VYPR

CVEs

100,082 total · page 1336 of 2,002

  • CVE-2021-23878HigFeb 10, 2021
    risk 0.47cvss 7.3epss 0.01

    Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and credentials via accessing process memory after the ENS administrator has performed…

  • CVE-2021-26958HigFeb 9, 2021
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::cast_event uses std::mem::transmute to return a reference to an arbitrary type.

  • CVE-2021-26953HigFeb 9, 2021
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in the postscript crate before 0.14.0 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via a user-provided Read implementation.

  • CVE-2021-26952HigFeb 9, 2021
    risk 0.42cvss 7.5epss 0.02

    An issue was discovered in the ms3d crate before 0.1.3 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via IoReader::read.

  • CVE-2020-26194HigFeb 9, 2021
    risk 0.46cvss 7.0epss 0.00

    Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability. This may allow a non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to exploit the vulnerability, leading to…

  • CVE-2020-26193HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.00

    Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege may exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the…

  • CVE-2020-26192HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.00

    Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege escalation vulnerability. A non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH may potentially exploit this vulnerability to read arbitrary data, tamper with system software or deny service…

  • CVE-2020-26191HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.00

    Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. A user with ISI_PRIV_JOB_ENGINE may use the PermissionRepair job to grant themselves the highest level of RBAC privileges thus being able to read arbitrary data, tamper with system…

  • CVE-2021-21475HigFeb 9, 2021
    risk 0.49cvss 7.5epss 0.02

    Under specific circumstances SAP Master Data Management, versions - 710, 710.750, allows an unauthorized attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file…

  • CVE-2021-21472HigFeb 9, 2021
    risk 0.57cvss 8.8epss 0.01

    SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Management Server 7.1) does not have an option to set password during its installation, this allows an authenticated attacker to perform various security attacks like Directory Traversal, Password Brute force…

  • CVE-2021-26551HigFeb 9, 2021
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in SmartFoxServer 2.17.0. An attacker can execute arbitrary Python code, and bypass the javashell.py protection mechanism, by creating /config/ConsoleModuleUnlock.txt and editing /config/admin/admintool.xml to enable the Console module.

  • CVE-2021-3191HigFeb 9, 2021
    risk 0.57cvss 8.8epss 0.04

    Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows Remote Unauthorized Access for T0320L01^ABY and T0320L01^ACD, T0952L01^AAR through T0952L01^AAX, and T0986L01^AAD through T0986L01^AAJ (L) and T0320H01^ABW through T0320H01^ACC, T0952H01^AAQ through…

  • CVE-2020-18215HigFeb 9, 2021
    risk 0.57cvss 8.8epss 0.02

    Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.php via the (1) ad_id, (2) menu_id, and (3) cashout_id parameters, which could let a remote malicious user execute arbitrary code.

  • CVE-2020-35942HigFeb 9, 2021
    risk 0.57cvss 8.8epss 0.01

    A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS. (It is possible to bypass CSRF protection by simply not including a…

  • CVE-2020-28392HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been identified in SIMARIS configuration (All versions < V4.0.1). During installation to default target folder, incorrect permissions are configured for the application folder and subfolders which could allow an attacker to gain persistence or potentially…

  • CVE-2020-27857HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2020-27856HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.03

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The…

  • CVE-2020-27855HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.03

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The…

  • CVE-2020-17436HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.03

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The…

  • CVE-2020-17435HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.03

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The…

  • CVE-2020-17434HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.03

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The…

  • CVE-2020-17433HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.03

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The…

  • CVE-2020-17432HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.03

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The…

  • CVE-2020-17431HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2020-17430HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2020-17429HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.03

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The…

  • CVE-2020-17427HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2020-17426HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2020-17425HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2020-17424HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2020-17423HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2020-17421HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2020-17419HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2020-17418HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2021-22663HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.01

    Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute code in the context of the current process.

  • CVE-2020-27006HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.01

    A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PCT files. This could result in a memory corruption condition. An…

  • CVE-2020-27005HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.01

    A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could result in an out of bounds write past the end of…

  • CVE-2020-27003HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.01

    A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing TIFF files. This could lead to pointer dereferences of a value obtained…

  • CVE-2020-27002HigFeb 9, 2021
    risk 0.46cvss 7.1epss 0.01

    A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an…

  • CVE-2020-27001HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.01

    A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An…

  • CVE-2020-27000HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.01

    A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing BMP files. This can result in a memory corruption condition. An attacker…

  • CVE-2020-26999HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.01

    A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an…

  • CVE-2020-25245HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been identified in DIGSI 4 (All versions < V4.94 SP1 HF 1). Several folders in the %PATH% are writeable by normal users. As these folders are included in the search for dlls, an attacker could place dlls there with code executed by SYSTEM.

  • CVE-2020-25238HigFeb 9, 2021
    risk 0.51cvss 7.8epss 0.01

    A vulnerability has been identified in PCS neo (Administration Console) (All versions < V3.1), TIA Portal (V15, V15.1 and V16). Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be…

  • CVE-2020-25237HigFeb 9, 2021
    risk 0.54cvss 8.1epss 0.21

    A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions < V14.0 SP2 Update 2). When uploading files to an affected system using a zip container, the system does not correctly check if the relative file path of the…

  • CVE-2021-26675HigFeb 9, 2021
    risk 0.00cvss 8.8epss 0.01

    A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.

  • CVE-2021-21148HigKEVFeb 9, 2021
    risk 0.71cvss 8.8epss 0.20

    Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-3394HigFeb 9, 2021
    risk 0.61cvss 8.8epss 0.06

    Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.39.28.3342, and 13.39.146.1 has insecure folder permissions allowing a malicious user for a local privilege escalation.

  • CVE-2021-21145HigFeb 9, 2021
    risk 0.57cvss 8.8epss 0.01

    Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2021-21144HigFeb 9, 2021
    risk 0.57cvss 8.8epss 0.01

    Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.