VYPR

CVEs

100,472 total · page 1316 of 2,010

  • CVE-2021-28826HigApr 14, 2021
    risk 0.57cvss 8.8epss 0.00

    The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition contains a vulnerability that theoretically allows a low…

  • CVE-2021-28825HigApr 14, 2021
    risk 0.57cvss 8.8epss 0.00

    The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition contains a vulnerability that theoretically allows a low…

  • CVE-2021-27259HigApr 14, 2021
    risk 0.51cvss 7.8epss 0.00

    This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific…

  • CVE-2021-27253HigApr 14, 2021
    risk 0.57cvss 8.8epss 0.01

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists…

  • CVE-2021-27252HigApr 14, 2021
    risk 0.57cvss 8.8epss 0.01

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific…

  • CVE-2021-27251HigApr 14, 2021
    risk 0.57cvss 8.8epss 0.01

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from…

  • CVE-2021-27249HigApr 14, 2021
    risk 0.58cvss 8.8epss 0.05

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI…

  • CVE-2021-27248HigApr 14, 2021
    risk 0.57cvss 8.8epss 0.03

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI…

  • CVE-2021-27246HigApr 14, 2021
    risk 0.53cvss 8.0epss 0.07

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of MAC addresses by the…

  • CVE-2021-28098HigApr 14, 2021
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\ForeScout SecureConnector\ that has…

  • CVE-2021-27608HigApr 14, 2021
    risk 0.49cvss 7.5epss 0.00

    An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further lead to complete compromise of confidentiality, Integrity and Availability.

  • CVE-2021-25314HigApr 14, 2021
    risk 0.51cvss 7.8epss 0.00

    A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to escalate to root. This issue…

  • CVE-2021-31152HigApr 14, 2021
    risk 0.61cvss 8.8epss 0.04

    Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers.

  • CVE-2021-27990HigApr 14, 2021
    risk 0.49cvss 7.5epss 0.01

    Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities.

  • CVE-2021-26827HigApr 14, 2021
    risk 0.49cvss 7.5epss 0.02

    Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ router allows remote attackers to cause a Denial-of-Service (DoS) by sending an HTTP request with a very long "ssid" parameter to the "/userRpm/popupSiteSurveyRpm.html" webpage, which crashes the router.

  • CVE-2020-36120HigApr 14, 2021
    risk 0.49cvss 7.5epss 0.01

    Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS).

  • CVE-2021-22879HigApr 14, 2021
    risk 0.00cvss 8.8epss 0.05

    Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation.

  • CVE-2020-36323HigApr 14, 2021
    risk 0.46cvss 8.2epss 0.02

    In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.

  • CVE-2021-3460HigApr 13, 2021
    risk 0.53cvss 8.1epss 0.01

    The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.

  • CVE-2021-29440HigApr 13, 2021
    risk 0.60cvss 8.4epss 0.31

    Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate…

  • CVE-2021-29439HigApr 13, 2021
    risk 0.00cvss 7.2epss 0.03

    The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission `admin.login` can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary…

  • CVE-2021-29437HigApr 13, 2021
    risk 0.00cvss 8.0epss 0.01

    ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth2-related data normally accessible and modifiable by a user can be read and modified by a third party. 1. Scratch user visits 3rd party site. 2. 3rd party site asks user for Scratch username. 3. 3rd party site…

  • CVE-2021-29435HigApr 13, 2021
    risk 0.46cvss 8.1epss 0.01

    trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin session.…

  • CVE-2021-29428HigApr 13, 2021
    risk 0.00cvss 8.8epss 0.01

    In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly…

  • CVE-2021-29427HigApr 13, 2021
    risk 0.52cvss 8.0epss 0.01

    In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve…

  • CVE-2021-28482HigApr 13, 2021
    risk 0.64cvss 8.8epss 0.83

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2021-28477HigApr 13, 2021
    risk 0.46cvss 7.0epss 0.02

    Visual Studio Code Remote Code Execution Vulnerability

  • CVE-2021-28475HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.03

    Visual Studio Code Remote Code Execution Vulnerability

  • CVE-2021-28473HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.03

    Visual Studio Code Remote Code Execution Vulnerability

  • CVE-2021-28472HigApr 13, 2021
    risk 0.56cvss 7.8epss 0.63

    Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability

  • CVE-2021-28471HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.04

    Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability

  • CVE-2021-28470HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.02

    Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability

  • CVE-2021-28469HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.03

    Visual Studio Code Remote Code Execution Vulnerability

  • CVE-2021-28468HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.06

    Raw Image Extension Remote Code Execution Vulnerability

  • CVE-2021-28466HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.02

    Raw Image Extension Remote Code Execution Vulnerability

  • CVE-2021-28464HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.02

    VP9 Video Extensions Remote Code Execution Vulnerability

  • CVE-2021-28460HigApr 13, 2021
    risk 0.53cvss 8.1epss 0.00

    Azure Sphere Unsigned Code Execution Vulnerability

  • CVE-2021-28458HigApr 13, 2021
    risk 0.44cvss 7.8epss 0.02

    Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability

  • CVE-2021-28457HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.03

    Visual Studio Code Remote Code Execution Vulnerability

  • CVE-2021-28454HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.03

    Microsoft Excel Remote Code Execution Vulnerability

  • CVE-2021-28453HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.04

    Microsoft Word Remote Code Execution Vulnerability

  • CVE-2021-28452HigApr 13, 2021
    risk 0.46cvss 7.1epss 0.01

    Microsoft Outlook Memory Corruption Vulnerability

  • CVE-2021-28451HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.02

    Microsoft Excel Remote Code Execution Vulnerability

  • CVE-2021-28449HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.02

    Microsoft Office Remote Code Execution Vulnerability

  • CVE-2021-28448HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.02

    Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability

  • CVE-2021-28446HigApr 13, 2021
    risk 0.46cvss 7.1epss 0.01

    Windows Portmapping Information Disclosure Vulnerability

  • CVE-2021-28445HigApr 13, 2021
    risk 0.53cvss 8.1epss 0.03

    Windows Network File System Remote Code Execution Vulnerability

  • CVE-2021-28440HigApr 13, 2021
    risk 0.46cvss 7.0epss 0.01

    Windows Installer Elevation of Privilege Vulnerability

  • CVE-2021-28439HigApr 13, 2021
    risk 0.49cvss 7.5epss 0.06

    Windows TCP/IP Driver Denial of Service Vulnerability

  • CVE-2021-28436HigApr 13, 2021
    risk 0.51cvss 7.8epss 0.01

    Windows Speech Runtime Elevation of Privilege Vulnerability