VYPR

CVEs

100,472 total · page 1314 of 2,010

  • CVE-2021-0240HigApr 22, 2021
    risk 0.48cvss 7.4epss 0.00

    On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, the Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash if a malformed DHCPv6 packet is received, resulting in a restart of the daemon. The daemon…

  • CVE-2021-0235HigApr 22, 2021
    risk 0.47cvss 7.3epss 0.00

    On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series devices using tenant services on Juniper Networks Junos OS, due to incorrect permission scheme assigned to tenant system administrators, a tenant system administrator may inadvertently send their…

  • CVE-2021-0233HigApr 22, 2021
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in Juniper Networks Junos OS ACX500 Series, ACX4000 Series, may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a Forwarding Engine Board (FFEB) crash. Continued receipt of these packets…

  • CVE-2021-0232HigApr 22, 2021
    risk 0.48cvss 7.4epss 0.01

    An authentication bypass vulnerability in the Juniper Networks Paragon Active Assurance Control Center may allow an attacker with specific information about the deployment to mimic an already registered Test Agent and access its configuration including associated inventory…

  • CVE-2021-0230HigApr 22, 2021
    risk 0.49cvss 7.5epss 0.01

    On Juniper Networks SRX Series devices with link aggregation (lag) configured, executing any operation that fetches Aggregated Ethernet (AE) interface statistics, including but not limited to SNMP GET requests, causes a slow kernel memory leak. If all the available memory is…

  • CVE-2021-0227HigApr 22, 2021
    risk 0.49cvss 7.5epss 0.01

    An improper restriction of operations within the bounds of a memory buffer vulnerability in Juniper Networks Junos OS J-Web on SRX Series devices allows an attacker to cause Denial of Service (DoS) by sending certain crafted HTTP packets. Continued receipt and processing of…

  • CVE-2021-0226HigApr 22, 2021
    risk 0.46cvss 7.1epss 0.01

    On Juniper Networks Junos OS Evolved devices, receipt of a specific IPv6 packet may cause an established IPv6 BGP session to terminate, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS)…

  • CVE-2021-3496HigApr 22, 2021
    risk 0.51cvss 7.8epss 0.01

    A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file.

  • CVE-2021-20590HigApr 22, 2021
    risk 0.49cvss 7.5epss 0.01

    Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model…

  • CVE-2021-30356HigApr 22, 2021
    risk 0.53cvss 8.1epss 0.01

    A denial of service vulnerability was reported in Check Point Identity Agent before R81.018.0000, which could allow low privileged users to overwrite protected system files.

  • CVE-2021-27278HigApr 22, 2021
    risk 0.53cvss 8.2epss 0.01

    This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific…

  • CVE-2021-27277HigApr 22, 2021
    risk 0.51cvss 7.8epss 0.01

    This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this…

  • CVE-2020-7861HigApr 22, 2021
    risk 0.55cvss 8.4epss 0.01

    AnySupport (Remote support solution) before 2019.3.21.0 allows directory traversing because of swprintf function to copy file from a management PC to a client PC. This can be lead to arbitrary file execution.

  • CVE-2021-29653HigApr 22, 2021
    risk 0.49cvss 7.5epss 0.01

    HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1.

  • CVE-2021-27400HigApr 22, 2021
    risk 0.49cvss 7.5epss 0.01

    HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1

  • CVE-2021-31555HigApr 22, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. It did not validate the oarc_version (aka oauth_registered_consumer.oarc_version) parameter's length.

  • CVE-2021-29465HigApr 22, 2021
    risk 0.54cvss 8.3epss 0.02

    Discord-Recon is a bot for the Discord chat service. Versions of Discord-Recon 0.0.3 and prior contain a vulnerability in which a remote attacker is able to overwrite any file on the system with the command results. This can result in remote code execution when the user…

  • CVE-2021-1075HigApr 21, 2021
    risk 0.47cvss 7.3epss 0.00

    NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the program dereferences a pointer that contains a location for memory that is no longer valid, which may lead to code…

  • CVE-2021-1074HigApr 21, 2021
    risk 0.47cvss 7.3epss 0.01

    NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files. This attack requires a user with system administration rights to execute the…

  • CVE-2020-27569HigApr 21, 2021
    risk 0.49cvss 7.5epss 0.01

    Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system.

  • CVE-2020-27568HigApr 21, 2021
    risk 0.49cvss 7.5epss 0.02

    Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller resource. Note: All Aviatrix appliances are fully encrypted. This is an extra layer of security.

  • CVE-2021-31523HigApr 21, 2021
    risk 0.51cvss 7.8epss 0.00

    The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency.

