VYPR

CVEs

100,472 total · page 1309 of 2,010

  • CVE-2021-31435HigApr 29, 2021
    risk 0.51cvss 7.8epss 0.03

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2021-31434HigApr 29, 2021
    risk 0.51cvss 7.8epss 0.03

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2021-31433HigApr 29, 2021
    risk 0.51cvss 7.8epss 0.03

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2021-31429HigApr 29, 2021
    risk 0.53cvss 8.2epss 0.00

    This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific…

  • CVE-2021-31428HigApr 29, 2021
    risk 0.53cvss 8.2epss 0.00

    This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific…

  • CVE-2021-31426HigApr 29, 2021
    risk 0.57cvss 8.8epss 0.00

    This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw…

  • CVE-2021-31425HigApr 29, 2021
    risk 0.57cvss 8.8epss 0.00

    This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific…

  • CVE-2021-31424HigApr 29, 2021
    risk 0.57cvss 8.8epss 0.00

    This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific…

  • CVE-2021-31422HigApr 29, 2021
    risk 0.49cvss 7.5epss 0.00

    This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific…

  • CVE-2021-31420HigApr 29, 2021
    risk 0.57cvss 8.8epss 0.00

    This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.0-48950. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific…

  • CVE-2021-21417HigApr 29, 2021
    risk 0.00cvss 7.2epss 0.01

    fluidsynth is a software synthesizer based on the SoundFont 2 specifications. A use after free violation was discovered in fluidsynth, that can be triggered when loading an invalid SoundFont file.

  • CVE-2021-21415HigApr 29, 2021
    risk 0.00cvss 7.8epss 0.02

    Prisma VS Code a VSCode extension for Prisma schema files. This is a Remote Code Execution Vulnerability that affects all versions of the Prisma VS Code extension older than 2.20.0. If a custom binary path for the Prisma format binary is set in VS Code Settings, for example by…

  • CVE-2021-30229HigApr 29, 2021
    risk 0.57cvss 8.8epss 0.03

    The api/zrDm/set_zrDm interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dm_enable, AppKey, or Pwd parameter.

  • CVE-2021-29350HigApr 29, 2021
    risk 0.47cvss 7.2epss 0.01

    SQL injection in the getip function in conn/function.php in 发货100-设计素材下载系统 1.1 allows remote attackers to inject arbitrary SQL commands via the X-Forwarded-For header to admin/product_add.php.

  • CVE-2021-25811HigApr 29, 2021
    risk 0.49cvss 7.5epss 0.02

    MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to access the webserver unless the listen_http_lan parameter to…

  • CVE-2021-20294HigApr 29, 2021
    risk 0.44cvss 7.8epss 0.03

    A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to…

  • CVE-2021-20228HigApr 29, 2021
    risk 0.42cvss 7.5epss 0.02

    A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from…

  • CVE-2021-30224HigApr 29, 2021
    risk 0.57cvss 8.8epss 0.01

    Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials.

  • CVE-2021-28899HigApr 29, 2021
    risk 0.49cvss 7.5epss 0.01

    Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16.

  • CVE-2021-20092HigApr 29, 2021
    risk 0.49cvss 7.5epss 0.08

    The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict access to sensitive information from an unauthorized actor.

  • CVE-2021-20091HigApr 29, 2021
    risk 0.58cvss 8.8epss 0.09

    The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code…

  • CVE-2020-22002HigApr 29, 2021
    risk 0.49cvss 7.5epss 0.01

    An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI <=6.x within the GetImage functionality. The application parses user supplied data in the GET parameter 'host' to construct an image request to the service…

  • CVE-2020-21997HigApr 29, 2021
    risk 0.49cvss 7.5epss 0.03

    Smartwares HOME easy <=1.0.9 is vulnerable to an unauthenticated database backup download and information disclosure vulnerability. An attacker could disclose sensitive and clear-text information resulting in authentication bypass, session hijacking and full system control.

