VYPR

CVEs

100,082 total · page 1329 of 2,002

  • CVE-2021-24068HigFeb 25, 2021
    risk 0.51cvss 7.8epss 0.02

    Microsoft Excel Remote Code Execution Vulnerability

  • CVE-2021-24067HigFeb 25, 2021
    risk 0.51cvss 7.8epss 0.02

    Microsoft Excel Remote Code Execution Vulnerability

  • CVE-2021-24066HigFeb 25, 2021
    risk 0.58cvss 8.8epss 0.06

    Microsoft SharePoint Remote Code Execution Vulnerability

  • CVE-2021-1734HigFeb 25, 2021
    risk 0.49cvss 7.5epss 0.04

    Windows Remote Procedure Call Information Disclosure Vulnerability

  • CVE-2021-1733HigFeb 25, 2021
    risk 0.51cvss 7.8epss 0.01

    Sysinternals PsExec Elevation of Privilege Vulnerability

  • CVE-2021-1732HigKEVFeb 25, 2021
    risk 0.78cvss 7.8epss 0.78

    Windows Win32k Elevation of Privilege Vulnerability

  • CVE-2021-1728HigFeb 25, 2021
    risk 0.57cvss 8.8epss 0.02

    System Center Operations Manager Elevation of Privilege Vulnerability

  • CVE-2021-1727HigFeb 25, 2021
    risk 0.51cvss 7.8epss 0.01

    Windows Installer Elevation of Privilege Vulnerability

  • CVE-2021-1726HigFeb 25, 2021
    risk 0.52cvss 8.0epss 0.02

    Microsoft SharePoint Server Spoofing Vulnerability

  • CVE-2021-1722HigFeb 25, 2021
    risk 0.53cvss 8.1epss 0.02

    Windows Fax Service Remote Code Execution Vulnerability

  • CVE-2021-1698HigFeb 25, 2021
    risk 0.51cvss 7.8epss 0.01

    Windows Win32k Elevation of Privilege Vulnerability

  • CVE-2021-1639HigFeb 25, 2021
    risk 0.46cvss 7.0epss 0.02

    Visual Studio Code Remote Code Execution Vulnerability

  • CVE-2020-17162HigFeb 25, 2021
    risk 0.57cvss 8.8epss 0.02

    Microsoft Windows Security Feature Bypass Vulnerability

  • CVE-2020-27543HigFeb 25, 2021
    risk 0.49cvss 7.5epss 0.03

    The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception.

  • CVE-2021-3273HigFeb 25, 2021
    risk 0.47cvss 7.2epss 0.06

    Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI's web system.

  • CVE-2021-21066HigFeb 25, 2021
    risk 0.51cvss 7.8epss 0.03

    Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2021-21065HigFeb 25, 2021
    risk 0.51cvss 7.8epss 0.03

    Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2020-36254HigFeb 25, 2021
    risk 0.46cvss 8.1epss 0.02

    scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.

  • CVE-2021-1387HigFeb 24, 2021
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because the software improperly releases resources when it processes certain…

  • CVE-2021-1368HigFeb 24, 2021
    risk 0.57cvss 8.8epss 0.00

    A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an…

  • CVE-2021-1230HigFeb 24, 2021
    risk 0.56cvss 8.6epss 0.01

    A vulnerability with the Border Gateway Protocol (BGP) for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a routing process to crash, which could lead to a denial of service (DoS)…

  • CVE-2021-1228HigFeb 24, 2021
    risk 0.48cvss 7.4epss 0.00

    A vulnerability in the fabric infrastructure VLAN connection establishment of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized…

  • CVE-2021-1227HigFeb 24, 2021
    risk 0.53cvss 8.1epss 0.01

    A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected…

  • CVE-2020-11988HigFeb 24, 2021
    risk 0.47cvss 8.2epss 0.07

    Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET…

  • CVE-2020-11987HigFeb 24, 2021
    risk 0.47cvss 8.2epss 0.14

    Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

  • CVE-2021-21974HigFeb 24, 2021
    risk 0.61cvss 8.8epss 0.45

    OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the…

  • CVE-2020-7836HigFeb 24, 2021
    risk 0.51cvss 7.8epss 0.01

    VOICEYE WSActiveBridgeES versions prior to 2.1.0.3 contains a stack-based buffer overflow vulnerability caused by improper bound checking parameter given by attack. It finally leads to a stack-based buffer overflow via access to crafted web page.

