VYPR

CVEs

100,082 total · page 1330 of 2,002

  • CVE-2021-26681HigFeb 23, 2021
    risk 0.47cvss 7.2epss 0.02

    A remote authenticated command Injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass CLI could allow remote authenticated users to run arbitrary commands on the underlying…

  • CVE-2021-22651HigFeb 23, 2021
    risk 0.51cvss 7.8epss 0.03

    When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files,…

  • CVE-2021-20198HigFeb 23, 2021
    risk 0.53cvss 8.1epss 0.02

    A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker…

  • CVE-2021-20230HigFeb 23, 2021
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. This flaw allows an attacker with a certificate signed by a Certificate Authority, which is not the one accepted by the…

  • CVE-2021-20226HigFeb 23, 2021
    risk 0.51cvss 7.8epss 0.00

    A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of validating the existence of an object prior to performing operations on the…

  • CVE-2020-25161HigFeb 23, 2021
    risk 0.57cvss 8.8epss 0.02

    The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator.

  • CVE-2020-16243HigFeb 23, 2021
    risk 0.52cvss 7.8epss 0.12

    Multiple buffer overflow vulnerabilities exist when LeviStudioU (Version 2019-09-21 and prior) processes project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application.

  • CVE-2021-25630HigFeb 23, 2021
    risk 0.51cvss 7.8epss 0.00

    "loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of…

  • CVE-2020-7847HigFeb 23, 2021
    risk 0.48cvss 7.4epss 0.01

    The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36.

  • CVE-2021-3252HigFeb 23, 2021
    risk 0.49cvss 7.5epss 0.03

    KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect access control. Credentials will always be returned in plain-text from the local server during the KACO XP100U authentication process, regardless of whatever passwords have been provided, which leads to an…

  • CVE-2020-28429HigFeb 23, 2021
    risk 0.53cvss 7.3epss 0.63

    All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require("geojson2kml"); a("./","& touch JHU",function(){})

  • CVE-2020-14359HigFeb 23, 2021
    risk 0.48cvss 7.3epss 0.01

    A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers (via cURL) an attacker can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a…

  • CVE-2021-22649HigFeb 23, 2021
    risk 0.51cvss 7.8epss 0.02

    Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an…

  • CVE-2021-22647HigFeb 23, 2021
    risk 0.51cvss 7.8epss 0.02

    Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may…

  • CVE-2021-22645HigFeb 23, 2021
    risk 0.51cvss 7.8epss 0.02

    Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be…

  • CVE-2021-22643HigFeb 23, 2021
    risk 0.51cvss 7.8epss 0.02

    Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an…

  • CVE-2020-29075HigFeb 23, 2021
    risk 0.47cvss 7.1epss 0.08

    Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.30010 (and earlier) and 2017.011.30180 (and earlier) are affected by an information exposure vulnerability, that could enable an attacker to get a DNS interaction and track if the user has opened or closed a PDF…

  • CVE-2020-25690HigFeb 23, 2021
    risk 0.57cvss 8.8epss 0.01

    An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code.…

  • CVE-2021-21157HigFeb 22, 2021
    risk 0.58cvss 8.8epss 0.09

    Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-21156HigFeb 22, 2021
    risk 0.57cvss 8.8epss 0.03

    Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script.

  • CVE-2021-21153HigFeb 22, 2021
    risk 0.57cvss 8.8epss 0.01

    Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

  • CVE-2021-21152HigFeb 22, 2021
    risk 0.57cvss 8.8epss 0.01

    Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-21149HigFeb 22, 2021
    risk 0.57cvss 8.8epss 0.01

    Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.

  • CVE-2021-26725HigFeb 22, 2021
    risk 0.47cvss 7.2epss 0.01

    Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC…

  • CVE-2021-26724HigFeb 22, 2021
    risk 0.47cvss 7.2epss 0.03

    OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior…

  • CVE-2021-26068HigFeb 22, 2021
    risk 0.57cvss 8.8epss 0.03

    An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allows remote attackers to execute arbitrary code via a template injection vulnerability.