  • CVE-2020-21992HigApr 29, 2021
    risk 0.58cvss 8.8epss 0.05

    Inim Electronics SmartLiving SmartLAN/G/SI <=6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary…

  • CVE-2020-21990HigApr 29, 2021
    risk 0.49cvss 7.5epss 0.02

    Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0.2.40 is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to…

  • CVE-2021-29140HigApr 29, 2021
    risk 0.53cvss 8.2epss 0.02

    A remote XML external entity (XXE) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.

  • CVE-2021-29147HigApr 29, 2021
    risk 0.57cvss 8.8epss 0.03

    A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.

  • CVE-2021-25167HigApr 29, 2021
    risk 0.57cvss 8.8epss 0.01

    A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.

  • CVE-2021-25166HigApr 29, 2021
    risk 0.57cvss 8.8epss 0.02

    A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.

  • CVE-2021-25163HigApr 29, 2021
    risk 0.53cvss 8.1epss 0.01

    A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.

  • CVE-2020-36327HigApr 29, 2021
    risk 0.51cvss 8.8epss 0.06

    Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of…

  • CVE-2021-31776HigApr 29, 2021
    risk 0.51cvss 7.8epss 0.00

    Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators.

  • CVE-2021-25216HigApr 29, 2021
    risk 0.59cvss 8.1epss 0.82

    In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running…

  • CVE-2021-25215HigApr 29, 2021
    risk 0.50cvss 7.5epss 0.11

    In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a…

  • CVE-2021-21414HigApr 29, 2021
    risk 0.00cvss 7.7epss 0.02

    Prisma is an open source ORM for Node.js & TypeScript. As of today, we are not aware of any Prisma users or external consumers of the `@prisma/sdk` package who are affected by this security vulnerability. This issue may lead to remote code execution if a client of the library…

  • CVE-2020-7038HigApr 28, 2021
    risk 0.49cvss 7.5epss 0.01

    A vulnerability was discovered in Management component of Avaya Equinox Conferencing that could potentially allow an unauthenticated, remote attacker to gain access to screen sharing and whiteboard sessions. The affected versions of Management component of Avaya Equinox…

  • CVE-2020-7037HigApr 28, 2021
    risk 0.53cvss 8.1epss 0.01

    An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system or even potentially lead to a denial of service. The…

  • CVE-2020-22785HigApr 28, 2021
    risk 0.00cvss 7.5epss 0.01

    Etherpad < 1.8.3 is affected by a missing lock check which could cause a denial of service. Aggressively targeting random pad import endpoints with empty data would flatten all pads due to lack of rate limiting and missing ownership check.

  • CVE-2020-22784HigApr 28, 2021
    risk 0.00cvss 7.5epss 0.01

    In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns during comparisons, retrieving database records using UeberDB's MySQL connector could allow bypassing access controls enforced on key names.

  • CVE-2020-22782HigApr 28, 2021
    risk 0.49cvss 7.5epss 0.01

    Etherpad < 1.8.3 is affected by a denial of service in the import functionality. Upload of binary file to the import endpoint would crash the instance.

  • CVE-2020-22781HigApr 28, 2021
    risk 0.49cvss 7.5epss 0.01

    In Etherpad < 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service (crash the instance).

  • CVE-2021-25165HigApr 28, 2021
    risk 0.53cvss 8.1epss 0.01

    A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.

  • CVE-2021-25152HigApr 28, 2021
    risk 0.47cvss 7.2epss 0.01

    A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.

  • CVE-2021-29482HigApr 28, 2021
    risk 0.42cvss 7.5epss 0.01

    xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users…

  • CVE-2021-25154HigApr 28, 2021
    risk 0.49cvss 7.5epss 0.01

    A remote escalation of privilege vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.

  • CVE-2021-25153HigApr 28, 2021
    risk 0.53cvss 8.1epss 0.01

    A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.

  • CVE-2021-25151HigApr 28, 2021
    risk 0.58cvss 8.8epss 0.13

    A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.

  • CVE-2021-25147HigApr 28, 2021
    risk 0.53cvss 8.1epss 0.01

    A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.

  • CVE-2020-7123HigApr 28, 2021
    risk 0.51cvss 7.8epss 0.00

    A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.

  • CVE-2020-21996HigApr 28, 2021
    risk 0.49cvss 7.5epss 0.04

    AVE DOMINAplus <=1.10.x suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario.