VYPR

CVEs

100,472 total · page 1323 of 2,010

  • CVE-2020-27939HigApr 2, 2021
    risk 0.51cvss 7.8epss 0.01

    This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.

  • CVE-2020-27938HigApr 2, 2021
    risk 0.51cvss 7.8epss 0.01

    A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious…

  • CVE-2020-27936HigApr 2, 2021
    risk 0.46cvss 7.1epss 0.00

    An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A local user may be able to cause…

  • CVE-2020-27933HigApr 2, 2021
    risk 0.51cvss 7.8epss 0.01

    A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, iCloud for Windows 7.20, watchOS 6.2.8, tvOS 13.4.8, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing…

  • CVE-2020-27931HigApr 2, 2021
    risk 0.51cvss 7.8epss 0.01

    A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur…

  • CVE-2020-27924HigApr 2, 2021
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously…

  • CVE-2020-27923HigApr 2, 2021
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously…

  • CVE-2020-27922HigApr 2, 2021
    risk 0.51cvss 7.8epss 0.01

    A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted…

  • CVE-2020-27921HigApr 2, 2021
    risk 0.46cvss 7.0epss 0.01

    A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.

  • CVE-2020-27920HigApr 2, 2021
    risk 0.57cvss 8.8epss 0.01

    A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing maliciously…

  • CVE-2020-27919HigApr 2, 2021
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. Processing a maliciously crafted image may lead to arbitrary code execution.

  • CVE-2020-27915HigApr 2, 2021
    risk 0.51cvss 7.8epss 0.01

    A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to execute arbitrary code with system…

  • CVE-2020-27914HigApr 2, 2021
    risk 0.51cvss 7.8epss 0.01

    A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to execute arbitrary code with system…

  • CVE-2020-27908HigApr 2, 2021
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously…

  • CVE-2020-27907HigApr 2, 2021
    risk 0.51cvss 7.8epss 0.01

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.

  • CVE-2020-27899HigApr 2, 2021
    risk 0.51cvss 7.8epss 0.00

    A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A local attacker may be able to elevate their privileges.

  • CVE-2020-27897HigApr 2, 2021
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel…

  • CVE-2020-10015HigApr 2, 2021
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel…

  • CVE-2021-22203HigApr 2, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 before 13.9.5, and all versions starting from 13.10 before 13.10.1. A specially crafted Wiki page allowed attackers to read arbitrary files on…

  • CVE-2020-11925HigApr 2, 2021
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the device is based on a username and password. The root credentials are the same across all devices of this model.

  • CVE-2019-20466HigApr 2, 2021
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A local attacker with the "default" account is capable of reading the /etc/passwd file, which contains a weakly hashed root password. By taking this hash and cracking it, the attacker…

  • CVE-2019-20465HigApr 2, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. It is possible (using TELNET without a password) to control the camera's pan/zoom/tilt functionality.

  • CVE-2019-20464HigApr 2, 2021
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. By default, a mobile application is used to stream over UDP. However, the device offers many more services that also enable streaming. Although the service used by the mobile application…

  • CVE-2019-20463HigApr 2, 2021
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A crash and reboot can be triggered by crafted IP traffic, as demonstrated by the Nikto vulnerability scanner. For example, sending the 111111 string to UDP port 20188 causes a reboot.…

  • CVE-2021-21400HigApr 2, 2021
    risk 0.00cvss 7.1epss 0.01

    wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does…

  • CVE-2021-22696HigApr 2, 2021
    risk 0.42cvss 7.5epss 0.07

    CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec also…

  • CVE-2021-23924HigApr 1, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files.

  • CVE-2021-23923HigApr 1, 2021
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users.

  • CVE-2021-21421HigApr 1, 2021
    risk 0.46cvss 8.1epss 0.01

    node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later.

  • CVE-2021-21420HigApr 1, 2021
    risk 0.49cvss 7.5epss 0.01

    vscode-stripe is an extension for Visual Studio Code. A vulnerability in Stripe for Visual Studio Code extension exists when it loads an untrusted source-code repository containing malicious settings. An attacker who successfully exploited the vulnerability could run arbitrary…

  • CVE-2021-29421HigApr 1, 2021
    risk 0.42cvss 7.5epss 0.02

    models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.

  • CVE-2020-19613HigApr 1, 2021
    risk 0.49cvss 7.5epss 0.01

    Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503.

  • CVE-2021-25924HigApr 1, 2021
    risk 0.00cvss 8.8epss 0.01

    In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint. An attacker can trick a victim to click on a malicious link which could change backup configurations or execute system commands…

  • CVE-2021-22195HigApr 1, 2021
    risk 0.56cvss 8.6epss 0.01

    Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system

  • CVE-2020-9147HigApr 1, 2021
    risk 0.51cvss 7.8epss 0.00

    A memory buffer error vulnerability exists in a component interface of Huawei Smartphone. Local attackers may exploit this vulnerability by carefully constructing attack scenarios to cause out-of-bounds read.

  • CVE-2021-28165HigApr 1, 2021
    risk 0.53cvss 7.5epss 0.54

    In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.

  • CVE-2021-28545HigApr 1, 2021
    risk 0.53cvss 8.1epss 0.02

    Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker would have the ability to completely manipulate data in a certified PDF without…

  • CVE-2021-20235HigApr 1, 2021
    risk 0.49cvss 8.1epss 0.44

    There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is a static buffer. A remote, unauthenticated attacker who sends a crafted request to…

  • CVE-2021-29083HigApr 1, 2021
    risk 0.47cvss 7.2epss 0.03

    Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter.

  • CVE-2021-29942HigApr 1, 2021
    risk 0.48cvss 7.3epss 0.01

    An issue was discovered in the reorder crate through 2021-02-24 for Rust. swap_index can return uninitialized values if an iterator returns a len() that is too large.

  • CVE-2021-29941HigApr 1, 2021
    risk 0.48cvss 7.3epss 0.01

    An issue was discovered in the reorder crate through 2021-02-24 for Rust. swap_index has an out-of-bounds write if an iterator returns a len() that is too small.

  • CVE-2021-29939HigApr 1, 2021
    risk 0.48cvss 7.3epss 0.01

    An issue was discovered in the stackvector crate through 2021-02-19 for Rust. There is an out-of-bounds write in StackVec::extend if size_hint provides certain anomalous data.

  • CVE-2021-29938HigApr 1, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in the slice-deque crate through 2021-02-19 for Rust. A double drop can occur in SliceDeque::drain_filter upon a panic in a predicate function.

  • CVE-2021-29935HigApr 1, 2021
    risk 0.41cvss 7.3epss 0.01

    An issue was discovered in the rocket crate before 0.4.7 for Rust. uri::Formatter can have a use-after-free if a user-provided function panics.

  • CVE-2021-29934HigApr 1, 2021
    risk 0.41cvss 7.3epss 0.01

    An issue was discovered in PartialReader in the uu_od crate before 0.0.4 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation.

  • CVE-2021-29933HigApr 1, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in the insert_many crate through 2021-01-26 for Rust. Elements may be dropped twice if a .next() method panics.

  • CVE-2021-29932HigApr 1, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in the parse_duration crate through 2021-03-18 for Rust. It allows attackers to cause a denial of service (CPU and memory consumption) via a duration string with a large exponent.

  • CVE-2021-29931HigApr 1, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A double drop can sometimes occur upon a panic in T::drop().

  • CVE-2021-29930HigApr 1, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A drop of uninitialized memory can sometimes occur upon a panic in T::default().

  • CVE-2021-29929HigApr 1, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in the endian_trait crate through 2021-01-04 for Rust. A double drop can occur when a user-provided Endian impl panics.