VYPR

CVEs

100,082 total · page 1328 of 2,002

  • CVE-2021-25329HigMar 1, 2021
    risk 0.39cvss 7.0epss 0.09

    The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note…

  • CVE-2021-25122HigMar 1, 2021
    risk 0.50cvss 7.5epss 0.18

    When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the…

  • CVE-2020-35662HigFeb 27, 2021
    risk 0.48cvss 7.4epss 0.03

    In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.

  • CVE-2020-28243HigFeb 27, 2021
    risk 0.51cvss 7.8epss 0.04

    An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.

  • CVE-2019-25021HigFeb 27, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot be set because of the implementation in code.

  • CVE-2019-25020HigFeb 27, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm-ws-rest/preconfiguration URI.

  • CVE-2021-27803HigFeb 26, 2021
    risk 0.49cvss 7.5epss 0.01

    A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.

  • CVE-2020-36079HigFeb 26, 2021
    risk 0.47cvss 7.2epss 0.05

    Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, for example,…

  • CVE-2021-27799HigFeb 26, 2021
    risk 0.49cvss 7.5epss 0.02

    ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 has a stack-based buffer overflow that is reachable from the C API through an application that includes the Zint Barcode Generator library code.

  • CVE-2021-26567HigFeb 26, 2021
    risk 0.00cvss 7.8epss 0.01

    Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.

  • CVE-2021-26566HigFeb 26, 2021
    risk 0.54cvss 8.3epss 0.01

    Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic.

  • CVE-2021-26565HigFeb 26, 2021
    risk 0.54cvss 8.3epss 0.01

    Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.

  • CVE-2021-26564HigFeb 26, 2021
    risk 0.54cvss 8.3epss 0.01

    Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.

  • CVE-2021-26563HigFeb 26, 2021
    risk 0.53cvss 8.2epss 0.01

    Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.

  • CVE-2021-21297HigFeb 26, 2021
    risk 0.50cvss 7.7epss 0.01

    Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to…

  • CVE-2021-23979HigFeb 26, 2021
    risk 0.57cvss 8.8epss 0.01

    Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86.

  • CVE-2021-23978HigFeb 26, 2021
    risk 0.57cvss 8.8epss 0.02

    Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects…

  • CVE-2021-23965HigFeb 26, 2021
    risk 0.57cvss 8.8epss 0.01

    Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85.

  • CVE-2021-23964HigFeb 26, 2021
    risk 0.57cvss 8.8epss 0.01

    Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects…

  • CVE-2020-24686HigFeb 26, 2021
    risk 0.49cvss 7.5epss 0.01

    The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show…

  • CVE-2021-22661HigFeb 26, 2021
    risk 0.49cvss 7.5epss 0.01

    Changing the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the current password on the ICX35-HWC-A and ICX35-HWC-E (Versions 1.9.62 and prior).

  • CVE-2020-28646HigFeb 26, 2021
    risk 0.51cvss 7.8epss 0.01

    ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop client loaded development plugins from certain directories when they were present.

  • CVE-2019-18945HigFeb 26, 2021
    risk 0.47cvss 7.3epss 0.00

    Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability.

  • CVE-2021-23962HigFeb 26, 2021
    risk 0.57cvss 8.8epss 0.01

    Incorrect use of the '' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox < 85.

  • CVE-2021-23961HigFeb 26, 2021
    risk 0.48cvss 7.4epss 0.01

    Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85.

  • CVE-2021-23960HigFeb 26, 2021
    risk 0.57cvss 8.8epss 0.01

    Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.

  • CVE-2021-23957HigFeb 26, 2021
    risk 0.48cvss 7.4epss 0.01

    Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85.

  • CVE-2021-23954HigFeb 26, 2021
    risk 0.57cvss 8.8epss 0.01

    Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.

  • CVE-2021-23976HigFeb 26, 2021
    risk 0.53cvss 8.1epss 0.01

    When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to…

  • CVE-2021-23972HigFeb 26, 2021
    risk 0.57cvss 8.8epss 0.01

    One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishingtarget.com@evil.com'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a…

  • CVE-2021-26701HigFeb 25, 2021
    risk 0.55cvss 8.1epss 0.30

    .NET Core Remote Code Execution Vulnerability

  • CVE-2021-26700HigFeb 25, 2021
    risk 0.51cvss 7.8epss 0.06

    Visual Studio Code npm-script Extension Remote Code Execution Vulnerability

  • CVE-2021-25195HigFeb 25, 2021
    risk 0.51cvss 7.8epss 0.01

    Windows PKU2U Elevation of Privilege Vulnerability

  • CVE-2021-24112HigFeb 25, 2021
    risk 0.53cvss 8.1epss 0.03

    .NET Core Remote Code Execution Vulnerability

  • CVE-2021-24111HigFeb 25, 2021
    risk 0.49cvss 7.5epss 0.04

    .NET Framework Denial of Service Vulnerability

  • CVE-2021-24105HigFeb 25, 2021
    risk 0.55cvss 8.4epss 0.02

    Depending on configuration of various package managers it is possible for an attacker to insert a malicious package into a package manager's repository which can be retrieved and used during development, build, and release processes. This insertion could lead to remote code…

  • CVE-2021-24103HigFeb 25, 2021
    risk 0.51cvss 7.8epss 0.01

    Windows Event Tracing Elevation of Privilege Vulnerability

  • CVE-2021-24102HigFeb 25, 2021
    risk 0.51cvss 7.8epss 0.01

    Windows Event Tracing Elevation of Privilege Vulnerability

  • CVE-2021-24096HigFeb 25, 2021
    risk 0.51cvss 7.8epss 0.01

    Windows Kernel Elevation of Privilege Vulnerability

  • CVE-2021-24093HigFeb 25, 2021
    risk 0.61cvss 8.8epss 0.44

    Windows Graphics Component Remote Code Execution Vulnerability

  • CVE-2021-24092HigFeb 25, 2021
    risk 0.51cvss 7.8epss 0.01

    Microsoft Defender Elevation of Privilege Vulnerability

  • CVE-2021-24091HigFeb 25, 2021
    risk 0.51cvss 7.8epss 0.03

    Windows Camera Codec Pack Remote Code Execution Vulnerability

  • CVE-2021-24088HigFeb 25, 2021
    risk 0.57cvss 8.8epss 0.02

    Windows Local Spooler Remote Code Execution Vulnerability

  • CVE-2021-24087HigFeb 25, 2021
    risk 0.46cvss 7.0epss 0.00

    Azure IoT CLI extension Elevation of Privilege Vulnerability

  • CVE-2021-24086HigFeb 25, 2021
    risk 0.53cvss 7.5epss 0.59

    Windows TCP/IP Denial of Service Vulnerability

  • CVE-2021-24083HigFeb 25, 2021
    risk 0.51cvss 7.8epss 0.03

    Windows Address Book Remote Code Execution Vulnerability

  • CVE-2021-24081HigFeb 25, 2021
    risk 0.51cvss 7.8epss 0.02

    Microsoft Windows Codecs Library Remote Code Execution Vulnerability

  • CVE-2021-24072HigFeb 25, 2021
    risk 0.57cvss 8.8epss 0.02

    Microsoft SharePoint Server Remote Code Execution Vulnerability

  • CVE-2021-24070HigFeb 25, 2021
    risk 0.51cvss 7.8epss 0.02

    Microsoft Excel Remote Code Execution Vulnerability

  • CVE-2021-24069HigFeb 25, 2021
    risk 0.51cvss 7.8epss 0.02

    Microsoft Excel Remote Code Execution Vulnerability