  • CVE-2020-24175HigFeb 22, 2021
    risk 0.51cvss 7.8epss 0.02

    Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius 6.3.2.3116, and Explzh (extension) 8.14, allows attackers to execute arbitrary code via a crafted archive file, related to filename handling.

  • CVE-2020-11297HigFeb 22, 2021
    risk 0.49cvss 7.5epss 0.01

    Denial of service in WLAN module due to improper check of subtypes in logic where excessive frames are dropped in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,…

  • CVE-2020-11296HigFeb 22, 2021
    risk 0.49cvss 7.5epss 0.01

    Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon…

  • CVE-2020-11287HigFeb 22, 2021
    risk 0.49cvss 7.5epss 0.01

    Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,…

  • CVE-2020-11282HigFeb 22, 2021
    risk 0.51cvss 7.8epss 0.00

    Improper access control when using mmap with the kgsl driver with a special offset value that can be provided to map the memstore of the GPU to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,…

  • CVE-2020-11281HigFeb 22, 2021
    risk 0.49cvss 7.5epss 0.01

    Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,…

  • CVE-2020-11280HigFeb 22, 2021
    risk 0.49cvss 7.5epss 0.01

    Denial of service while processing fine timing measurement request (FTMR) frame with reserved bits set in the FTM parameter IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon…

  • CVE-2020-11278HigFeb 22, 2021
    risk 0.49cvss 7.5epss 0.01

    Possible denial of service while handling host WMI command due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon…

  • CVE-2020-11277HigFeb 22, 2021
    risk 0.48cvss 7.4epss 0.00

    Possible race condition during async fastrpc session after sending RPC message due to the fastrpc ctx gets free during async session in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile

  • CVE-2020-11271HigFeb 22, 2021
    risk 0.51cvss 7.8epss 0.00

    Possible out of bounds while accessing global control elements due to race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon…

  • CVE-2020-11270HigFeb 22, 2021
    risk 0.49cvss 7.5epss 0.01

    Possible denial of service due to RTT responder consistently rejects all FTMR by transmitting FTM1 with failure status in the FTM parameter IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,…

  • CVE-2020-11269HigFeb 22, 2021
    risk 0.57cvss 8.8epss 0.00

    Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,…

  • CVE-2020-11253HigFeb 22, 2021
    risk 0.51cvss 7.8epss 0.00

    Arbitrary memory write issue in video driver while setting the internal buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

  • CVE-2020-11223HigFeb 22, 2021
    risk 0.51cvss 7.8epss 0.00

    Out of bound in camera driver due to lack of check of validation of array index before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

  • CVE-2020-11204HigFeb 22, 2021
    risk 0.51cvss 7.8epss 0.00

    Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters that are read from shared MSG RAM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon…

  • CVE-2020-11203HigFeb 22, 2021
    risk 0.46cvss 7.1epss 0.00

    Stack overflow may occur if GSM/WCDMA broadcast config size received from user is larger than variable length array in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

  • CVE-2020-11195HigFeb 22, 2021
    risk 0.51cvss 7.8epss 0.00

    Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon…

  • CVE-2020-11194HigFeb 22, 2021
    risk 0.51cvss 7.8epss 0.00

    Possible out of bound access in TA while processing a command from NS side due to improper length check of response buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired…

  • CVE-2020-11187HigFeb 22, 2021
    risk 0.51cvss 7.8epss 0.00

    Possible memory corruption in BSI module due to improper validation of parameter count in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile

  • CVE-2020-11177HigFeb 22, 2021
    risk 0.57cvss 8.8epss 0.00

    User can overwrite Security Code NV item without knowing current SPC due to improper validation of SPC code setting and device lock in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon…

  • CVE-2020-35681HigFeb 22, 2021
    risk 0.41cvss 7.4epss 0.03

    Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate…

  • CVE-2020-35556HigFeb 22, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. Because the local notification service misconfigures CORS, information disclosure can occur.

  • CVE-2021-3149HigFeb 22, 2021
    risk 0.47cvss 7.2epss 0.04

    On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ping.cgi allows OS command injection (after authentication by the attacker) because the system C library function is used unsafely.

  • CVE-2021-26119HigFeb 22, 2021
    risk 0.50cvss 7.5epss 0.09

    Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode.