VYPR

CVEs

100,472 total · page 1324 of 2,010

  • CVE-2021-28994HigMar 31, 2021
    risk 0.49cvss 7.5epss 0.02

    kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers.

  • CVE-2021-26943HigMar 31, 2021
    risk 0.53cvss 8.2epss 0.01

    The UX360CA BIOS through 303 on ASUS laptops allow an attacker (with the ring 0 privilege) to overwrite nearly arbitrary physical memory locations, including SMRAM, and execute arbitrary code in the SMM (issue 3 of 3).

  • CVE-2021-29662HigMar 31, 2021
    risk 0.00cvss 7.5epss 0.02

    The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

  • CVE-2021-23004HigMar 31, 2021
    risk 0.49cvss 7.5epss 0.01

    On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, Multipath TCP (MPTCP) forwarding flows may be created on standard virtual servers without MPTCP enabled in the…

  • CVE-2021-23003HigMar 31, 2021
    risk 0.49cvss 7.5epss 0.01

    On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the Traffic Management Microkernel (TMM) process may produce a core file when undisclosed MPTCP traffic passes…

  • CVE-2021-23000HigMar 31, 2021
    risk 0.49cvss 7.5epss 0.01

    On BIG-IP versions 13.1.3.4-13.1.3.6 and 12.1.5.2, if the tmm.http.rfc.enforcement BigDB key is enabled in a BIG-IP system, or the Bad host header value is checked in the AFM HTTP security profile associated with a virtual server, in rare instances, a specific sequence of…

  • CVE-2021-22999HigMar 31, 2021
    risk 0.49cvss 7.5epss 0.01

    On versions 15.0.x before 15.1.0 and 14.1.x before 14.1.4, the BIG-IP system provides an option to connect HTTP/2 clients to HTTP/1.x servers. When a client is slow to accept responses and it closes a connection prematurely, the BIG-IP system may indefinitely retain some streams…

  • CVE-2021-22997HigMar 31, 2021
    risk 0.49cvss 7.5epss 0.01

    On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ HA ElasticSearch service does not implement any form of authentication for the clustering transport services, and all data used by ElasticSearch for transport is unencrypted. Note: Software versions which have reached End of…

  • CVE-2021-22996HigMar 31, 2021
    risk 0.49cvss 7.5epss 0.01

    On all 7.x versions (fixed in 8.0.0), when set up for auto failover, a BIG-IQ Data Collection Device (DCD) cluster member that receives an undisclosed message may cause the corosync process to abort. This behavior may lead to a denial-of-service (DoS) and impact the stability of…

  • CVE-2021-22993HigMar 31, 2021
    risk 0.57cvss 8.8epss 0.01

    On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, DOM-based XSS on DoS Profile properties page. Note: Software versions which have reached End of Software…

  • CVE-2021-21975HigKEVMar 31, 2021
    risk 0.76cvss 7.5epss 0.78

    Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.

  • CVE-2021-29658HigMar 31, 2021
    risk 0.00cvss 8.8epss 0.01

    The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace folder.

  • CVE-2021-22995HigMar 31, 2021
    risk 0.49cvss 7.5epss 0.01

    On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ high availability (HA) when using a Quorum device for automatic failover does not implement any form of authentication with the Corosync daemon. Note: Software versions which have reached End of Software Development (EoSD) are…

  • CVE-2021-22990HigMar 31, 2021
    risk 0.48cvss 7.2epss 0.09

    On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, on systems with Advanced WAF or BIG-IP ASM provisioned, the Traffic Management User Interface (TMUI), also…

  • CVE-2021-22988HigMar 31, 2021
    risk 0.58cvss 8.8epss 0.10

    On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability…

  • CVE-2021-28245HigMar 31, 2021
    risk 0.49cvss 7.5epss 0.01

    PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin account.

  • CVE-2021-23988HigMar 31, 2021
    risk 0.57cvss 8.8epss 0.01

    Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 87.