  • CVE-2020-28973HigApr 21, 2021
    risk 0.49cvss 7.5epss 0.01

    The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requests to its built-in HTTPS interface. Someone can use this vulnerability to obtain sensitive information from the system, such as usernames and passwords. This information can…

  • CVE-2020-23931HigApr 21, 2021
    risk 0.00cvss 7.1epss 0.01

    An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read.

  • CVE-2020-23928HigApr 21, 2021
    risk 0.00cvss 7.1epss 0.01

    An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read.

  • CVE-2020-23922HigApr 21, 2021
    risk 0.46cvss 7.1epss 0.02

    An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.

  • CVE-2020-23921HigApr 21, 2021
    risk 0.46cvss 7.1epss 0.01

    An issue was discovered in fast_ber through v0.4. yy::yylex() in asn_compiler.hpp has a heap-based buffer over-read.

  • CVE-2021-30139HigApr 21, 2021
    risk 0.49cvss 7.5epss 0.02

    In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash.

  • CVE-2020-35982HigApr 21, 2021
    risk 0.44cvss 7.8epss 0.01

    An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function gf_hinter_track_finalize() in media_tools/isom_hinter.c.

  • CVE-2020-35981HigApr 21, 2021
    risk 0.44cvss 7.8epss 0.01

    An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c.

  • CVE-2020-35980HigApr 21, 2021
    risk 0.44cvss 7.8epss 0.01

    An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c.

  • CVE-2020-35979HigApr 21, 2021
    risk 0.44cvss 7.8epss 0.01

    An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c.

  • CVE-2021-21646HigApr 21, 2021
    risk 0.50cvss 8.8epss 0.02

    Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM.

  • CVE-2021-21642HigApr 21, 2021
    risk 0.49cvss 8.1epss 0.38

    Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

  • CVE-2021-20501HigApr 21, 2021
    risk 0.53cvss 8.2epss 0.01

    IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send emails to non-existent local-domain recipients to the SMTP server, caused by using a non-default configuration. An attacker could exploit this vulnerability to consume unnecessary network bandwidth and disk…

  • CVE-2021-20454HigApr 21, 2021
    risk 0.54cvss 8.2epss 0.03

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196649.

  • CVE-2021-28965HigApr 21, 2021
    risk 0.42cvss 7.5epss 0.05

    The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.

  • CVE-2021-29462HigApr 20, 2021
    risk 0.49cvss 7.6epss 0.01

    The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the `Host` header. This can be mitigated by…

  • CVE-2021-29461HigApr 20, 2021
    risk 0.53cvss 8.1epss 0.02

    Discord Recon Server is a bot that allows one to do one's reconnaissance process from one's Discord. A vulnerability in Discord Recon Server prior to 0.0.3 could be exploited to read internal files from the system and write files into the system resulting in remote code…

  • CVE-2020-7857HigApr 20, 2021
    risk 0.49cvss 7.5epss 0.01

    A vulnerability of XPlatform could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient validation of improper classes. This issue affects: Tobesoft XPlatform versions prior to 9.2.2.280.

  • CVE-2021-30464HigApr 20, 2021
    risk 0.49cvss 7.5epss 0.01

    OMICRON StationGuard before 1.10 allows remote attackers to cause a denial of service (connectivity outage) via crafted tcp/20499 packets to the CTRL Ethernet port.

  • CVE-2021-28828HigApr 20, 2021
    risk 0.49cvss 7.6epss 0.01

    The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for…

  • CVE-2020-26197HigApr 20, 2021
    risk 0.49cvss 7.5epss 0.01

    Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability. It may make it easier to eavesdrop and decrypt such traffic for a malicious actor. Note: This does not affect clusters which are not relying on an LDAP server for the…

  • CVE-2021-28156HigApr 20, 2021
    risk 0.49cvss 7.5epss 0.02

    HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. Fixed in 1.9.5, and 1.8.10.

  • CVE-2020-7856HigApr 20, 2021
    risk 0.49cvss 7.5epss 0.01

    A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation.

  • CVE-2021-25681HigApr 20, 2021
    risk 0.53cvss 7.5epss 0.11

    AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The affected…

  • CVE-2021-20453HigApr 20, 2021
    risk 0.54cvss 8.2epss 0.03

    IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196648.

  • CVE-2021-3506HigApr 19, 2021
    risk 0.46cvss 7.1epss 0.00

    An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal…

  • CVE-2021-27458HigApr 19, 2021
    risk 0.49cvss 7.5epss 0.01

    If Ethernet communication of the JTEKT Corporation TOYOPUC product series’ (TOYOPUC-PC10 Series: PC10G-CPU TCC-6353: All versions, PC10GE TCC-6464: All versions, PC10P TCC-6372: All versions, PC10P-DP TCC-6726: All versions, PC10P-DP-IO TCC-6752: All versions, PC10B-P…

  • CVE-2021-3498HigApr 19, 2021
    risk 0.51cvss 7.8epss 0.02

    GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.