VYPR

CVEs

100,472 total · page 1311 of 2,010

  • CVE-2021-20708HigApr 26, 2021
    risk 0.47cvss 7.2epss 0.01

    NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier) allow authenticated attackers to execute arbitrary OS commands by sending a specially crafted request to a specific…

  • CVE-2021-20696HigApr 26, 2021
    risk 0.57cvss 8.8epss 0.02

    DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program.

  • CVE-2021-20695HigApr 26, 2021
    risk 0.57cvss 8.8epss 0.01

    Improper following of a certificate's chain of trust vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to gain root privileges via unspecified vectors.

  • CVE-2021-20694HigApr 26, 2021
    risk 0.57cvss 8.8epss 0.02

    Improper access control vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to bypass access restriction and to start a telnet service via unspecified vectors.

  • CVE-2021-20693HigApr 26, 2021
    risk 0.49cvss 7.5epss 0.01

    Improper access control vulnerability in Gurunavi App for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.

  • CVE-2021-31762HigApr 25, 2021
    risk 0.61cvss 8.8epss 0.09

    Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature.

  • CVE-2021-31760HigApr 25, 2021
    risk 0.58cvss 8.8epss 0.09

    Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature.

  • CVE-2021-31718HigApr 25, 2021
    risk 0.57cvss 8.8epss 0.01

    The server in npupnp before 4.1.4 is affected by DNS rebinding in the embedded web server (including UPnP SOAP and GENA endpoints), leading to remote code execution.

  • CVE-2021-31795HigApr 24, 2021
    risk 0.46cvss 7.0epss 0.00

    The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24 for the Linux kernel, as used on Alcatel 1S phones, allows attackers to overwrite heap memory via PhysmemNewRamBackedPMR.

  • CVE-2021-31598HigApr 24, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow.

  • CVE-2021-31791HigApr 23, 2021
    risk 0.49cvss 7.5epss 0.01

    In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext password may be discovered after a failure or timeout of a command.

  • CVE-2021-31584HigApr 23, 2021
    risk 0.57cvss 8.8epss 0.01

    Sipwise C5 NGCP www_csc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges.

  • CVE-2021-25899HigApr 23, 2021
    risk 0.50cvss 7.5epss 0.12

    An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1.

  • CVE-2021-25898HigApr 23, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the…

  • CVE-2020-7036HigApr 23, 2021
    risk 0.53cvss 8.1epss 0.01

    An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Callback Assist includes all 4.0.x versions before 4.7.1.1 Patch 7.

  • CVE-2020-7035HigApr 23, 2021
    risk 0.53cvss 8.1epss 0.01

    An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer…

  • CVE-2020-7034HigApr 23, 2021
    risk 0.47cvss 7.2epss 0.02

    A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border…

  • CVE-2021-31780HigApr 23, 2021
    risk 0.49cvss 7.5epss 0.01

    In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event edit, the sharing group object is ignored and instead the passed local ID is…

  • CVE-2021-20089HigApr 23, 2021
    risk 0.57cvss 8.8epss 0.02

    Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in purl 2.3.2 allows a malicious user to inject properties into Object.prototype.

  • CVE-2021-20086HigApr 23, 2021
    risk 0.58cvss 8.8epss 0.06

    Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-bbq 1.2.1 allows a malicious user to inject properties into Object.prototype.

  • CVE-2021-20085HigApr 23, 2021
    risk 0.57cvss 8.8epss 0.02

    Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in backbone-query-parameters 0.4.0 allows a malicious user to inject properties into Object.prototype.

  • CVE-2021-20083HigApr 23, 2021
    risk 0.58cvss 8.8epss 0.04

    Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype.

  • CVE-2021-22682HigApr 23, 2021
    risk 0.51cvss 7.8epss 0.00

    Cscape (All versions prior to 9.90 SP4) is configured by default to be installed for all users, which allows full permissions, including read/write access. This may allow unprivileged users to modify the binaries and configuration files and lead to local privilege escalation.

  • CVE-2021-22678HigApr 23, 2021
    risk 0.51cvss 7.8epss 0.01

    Cscape (All versions prior to 9.90 SP4) lacks proper validation of user-supplied data when parsing project files. This could lead to memory corruption. An attacker could leverage this vulnerability to execute code in the context of the current process.

