VYPR

CVEs

100,472 total · page 1325 of 2,010

  • CVE-2021-27272HigMar 29, 2021
    risk 0.52cvss 7.1epss 0.74

    This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The…

  • CVE-2021-27245HigMar 29, 2021
    risk 0.53cvss 8.1epss 0.03

    This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7(US)_V5_210125 and Archer A7(US)_V5_200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of…

  • CVE-2021-27243HigMar 29, 2021
    risk 0.57cvss 8.8epss 0.00

    This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific…

  • CVE-2021-27242HigMar 29, 2021
    risk 0.57cvss 8.8epss 0.00

    This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific…

  • CVE-2021-27240HigMar 29, 2021
    risk 0.51cvss 7.8epss 0.00

    This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific…

  • CVE-2021-27239HigMar 29, 2021
    risk 0.57cvss 8.8epss 0.01

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the upnpd service,…

  • CVE-2021-28669HigMar 29, 2021
    risk 0.49cvss 7.5epss 0.01

    Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights.

  • CVE-2021-25144HigMar 29, 2021
    risk 0.57cvss 8.8epss 0.02

    A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6…

  • CVE-2021-25143HigMar 29, 2021
    risk 0.49cvss 7.5epss 0.01

    A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for…

  • CVE-2020-35137HigMar 29, 2021
    risk 0.49cvss 7.5epss 0.02

    The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in com/mobileiron/registration/RegisterActivity.java and can be…

  • CVE-2020-24635HigMar 29, 2021
    risk 0.47cvss 7.2epss 0.03

    A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x:…

  • CVE-2020-25217HigMar 29, 2021
    risk 0.47cvss 7.2epss 0.02

    Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface.

  • CVE-2021-21727HigMar 29, 2021
    risk 0.49cvss 7.5epss 0.01

    A ZTE product has a DoS vulnerability. A remote attacker can amplify traffic by sending carefully constructed IPv6 packets to the affected devices, which eventually leads to device denial of service. This affects:

  • CVE-2020-7850HigMar 29, 2021
    risk 0.51cvss 7.8epss 0.01

    NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as…

  • CVE-2021-28937HigMar 29, 2021
    risk 0.49cvss 7.5epss 0.04

    The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) contains the administrator account password in plaintext. The page can be intercepted on HTTP.

  • CVE-2021-28936HigMar 29, 2021
    risk 0.49cvss 7.5epss 0.02

    The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management administrator password can be changed by sending a specially crafted HTTP GET request. The administrator username has to be known (default:admin) whereas no previous authentication is required.

  • CVE-2021-29249HigMar 26, 2021
    risk 0.49cvss 7.5epss 0.01

    BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability.

  • CVE-2021-29266HigMar 26, 2021
    risk 0.00cvss 7.8epss 0.00

    An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0.

  • CVE-2021-21374HigMar 26, 2021
    risk 0.00cvss 8.1epss 0.01

    Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An…

  • CVE-2021-21373HigMar 26, 2021
    risk 0.49cvss 7.5epss 0.01

    Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL…

  • CVE-2021-21372HigMar 26, 2021
    risk 0.00cvss 8.3epss 0.04

    Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json…

  • CVE-2021-20206HigMar 26, 2021
    risk 0.00cvss 7.2epss 0.02

    An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries…

  • CVE-2021-21389HigMar 26, 2021
    risk 0.54cvss 8.1epss 0.14

    BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability…

  • CVE-2020-7468HigMar 26, 2021
    risk 0.57cvss 8.8epss 0.01

    In FreeBSD 12.2-STABLE before r365772, 11.4-STABLE before r365773, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a ftpd(8) bug in the implementation of the file system sandbox, combined with capabilities available to an authenticated FTP user, can…

  • CVE-2020-7467HigMar 26, 2021
    risk 0.49cvss 7.6epss 0.00

    In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a number of AMD virtualization instructions operate on host physical addresses, are not subject to nested page table translation, and…

  • CVE-2020-7461HigMar 26, 2021
    risk 0.48cvss 7.3epss 0.04

    In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient(8) fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow. The heap overflow…

  • CVE-2020-25582HigMar 26, 2021
    risk 0.57cvss 8.7epss 0.01

    In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working…

  • CVE-2020-25581HigMar 26, 2021
    risk 0.49cvss 7.5epss 0.01

    In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 due to a race condition in the jail_remove(2) implementation, it may fail to kill some of the processes.

  • CVE-2021-29255HigMar 26, 2021
    risk 0.49cvss 7.5epss 0.01

    MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credentials in cleartext to pnp.microseven.com TCP port 7007. An attacker on the same network as the device can capture these credentials.

  • CVE-2021-21403HigMar 26, 2021
    risk 0.42cvss 7.5epss 0.01

    In github.com/kongchuanhujiao/server before version 1.3.21 there is an authentication Bypass by Primary Weakness vulnerability. All users are impacted. This is fixed in version 1.3.21.

  • CVE-2020-28695HigMar 26, 2021
    risk 0.57cvss 8.8epss 0.02

    Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution and retrieval of admin credentials to log into the Dashboard or login via SSH, leading to code execution as root.

  • CVE-2021-20271HigMar 26, 2021
    risk 0.39cvss 7.0epss 0.01

    A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The…

  • CVE-2021-22506HigKEVMar 26, 2021
    risk 0.63cvss 7.5epss 0.26

    Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage.

  • CVE-2021-20682HigMar 26, 2021
    risk 0.47cvss 7.2epss 0.02

    baserCMS versions prior to 4.4.5 allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors.

  • CVE-2021-28250HigMar 26, 2021
    risk 0.51cvss 7.8epss 0.00

    CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only…

  • CVE-2021-28249HigMar 26, 2021
    risk 0.57cvss 8.8epss 0.00

    CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the…

  • CVE-2021-28248HigMar 26, 2021
    risk 0.49cvss 7.5epss 0.01

    CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a…

  • CVE-2021-28246HigMar 26, 2021
    risk 0.51cvss 7.8epss 0.00

    CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in…

  • CVE-2020-28346HigMar 26, 2021
    risk 0.42cvss 7.5epss 0.01

    ACRN through 2.2 has a devicemodel/hw/pci/virtio/virtio.c NULL Pointer Dereference.

  • CVE-2021-3119HigMar 25, 2021
    risk 0.00cvss 7.5epss 0.02

    Zetetic SQLCipher 4.x before 4.4.3 has a NULL pointer dereferencing issue related to sqlcipher_export in crypto.c and sqlite3StrICmp in sqlite3.c. This may allow an attacker to perform a remote denial of service attack. For example, an SQL injection can be used to execute the…

  • CVE-2021-29098HigMar 25, 2021
    risk 0.51cvss 7.8epss 0.02

    Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the…

  • CVE-2021-29097HigMar 25, 2021
    risk 0.51cvss 7.8epss 0.02

    Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the…

  • CVE-2021-27454HigMar 25, 2021
    risk 0.51cvss 7.8epss 0.00

    The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1).

  • CVE-2021-27452HigMar 25, 2021
    risk 0.51cvss 7.8epss 0.00

    The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1).

  • CVE-2021-27450HigMar 25, 2021
    risk 0.51cvss 7.8epss 0.00

    SSH server configuration file does not implement some best practices. This could lead to a weakening of the SSH protocol strength, which could lead to additional misconfiguration or be leveraged as part of a larger attack on the MU320E (all firmware versions prior to v04A00.1).

  • CVE-2021-27448HigMar 25, 2021
    risk 0.51cvss 7.8epss 0.00

    A miscommunication in the file system allows adversaries with access to the MU320E to escalate privileges on the MU320E (all firmware versions prior to v04A00.1).

  • CVE-2021-27438HigMar 25, 2021
    risk 0.57cvss 8.8epss 0.01

    The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1).

  • CVE-2020-10584HigMar 25, 2021
    risk 0.49cvss 7.5epss 0.02

    A directory traversal on the /admin/search_by.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to read arbitrary server files accessible to the user running the application.

  • CVE-2020-10583HigMar 25, 2021
    risk 0.57cvss 8.8epss 0.03

    The /admin/admapi.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary OS commands on the server as the user running the application.

  • CVE-2020-10581HigMar 25, 2021
    risk 0.49cvss 7.5epss 0.01

    Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management (ADM) through 5.0 allow remote attackers to read potentially sensitive data hosted by the application.