  • CVE-2021-23987HigMar 31, 2021
    risk 0.57cvss 8.8epss 0.01

    Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This…

  • CVE-2021-23981HigMar 31, 2021
    risk 0.53cvss 8.1epss 0.01

    A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and…

  • CVE-2021-21782HigMar 31, 2021
    risk 0.57cvss 8.8epss 0.01

    An out-of-bounds write vulnerability exists in the SGI format buffer size processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2021-21776HigMar 31, 2021
    risk 0.57cvss 8.8epss 0.01

    An out-of-bounds write vulnerability exists in the SGI Format Buffer Size Processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2021-21773HigMar 31, 2021
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds write vulnerability exists in the TIFF header count-processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2020-28173HigMar 31, 2021
    risk 0.47cvss 7.2epss 0.03

    Simple College Website 1.0 allows a user to conduct remote code execution via /alumni/admin/ajax.php?action=save_settings when uploading a malicious file using the image upload functionality, which is stored in /alumni/admin/assets/uploads/.

  • CVE-2021-21413HigMar 30, 2021
    risk 0.45cvss 8.0epss 0.01

    isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Versions of isolated-vm before v4.0.0 have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs isolate. Reference…

  • CVE-2020-24995HigMar 30, 2021
    risk 0.51cvss 7.8epss 0.01

    Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local).

  • CVE-2021-20502HigMar 30, 2021
    risk 0.46cvss 7.1epss 0.01

    IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 198059.

  • CVE-2021-20482HigMar 30, 2021
    risk 0.46cvss 7.1epss 0.01

    IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197504.

  • CVE-2021-27271HigMar 30, 2021
    risk 0.51cvss 7.8epss 0.03

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2021-27270HigMar 30, 2021
    risk 0.51cvss 7.8epss 0.03

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2021-27269HigMar 30, 2021
    risk 0.51cvss 7.8epss 0.02

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2021-27268HigMar 30, 2021
    risk 0.51cvss 7.8epss 0.02

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2021-27267HigMar 30, 2021
    risk 0.51cvss 7.8epss 0.02

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2021-27261HigMar 30, 2021
    risk 0.51cvss 7.8epss 0.03

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2020-15075HigMar 30, 2021
    risk 0.46cvss 7.1epss 0.00

    OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.

  • CVE-2021-21638HigMar 30, 2021
    risk 0.57cvss 8.8epss 0.01

    A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in…

  • CVE-2021-21633HigMar 30, 2021
    risk 0.50cvss 8.8epss 0.01

    A cross-site request forgery (CSRF) vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins.

  • CVE-2021-21629HigMar 30, 2021
    risk 0.50cvss 8.8epss 0.01

    A cross-site request forgery (CSRF) vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows attackers to build a project with attacker-specified parameters.

  • CVE-2021-26919HigMar 30, 2021
    risk 0.52cvss 8.8epss 0.23

    Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can…

  • CVE-2021-29376HigMar 30, 2021
    risk 0.49cvss 7.5epss 0.02

    ircII before 20210314 allows remote attackers to cause a denial of service (segmentation fault and client crash, disconnecting the victim from an IRC server) via a crafted CTCP UTC message.

  • CVE-2020-19641HigMar 30, 2021
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. Authenticated attackers with the "Operator" Privilege can gain admin privileges via a crafted request to '/goform/formUserMng'.

  • CVE-2020-19640HigMar 30, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. An unauthenticated attacker can reboot the device causing a Denial of Service, via a hidden reboot command to '/media/?action=cmd'.

  • CVE-2020-19639HigMar 30, 2021
    risk 0.57cvss 8.8epss 0.01

    Cross Site Request Forgery (CSRF) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B, via all fields to WebUI.

  • CVE-2021-25162HigMar 30, 2021
    risk 0.58cvss 8.1epss 0.27

    A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant…

  • CVE-2018-1110HigMar 30, 2021
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service.

  • CVE-2021-25150HigMar 30, 2021
    risk 0.57cvss 8.8epss 0.03

    A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x:…

  • CVE-2021-25146HigMar 30, 2021
    risk 0.47cvss 7.2epss 0.03

    A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x:…

  • CVE-2021-25148HigMar 30, 2021
    risk 0.53cvss 8.1epss 0.01

    A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x:…

  • CVE-2021-27276HigMar 29, 2021
    risk 0.52cvss 7.1epss 0.72

    This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The…

  • CVE-2021-27275HigMar 29, 2021
    risk 0.60cvss 8.3epss 0.73

    This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication…

  • CVE-2021-27273HigMar 29, 2021
    risk 0.62cvss 8.8epss 0.65

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The…