  • CVE-2021-20088HigApr 23, 2021
    risk 0.57cvss 8.8epss 0.01

    Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in mootools-more 1.6.0 allows a malicious user to inject properties into Object.prototype.

  • CVE-2021-20087HigApr 23, 2021
    risk 0.57cvss 8.8epss 0.02

    Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-deparam 0.5.1 allows a malicious user to inject properties into Object.prototype.

  • CVE-2021-20084HigApr 23, 2021
    risk 0.57cvss 8.8epss 0.01

    Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-sparkle 1.5.2-beta allows a malicious user to inject properties into Object.prototype.

  • CVE-2021-31540HigApr 23, 2021
    risk 0.46cvss 7.1epss 0.00

    Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the configuration files, e.g., modify the application server configuration.

  • CVE-2021-31410HigApr 23, 2021
    risk 0.56cvss 8.6epss 0.02

    Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request.

  • CVE-2021-31407HigApr 23, 2021
    risk 0.00cvss 8.6epss 0.02

    Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 (Vaadin 12.0.0 through 14.4.9), and 6.0.0 through 6.0.1 (Vaadin 19.0.0) allows attacker to access application classes and resources on the server via crafted HTTP request.

  • CVE-2021-31405HigApr 23, 2021
    risk 0.00cvss 7.5epss 0.01

    Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting…

  • CVE-2020-7385HigApr 23, 2021
    risk 0.00cvss 8.1epss 0.02

    By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework…

  • CVE-2020-36320HigApr 23, 2021
    risk 0.42cvss 7.5epss 0.02

    Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 (Vaadin 7.0.0 through 7.7.21) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.

  • CVE-2021-31607HigApr 23, 2021
    risk 0.51cvss 7.8epss 0.04

    In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the…

  • CVE-2021-2316HigApr 22, 2021
    risk 0.53cvss 8.1epss 0.01

    Vulnerability in the Oracle HRMS (France) product of Oracle E-Business Suite (component: French HR). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle HRMS…

  • CVE-2021-2314HigApr 22, 2021
    risk 0.53cvss 8.1epss 0.01

    Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Profiles). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to…

  • CVE-2021-2310HigApr 22, 2021
    risk 0.49cvss 7.5epss 0.01

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox…

  • CVE-2021-2309HigApr 22, 2021
    risk 0.49cvss 7.5epss 0.01

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox…

  • CVE-2021-2295HigApr 22, 2021
    risk 0.53cvss 8.1epss 0.01

    Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via…

  • CVE-2021-2292HigApr 22, 2021
    risk 0.53cvss 8.1epss 0.01

    Vulnerability in the Oracle Document Management and Collaboration product of Oracle E-Business Suite (component: Document Management). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with…

  • CVE-2021-2290HigApr 22, 2021
    risk 0.53cvss 8.1epss 0.01

    Vulnerability in the Oracle Engineering product of Oracle E-Business Suite (component: Change Management). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to…

  • CVE-2021-2289HigApr 22, 2021
    risk 0.54cvss 8.1epss 0.15

    Vulnerability in the Oracle Product Hub product of Oracle E-Business Suite (component: Template, GTIN search). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP…

  • CVE-2021-2288HigApr 22, 2021
    risk 0.53cvss 8.1epss 0.01

    Vulnerability in the Oracle Bills of Material product of Oracle E-Business Suite (component: Bill Issues). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle…

  • CVE-2021-2287HigApr 22, 2021
    risk 0.46cvss 7.1epss 0.00

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox…

  • CVE-2021-2286HigApr 22, 2021
    risk 0.46cvss 7.1epss 0.00

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox…

  • CVE-2021-2285HigApr 22, 2021
    risk 0.46cvss 7.1epss 0.00

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox…

  • CVE-2021-2284HigApr 22, 2021
    risk 0.46cvss 7.1epss 0.00

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox…

  • CVE-2021-2283HigApr 22, 2021
    risk 0.46cvss 7.1epss 0.00

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox…

  • CVE-2021-2282HigApr 22, 2021
    risk 0.46cvss 7.1epss 0.00

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox…

  • CVE-2021-2281HigApr 22, 2021
    risk 0.46cvss 7.1epss 0.00

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox…