VYPR

CVEs

100,472 total · page 1320 of 2,010

  • CVE-2021-1405HigApr 8, 2021
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable…

  • CVE-2021-1404HigApr 8, 2021
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that…

  • CVE-2021-1252HigApr 8, 2021
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error…

  • CVE-2021-1480HigApr 8, 2021
    risk 0.51cvss 7.8epss 0.02

    Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see…

  • CVE-2021-1479HigApr 8, 2021
    risk 0.51cvss 7.8epss 0.02

    Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see…

  • CVE-2021-1386HigApr 8, 2021
    risk 0.46cvss 7.0epss 0.00

    A vulnerability in the dynamic link library (DLL) loading mechanism in Cisco Advanced Malware Protection (AMP) for Endpoints Windows Connector, ClamAV for Windows, and Immunet could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected Windows…

  • CVE-2021-1362HigApr 8, 2021
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, and Cisco Prime License Manager could allow…

  • CVE-2021-1309HigApr 8, 2021
    risk 0.48cvss 7.4epss 0.01

    Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or…

  • CVE-2021-1308HigApr 8, 2021
    risk 0.48cvss 7.4epss 0.00

    Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or…

  • CVE-2021-1251HigApr 8, 2021
    risk 0.48cvss 7.4epss 0.00

    Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or…

  • CVE-2021-1137HigApr 8, 2021
    risk 0.51cvss 7.8epss 0.01

    Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see…

  • CVE-2021-29641HigApr 7, 2021
    risk 0.58cvss 8.8epss 0.05

    Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only…

  • CVE-2021-26758HigApr 7, 2021
    risk 0.57cvss 8.8epss 0.03

    Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the host system.

  • CVE-2021-30123HigApr 7, 2021
    risk 0.57cvss 8.8epss 0.03

    FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution.

  • CVE-2020-24140HigApr 7, 2021
    risk 0.54cvss 8.3epss 0.01

    Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services.

  • CVE-2020-24139HigApr 7, 2021
    risk 0.54cvss 8.3epss 0.01

    Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services.

  • CVE-2021-29627HigApr 7, 2021
    risk 0.51cvss 7.8epss 0.01

    In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string. Additional operations on the socket can…

  • CVE-2021-28927HigApr 7, 2021
    risk 0.51cvss 7.8epss 0.01

    The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code…

  • CVE-2020-25584HigApr 7, 2021
    risk 0.49cvss 7.5epss 0.00

    In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before r369552, 11.4-STABLE before r369560, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, a superuser inside a FreeBSD jail configured with the non-default allow.mount permission could cause a race…

  • CVE-2020-24136HigApr 7, 2021
    risk 0.56cvss 8.6epss 0.02

    Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php.

  • CVE-2021-30185HigApr 7, 2021
    risk 0.49cvss 7.5epss 0.01

    CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link.

  • CVE-2021-30184HigApr 7, 2021
    risk 0.51cvss 7.8epss 0.02

    GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc.

  • CVE-2021-20692HigApr 7, 2021
    risk 0.46cvss 7.1epss 0.01

    Directory traversal vulnerability in Archive collectively operation utility Ver.2.10.1.0 and earlier allows an attacker to create or overwrite files by leading a user to expand a malicious ZIP archives.

  • CVE-2021-20687HigApr 7, 2021
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Kagemai 0.8.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.

  • CVE-2021-1892HigApr 7, 2021
    risk 0.55cvss 8.4epss 0.00

    Memory corruption due to improper input validation while processing IO control which is nonstandard in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Wired Infrastructure and Networking

  • CVE-2020-11255HigApr 7, 2021
    risk 0.49cvss 7.5epss 0.01

    Denial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and rest of the memory is leaked in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,…

  • CVE-2020-11252HigApr 7, 2021
    risk 0.47cvss 7.2epss 0.00

    Trustzone initialization code will disable xPU`s when memory dumps are enabled and lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,…

  • CVE-2020-11251HigApr 7, 2021
    risk 0.53cvss 8.2epss 0.01

    Out-of-bounds read vulnerability while accessing DTMF payload due to lack of check of buffer length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon…

  • CVE-2020-11247HigApr 7, 2021
    risk 0.53cvss 8.2epss 0.01

    Out of bound memory read while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

  • CVE-2020-11246HigApr 7, 2021
    risk 0.55cvss 8.4epss 0.00

    A double free condition can occur when the device moves to suspend mode during secure playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

  • CVE-2020-11245HigApr 7, 2021
    risk 0.55cvss 8.4epss 0.00

    Unintended reads and writes by NS EL2 in access control driver due to lack of check of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and…

  • CVE-2020-11243HigApr 7, 2021
    risk 0.49cvss 7.5epss 0.01

    RRC sends a connection establishment success to NAS even though connection setup validation returns failure and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

  • CVE-2020-11242HigApr 7, 2021
    risk 0.55cvss 8.4epss 0.00

    User could gain access to secure memory due to incorrect argument into address range validation api used in SDI to capture requested contents in Snapdragon Industrial IOT, Snapdragon Mobile

  • CVE-2020-11237HigApr 7, 2021
    risk 0.55cvss 8.4epss 0.00

    Memory crash when accessing histogram type KPI input received due to lack of check of histogram definition before accessing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

  • CVE-2020-11236HigApr 7, 2021
    risk 0.55cvss 8.4epss 0.00

    Memory corruption due to invalid value of total dimension in the non-histogram type KPI could lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

  • CVE-2020-11234HigApr 7, 2021
    risk 0.55cvss 8.4epss 0.00

    When sending a socket event message to a user application, invalid information will be passed if socket is freed by other thread resulting in a Use After Free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity,…

  • CVE-2020-11191HigApr 7, 2021
    risk 0.53cvss 8.2epss 0.01

    Out of bound read occurs while processing crafted SDP due to lack of check of null string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon…

  • CVE-2021-30147HigApr 7, 2021
    risk 0.60cvss 8.8epss 0.04

    DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php.

  • CVE-2020-36313HigApr 7, 2021
    risk 0.00cvss 7.8epss 0.00

    An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/linux/kvm_host.h, and virt/kvm/kvm_main.c.

  • CVE-2021-27900HigApr 6, 2021
    risk 0.53cvss 8.1epss 0.02

    The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is missing an authorization check on several pages in the Web Console. This enables a view-only user to change any configuration setting and delete any registered agents. All versions before 7.11.1 are…

  • CVE-2021-27899HigApr 6, 2021
    risk 0.48cvss 7.4epss 0.01

    The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to intercept and alter these communications using a man-in-the-middle attack. All versions…

  • CVE-2021-22158HigApr 6, 2021
    risk 0.47cvss 7.2epss 0.01

    The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. The vulnerability requires admin user privileges and knowledge of the XML file's encryption key to successfully exploit. All…

  • CVE-2020-13422HigApr 6, 2021
    risk 0.53cvss 8.1epss 0.01

    OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions.

  • CVE-2021-21404HigApr 6, 2021
    risk 0.42cvss 7.5epss 0.02

    Syncthing is a continuous file synchronization program. In Syncthing before version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit by sending a relay message with a negative length field. Similarly, Syncthing itself can crash for the same reason if given a…

  • CVE-2021-24027HigApr 6, 2021
    risk 0.49cvss 7.5epss 0.04

    A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material.

  • CVE-2021-29424HigApr 6, 2021
    risk 0.49cvss 7.5epss 0.02

    The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

  • CVE-2020-36285HigApr 6, 2021
    risk 0.49cvss 7.5epss 0.01

    Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret…

  • CVE-2020-36284HigApr 6, 2021
    risk 0.49cvss 7.5epss 0.01

    Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key…

  • CVE-2020-23533HigApr 6, 2021
    risk 0.49cvss 7.5epss 0.01

    Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a…

  • CVE-2021-30130HigApr 6, 2021
    risk 0.00cvss 7.5epss 0.01

    phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.