VYPR

CVEs

100,082 total · page 1332 of 2,002

  • CVE-2020-13551HigFeb 17, 2021
    risk 0.57cvss 8.8epss 0.00

    An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM…

  • CVE-2020-13550HigFeb 17, 2021
    risk 0.50cvss 7.7epss 0.03

    A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability.

  • CVE-2021-1366HigFeb 17, 2021
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the…

  • CVE-2021-27224HigFeb 17, 2021
    risk 0.52cvss 7.5epss 0.38

    The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write access violation starting at WPG+0x0000000000012ec6, which might allow remote attackers to execute arbitrary code.

  • CVE-2021-25780HigFeb 17, 2021
    risk 0.47cvss 7.2epss 0.02

    An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and obtaining a shell.

  • CVE-2020-36003HigFeb 17, 2021
    risk 0.49cvss 7.5epss 0.01

    The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases.

  • CVE-2020-36002HigFeb 17, 2021
    risk 0.49cvss 7.5epss 0.02

    Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id parameter where attackers can obtain sensitive database information.

  • CVE-2021-22854HigFeb 17, 2021
    risk 0.49cvss 7.5epss 0.02

    The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.

  • CVE-2021-0109HigFeb 17, 2021
    risk 0.51cvss 7.8epss 0.00

    Insecure inherited permissions for the Intel(R) SOC driver package for STK1A32SC before version 604 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-8678HigFeb 17, 2021
    risk 0.51cvss 7.8epss 0.00

    Improper access control for Intel(R) Graphics Drivers before version 15.45.33.5164 and 27.20.100.8280 may allow an authenticated user to potentially enable an escalation of privilege via local access.

  • CVE-2020-7849HigFeb 17, 2021
    risk 0.52cvss 8.0epss 0.01

    A vulnerability of uPrism.io CURIX(Video conferecing solution) could allow an unauthenticated attacker to execute arbitrary code. This vulnerability is due to insufficient input(server domain) validation. An attacker could exploit this vulnerability through crafted URL.

  • CVE-2020-7848HigFeb 17, 2021
    risk 0.52cvss 8.0epss 0.01

    The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value.

  • CVE-2020-24485HigFeb 17, 2021
    risk 0.51cvss 7.8epss 0.00

    Improper conditions check in the Intel(R) FPGA OPAE Driver for Linux before kernel version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-24482HigFeb 17, 2021
    risk 0.49cvss 7.5epss 0.01

    Improper buffer restrictions in firmware for Intel(R) 7360 Cell Modem before UDE version 9.4.370 may allow unauthenticated user to potentially enable denial of service via network access.

  • CVE-2020-24481HigFeb 17, 2021
    risk 0.51cvss 7.8epss 0.00

    Insecure inherited permissions for the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-24462HigFeb 17, 2021
    risk 0.51cvss 7.8epss 0.00

    Out of bounds write in the Intel(R) Graphics Driver before version 15.33.53.5161, 15.36.40.5162, 15.40.47.5166, 15.45.33.5164 and 27.20.100.8336 may allow an authenticated user to potentially enable an escalation of privilege via local access.

  • CVE-2020-24453HigFeb 17, 2021
    risk 0.51cvss 7.8epss 0.00

    Improper input validation in the Intel(R) EPID SDK before version 8, may allow an authenticated user to potentially enable an escalation of privilege via local access.

  • CVE-2020-24451HigFeb 17, 2021
    risk 0.47cvss 7.3epss 0.00

    Uncontrolled search path in the Intel(R) Optane(TM) DC Persistent Memory installer for Windows* before version 1.00.00.3506 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-24450HigFeb 17, 2021
    risk 0.51cvss 7.8epss 0.00

    Improper conditions check in some Intel(R) Graphics Drivers before versions 26.20.100.8141, 15.45.32.5145 and 15.40.46.5144 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-12385HigFeb 17, 2021
    risk 0.51cvss 7.8epss 0.00

    Improper input validation in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2020-12384HigFeb 17, 2021
    risk 0.51cvss 7.8epss 0.00

    Improper access control in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow an authenticated user to potentially enable an escalation of privilege via local access.

  • CVE-2020-12380HigFeb 17, 2021
    risk 0.51cvss 7.8epss 0.00

    Out of bounds read in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-12377HigFeb 17, 2021
    risk 0.51cvss 7.8epss 0.00

    Insufficient input validation in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-12369HigFeb 17, 2021
    risk 0.51cvss 7.8epss 0.00

    Out of bound write in some Intel(R) Graphics Drivers before version 26.20.100.8336 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2020-12368HigFeb 17, 2021
    risk 0.51cvss 7.8epss 0.00

    Integer overflow in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable an escalation of privilege via local access.

  • CVE-2020-12367HigFeb 17, 2021
    risk 0.51cvss 7.8epss 0.00

    Integer overflow in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow a privileged user to potentially enable an escalation of privilege via local access.

  • CVE-2020-12366HigFeb 17, 2021
    risk 0.51cvss 7.8epss 0.00

    Insufficient input validation in some Intel(R) Graphics Drivers before version 27.20.100.8587 may allow a privileged user to potentially enable an escalation of privilege via local access.

  • CVE-2020-12362HigFeb 17, 2021
    risk 0.51cvss 7.8epss 0.00

    Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access.

  • CVE-2020-12339HigFeb 17, 2021
    risk 0.57cvss 8.8epss 0.01

    Insufficient control flow management in the API for the Intel(R) Collaboration Suite for WebRTC before version 4.3.1 may allow an authenticated user to potentially enable escalation of privilege via network access.

  • CVE-2020-0544HigFeb 17, 2021
    risk 0.51cvss 7.8epss 0.00

    Insufficient control flow management in the kernel mode driver for some Intel(R) Graphics Drivers before version 15.36.39.5145 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-0521HigFeb 17, 2021
    risk 0.51cvss 7.8epss 0.00

    Insufficient control flow management in some Intel(R) Graphics Drivers before version 15.45.32.5145 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2021-22858HigFeb 17, 2021
    risk 0.57cvss 8.8epss 0.01

    Attackers can access the CGE account management function without privilege for permission elevation and execute arbitrary commands or files after obtaining user permissions.

  • CVE-2021-22857HigFeb 17, 2021
    risk 0.49cvss 7.5epss 0.02

    The CGE page with download function contains a Directory Traversal vulnerability. Attackers can use this loophole to download system files arbitrarily.

  • CVE-2021-20655HigFeb 17, 2021
    risk 0.47cvss 7.2epss 0.04

    FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.

  • CVE-2021-26934HigFeb 17, 2021
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry.

  • CVE-2021-26930HigFeb 17, 2021
    risk 0.00cvss 7.8epss 0.00

    An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be…

  • CVE-2021-27102HigKEVFeb 16, 2021
    risk 0.69cvss 7.8epss 0.04

    Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.

  • CVE-2021-20075HigFeb 16, 2021
    risk 0.51cvss 7.8epss 0.00

    Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd.

  • CVE-2021-20074HigFeb 16, 2021
    risk 0.57cvss 8.8epss 0.01

    Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands.

  • CVE-2021-20073HigFeb 16, 2021
    risk 0.57cvss 8.8epss 0.00

    Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries.

  • CVE-2021-20072HigFeb 16, 2021
    risk 0.47cvss 7.2epss 0.01

    Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to arbitrarily access and delete files via an authenticated directory traveral.

  • CVE-2020-11635HigFeb 16, 2021
    risk 0.51cvss 7.8epss 0.00

    The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges.

  • CVE-2021-23840HigFeb 16, 2021
    risk 0.46cvss 7.5epss 0.51

    Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will…

  • CVE-2021-21315HigKEVFeb 16, 2021
    risk 0.12cvss 7.1epss 0.90

    The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was…

  • CVE-2021-20987HigFeb 16, 2021
    risk 0.56cvss 8.6epss 0.01

    A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recovery.

  • CVE-2021-20986HigFeb 16, 2021
    risk 0.49cvss 7.5epss 0.01

    A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. This may lead to unexpected loss of cyclic communication or interruption of acyclic communication.

  • CVE-2020-35567HigFeb 16, 2021
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software uses a secure password for database access, but this password is shared across instances.

  • CVE-2020-35564HigFeb 16, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code.

  • CVE-2020-35558HigFeb 16, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials.

  • CVE-2021-27232HigFeb 16, 2021
    risk 0.57cvss 8.8epss 0.02

    The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a…