVE-2021-21388HigApr 29, 2021
    risk 0.51cvss 8.9epss 0.02

    systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on user input. Please upgrade to version >=…

  • CVE-2021-1504HigApr 29, 2021
    risk 0.56cvss 8.6epss 0.02

    Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to lack of…

  • CVE-2021-1501HigApr 29, 2021
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the SIP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a crash and reload of an affected device, resulting in a denial of service…

  • CVE-2021-1493HigApr 29, 2021
    risk 0.55cvss 8.5epss 0.01

    A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to…

  • CVE-2021-1448HigApr 29, 2021
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device that is running in multi-instance mode. This…

  • CVE-2021-1445HigApr 29, 2021
    risk 0.56cvss 8.6epss 0.02

    Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to lack of…

  • CVE-2021-1402HigApr 29, 2021
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to…

  • CVE-2020-18032HigApr 29, 2021
    risk 0.51cvss 7.8epss 0.03

    Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component.

  • CVE-2021-31438HigApr 29, 2021
    risk 0.51cvss 7.8epss 0.03

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2021-31437HigApr 29, 2021
    risk 0.51cvss 7.8epss 0.03

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2021-31436HigApr 29, 2021
    risk 0.51cvss 7.8epss 0.03

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…