VYPR

CVEs

100,472 total · page 1321 of 2,010

  • CVE-2021-28142HigApr 6, 2021
    risk 0.61cvss 8.8epss 0.06

    CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete."

  • CVE-2021-28874HigApr 6, 2021
    risk 0.00cvss 7.8epss 0.01

    SerenityOS fixed as of c9f25bca048443e317f1994ba9b106f2386688c3 contains a buffer overflow vulnerability in LibTextCode through opening a crafted file.

  • CVE-2021-28075HigApr 6, 2021
    risk 0.49cvss 7.5epss 0.01

    iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information.

  • CVE-2021-27343HigApr 6, 2021
    risk 0.00cvss 7.5epss 0.02

    SerenityOS Unspecified is affected by: Buffer Overflow. The impact is: obtain sensitive information (context-dependent). The component is: /Userland/Libraries/LibCrypto/ASN1/DER.h Crypto::der_decode_sequence() function. The attack vector is: Parsing RSA Key ASN.1.

  • CVE-2021-28172HigApr 6, 2021
    risk 0.49cvss 7.5epss 0.02

    There is a Path Traversal vulnerability in the file download function of Vangene deltaFlow E-platform. Remote attackers can access credential data with this leakage.

  • CVE-2021-30163HigApr 6, 2021
    risk 0.49cvss 7.5epss 0.01

    Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.

  • CVE-2021-30162HigApr 6, 2021
    risk 0.46cvss 7.1epss 0.00

    An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-210003 (April 2021).

  • CVE-2021-28204HigApr 6, 2021
    risk 0.47cvss 7.2epss 0.02

    The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.

  • CVE-2021-28203HigApr 6, 2021
    risk 0.47cvss 7.2epss 0.02

    The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.

  • CVE-2021-30141HigApr 5, 2021
    risk 0.00cvss 7.5epss 0.02

    Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memory consumption. NOTE: the vendor states "the feature still…

  • CVE-2021-20305HigApr 5, 2021
    risk 0.53cvss 8.1epss 0.02

    A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect…

  • CVE-2020-19595HigApr 5, 2021
    risk 0.49cvss 7.5epss 0.01

    Buffer overflow vulnerability in Core FTP Server v2 Build 697, via a crafted username.

  • CVE-2021-24209HigApr 5, 2021
    risk 0.49cvss 7.2epss 0.24

    The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file…

  • CVE-2021-24184HigApr 5, 2021
    risk 0.57cvss 8.8epss 0.01

    Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions.

  • CVE-2021-24174HigApr 5, 2021
    risk 0.56cvss 8.1epss 0.03

    The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups.

  • CVE-2021-24170HigApr 5, 2021
    risk 0.49cvss 7.5epss 0.05

    The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. This included password hashes, hashed user activation keys, usernames, emails,…

  • CVE-2021-24167HigApr 5, 2021
    risk 0.49cvss 7.5epss 0.01

    When visiting a site running Web-Stat < 1.4.0, the "wts_web_stat_load_init" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookup_WP_account.

  • CVE-2021-24163HigApr 5, 2021
    risk 0.57cvss 8.8epss 0.01

    The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form –…

  • CVE-2021-24162HigApr 5, 2021
    risk 0.57cvss 8.8epss 0.01

    In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads…

  • CVE-2021-24161HigApr 5, 2021
    risk 0.57cvss 8.8epss 0.01

    In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attacker could then access those files to achieve remote code execution and further…

  • CVE-2021-24160HigApr 5, 2021
    risk 0.58cvss 8.8epss 0.08

    In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These files could then be accessed via the front end of the site to trigger remote code…

  • CVE-2021-24159HigApr 5, 2021
    risk 0.57cvss 8.8epss 0.01

    Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a site’s…

  • CVE-2021-24155HigApr 5, 2021
    risk 0.57cvss 7.2epss 0.84

    The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.

  • CVE-2021-24150HigApr 5, 2021
    risk 0.49cvss 7.5epss 0.04

    The LikeBtn WordPress Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.32 was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery (SSRF).

  • CVE-2021-30055HigApr 5, 2021
    risk 0.57cvss 8.8epss 0.02

    A SQL injection vulnerability in Knowage Suite version 7.1 exists in the documentexecution/url analytics driver component via the 'par_year' parameter when running a report.

  • CVE-2021-29261HigApr 5, 2021
    risk 0.00cvss 7.8epss 0.01

    The unofficial Svelte extension before 104.8.0 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace configuration.

  • CVE-2021-28832HigApr 5, 2021
    risk 0.00cvss 7.8epss 0.01

    VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via a crafted workspace configuration.

  • CVE-2021-30127HigApr 3, 2021
    risk 0.48cvss 7.3epss 0.01

    TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the "It is only available on the local network" documentation. NOTE: manually editing /etc/upnp.json provides a…

  • CVE-2021-29660HigApr 2, 2021
    risk 0.57cvss 8.8epss 0.01

    A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker.

  • CVE-2021-27973HigApr 2, 2021
    risk 0.51cvss 7.2epss 0.11

    SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages.

  • CVE-2021-1844HigApr 2, 2021
    risk 0.57cvss 8.8epss 0.02

    A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code…

  • CVE-2021-1806HigApr 2, 2021
    risk 0.46cvss 7.0epss 0.01

    A race condition was addressed with additional validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges.

  • CVE-2021-1805HigApr 2, 2021
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel…

  • CVE-2021-1802HigApr 2, 2021
    risk 0.51cvss 7.8epss 0.00

    A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. A local attacker may be able to elevate their privileges.

  • CVE-2021-1793HigApr 2, 2021
    risk 0.51cvss 7.8epss 0.01

    This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code…

  • CVE-2021-1790HigApr 2, 2021
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted font may lead to arbitrary code execution.

  • CVE-2021-1761HigApr 2, 2021
    risk 0.49cvss 7.5epss 0.02

    This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service.

  • CVE-2021-1753HigApr 2, 2021
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

  • CVE-2021-1792HigApr 2, 2021
    risk 0.57cvss 8.8epss 0.02

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary…

  • CVE-2021-1789HigKEVApr 2, 2021
    risk 0.70cvss 8.8epss 0.15

    A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web…

  • CVE-2021-1788HigApr 2, 2021
    risk 0.57cvss 8.8epss 0.02

    A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted…

  • CVE-2021-1787HigApr 2, 2021
    risk 0.51cvss 7.8epss 0.00

    Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges.

  • CVE-2021-1785HigApr 2, 2021
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to…

  • CVE-2021-1783HigApr 2, 2021
    risk 0.51cvss 7.8epss 0.01

    An access issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to…

  • CVE-2021-1782HigKEVApr 2, 2021
    risk 0.58cvss 7.0epss 0.02

    A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple…

  • CVE-2021-1779HigApr 2, 2021
    risk 0.51cvss 7.8epss 0.01

    A logic error in kext loading was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. An application may be able to execute arbitrary code with system privileges.

  • CVE-2021-1777HigApr 2, 2021
    risk 0.51cvss 7.8epss 0.01

    This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code…

  • CVE-2021-1776HigApr 2, 2021
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted font file…

  • CVE-2021-1775HigApr 2, 2021
    risk 0.51cvss 7.8epss 0.01

    This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted font may lead to arbitrary code execution.

  • CVE-2021-1774HigApr 2, 2021
    risk 0.51cvss 7.8epss 0.01

    This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code…