  • CVE-2021-21617HigFeb 24, 2021
    risk 0.50cvss 8.8epss 0.01

    A cross-site request forgery (CSRF) vulnerability in Jenkins Configuration Slicing Plugin 1.51 and earlier allows attackers to apply different slice configurations.

  • CVE-2020-7846HigFeb 24, 2021
    risk 0.52cvss 8.0epss 0.01

    Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web page.

  • CVE-2020-28599HigFeb 24, 2021
    risk 0.51cvss 7.8epss 0.02

    A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2021-20662HigFeb 24, 2021
    risk 0.49cvss 7.5epss 0.02

    Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vectors.

  • CVE-2021-20661HigFeb 24, 2021
    risk 0.53cvss 8.1epss 0.02

    Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.

  • CVE-2021-20659HigFeb 24, 2021
    risk 0.57cvss 8.8epss 0.02

    SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code.

  • CVE-2021-3410HigFeb 23, 2021
    risk 0.51cvss 7.8epss 0.01

    A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context.

  • CVE-2021-20194HigFeb 23, 2021
    risk 0.51cvss 7.8epss 0.00

    There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of…

  • CVE-2021-20182HigFeb 23, 2021
    risk 0.50cvss 8.8epss 0.01

    A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to this build container, they can potentially utilize the raw devices of the…

  • CVE-2021-26680HigFeb 23, 2021
    risk 0.47cvss 7.2epss 0.02

    A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands…

  • CVE-2021-26679HigFeb 23, 2021
    risk 0.47cvss 7.2epss 0.02

    A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands…

  • CVE-2021-26677HigFeb 23, 2021
    risk 0.51cvss 7.8epss 0.00

    A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users on a Windows platform to elevate their…

  • CVE-2021-26594HigFeb 23, 2021
    risk 0.57cvss 8.8epss 0.01

    In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

  • CVE-2021-26593HigFeb 23, 2021
    risk 0.49cvss 7.5epss 0.01

    In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/{id}. For each call, they get in response a lot of information about the user (such as email address, first name, and last name) but also the secret for 2FA if one exists. This secret…

  • CVE-2021-22882HigFeb 23, 2021
    risk 0.49cvss 7.5epss 0.01

    UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras to perform a denial-of-service attack that may cause the UniFi Protect controller to crash.

  • CVE-2021-22112HigFeb 23, 2021
    risk 0.57cvss 8.8epss 0.03

    Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be…

  • CVE-2021-20247HigFeb 23, 2021
    risk 0.48cvss 7.4epss 0.02

    A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated…

  • CVE-2020-28587HigFeb 23, 2021
    risk 0.51cvss 7.8epss 0.01

    A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. An attacker can entice the victim to…

  • CVE-2020-27782HigFeb 23, 2021
    risk 0.00cvss 7.5epss 0.01

    A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system…

  • CVE-2021-27579HigFeb 23, 2021
    risk 0.51cvss 7.8epss 0.00

    Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on processor types and versions that may be deployed and in use across an IT environment. A privilege-escalation vulnerability exists if CPUID is enabled, and thus it should be disabled via configuration settings.

  • CVE-2021-26926HigFeb 23, 2021
    risk 0.00cvss 7.1epss 0.01

    A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash.

  • CVE-2021-26684HigFeb 23, 2021
    risk 0.47cvss 7.2epss 0.02

    A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands…

  • CVE-2021-26683HigFeb 23, 2021
    risk 0.47cvss 7.2epss 0.02

    A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands…