VYPR

CVEs

100,082 total · page 1334 of 2,002

  • CVE-2021-21976HigFeb 11, 2021
    risk 0.47cvss 7.2epss 0.02

    vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution.

  • CVE-2021-21311HigKEVFeb 11, 2021
    risk 0.12cvss 7.2epss 0.90

    Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version…

  • CVE-2021-21063HigFeb 11, 2021
    risk 0.51cvss 7.8epss 0.03

    Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this…

  • CVE-2021-21062HigFeb 11, 2021
    risk 0.51cvss 7.8epss 0.03

    Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this…

  • CVE-2021-21059HigFeb 11, 2021
    risk 0.51cvss 7.8epss 0.03

    Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this…

  • CVE-2021-21058HigFeb 11, 2021
    risk 0.51cvss 7.8epss 0.03

    Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this…

  • CVE-2021-21054HigFeb 11, 2021
    risk 0.51cvss 7.8epss 0.04

    Adobe Illustrator version 25.1 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of…

  • CVE-2021-21053HigFeb 11, 2021
    risk 0.51cvss 7.8epss 0.02

    Adobe Illustrator version 25.1 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of…

  • CVE-2021-21052HigFeb 11, 2021
    risk 0.51cvss 7.8epss 0.04

    Adobe Animate version 21.0.2 (and earlier) is affected by an Out-of-bounds Write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user…

  • CVE-2021-21051HigFeb 11, 2021
    risk 0.51cvss 7.8epss 0.07

    Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted javascript file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the…

  • CVE-2021-21050HigFeb 11, 2021
    risk 0.51cvss 7.8epss 0.03

    Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of…

  • CVE-2021-21049HigFeb 11, 2021
    risk 0.51cvss 7.8epss 0.03

    Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of…

  • CVE-2021-21048HigFeb 11, 2021
    risk 0.51cvss 7.8epss 0.03

    Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by a Memory Corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the…

  • CVE-2021-21047HigFeb 11, 2021
    risk 0.51cvss 7.8epss 0.03

    Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this…

  • CVE-2019-19005HigFeb 11, 2021
    risk 0.44cvss 7.8epss 0.01

    A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via a malformed bitmap image. This may occur after the use-after-free in CVE-2017-9182.

  • CVE-2021-21045HigFeb 11, 2021
    risk 0.53cvss 8.2epss 0.02

    Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper access control vulnerability. An unauthenticated attacker could leverage this vulnerability to elevate privileges in the…

  • CVE-2021-21044HigFeb 11, 2021
    risk 0.51cvss 7.8epss 0.04

    Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker could leverage this vulnerability to…

  • CVE-2021-21041HigFeb 11, 2021
    risk 0.51cvss 7.8epss 0.03

    Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in…

  • CVE-2021-21040HigFeb 11, 2021
    risk 0.51cvss 7.8epss 0.03

    Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in…

  • CVE-2021-21039HigFeb 11, 2021
    risk 0.51cvss 7.8epss 0.03

    Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in…

  • CVE-2021-21038HigFeb 11, 2021
    risk 0.51cvss 7.8epss 0.03

    Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker could leverage this vulnerability to…

  • CVE-2021-21037HigFeb 11, 2021
    risk 0.51cvss 7.8epss 0.03

    Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Path Traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in…

  • CVE-2021-21036HigFeb 11, 2021
    risk 0.51cvss 7.8epss 0.03

    Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Integer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in…

  • CVE-2021-21035HigFeb 11, 2021
    risk 0.58cvss 8.8epss 0.04

    Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in…

  • CVE-2021-21033HigFeb 11, 2021
    risk 0.58cvss 8.8epss 0.04

    Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in…

  • CVE-2021-21030HigFeb 11, 2021
    risk 0.53cvss 8.1epss 0.06

    Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripting (XSS) in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser.…

  • CVE-2021-21028HigFeb 11, 2021
    risk 0.51cvss 8.8epss 0.04

    Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in…

  • CVE-2021-21021HigFeb 11, 2021
    risk 0.58cvss 8.8epss 0.04

    Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in…

  • CVE-2021-21017HigKEVFeb 11, 2021
    risk 0.76cvss 8.8epss 0.86

    Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code…

  • CVE-2021-21015HigFeb 11, 2021
    risk 0.45cvss 8.0epss 0.03

    Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an OS command injection via the customer attribute save controller. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the…

  • CVE-2021-21307HigFeb 11, 2021
    risk 0.10cvss 8.6epss 0.89

    Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or…

  • CVE-2021-27191HigFeb 11, 2021
    risk 0.42cvss 7.5epss 0.02

    The get-ip-range package before 4.0.0 for Node.js is vulnerable to denial of service (DoS) if the range is untrusted input. An attacker could send a large range (such as 128.0.0.0/1) that causes resource exhaustion.

  • CVE-2021-27184HigFeb 11, 2021
    risk 0.49cvss 7.5epss 0.02

    Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability (exploitable via the DTD parameter entities technique), resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered…

  • CVE-2021-25690HigFeb 11, 2021
    risk 0.49cvss 7.5epss 0.01

    A null pointer dereference in Teradici PCoIP Soft Client versions prior to 20.07.3 could allow an attacker to crash the software.

  • CVE-2021-22880HigFeb 11, 2021
    risk 0.49cvss 7.5epss 0.04

    The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too…

  • CVE-2021-22656HigFeb 11, 2021
    risk 0.49cvss 7.5epss 0.03

    Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.

  • CVE-2021-22654HigFeb 11, 2021
    risk 0.50cvss 7.5epss 0.12

    Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.

  • CVE-2021-20188HigFeb 11, 2021
    risk 0.39cvss 7.0epss 0.00

    A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root…

  • CVE-2020-35498HigFeb 11, 2021
    risk 0.49cvss 7.5epss 0.08

    A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The…

  • CVE-2020-25493HigFeb 11, 2021
    risk 0.49cvss 7.5epss 0.01

    Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic.

  • CVE-2021-20405HigFeb 11, 2021
    risk 0.49cvss 7.5epss 0.01

    IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. IBM X-Force ID: 196183.

  • CVE-2021-20403HigFeb 11, 2021
    risk 0.57cvss 8.8epss 0.00

    IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

  • CVE-2020-8027HigFeb 11, 2021
    risk 0.47cvss 7.3epss 0.00

    A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This…

  • CVE-2021-23335HigFeb 11, 2021
    risk 0.49cvss 7.5epss 0.01

    All versions of package is-user-valid are vulnerable to LDAP Injection which can lead to either authentication bypass or information exposure.

  • CVE-2020-27874HigFeb 10, 2021
    risk 0.57cvss 8.8epss 0.02

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat 7.0.18. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists…

  • CVE-2020-27871HigFeb 10, 2021
    risk 0.54cvss 7.2epss 0.90

    This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw…

  • CVE-2021-27186HigFeb 10, 2021
    risk 0.00cvss 7.5epss 0.02

    Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c.

  • CVE-2021-25251HigFeb 10, 2021
    risk 0.47cvss 7.2epss 0.02

    The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. An attacker must already have administrator privileges on the…

  • CVE-2020-28596HigFeb 10, 2021
    risk 0.51cvss 7.8epss 0.01

    A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this…

  • CVE-2020-28595HigFeb 10, 2021
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.