VYPR

CVEs

100,082 total · page 1339 of 2,002

  • CVE-2021-1319HigFeb 4, 2021
    risk 0.47cvss 7.2epss 0.03

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These…

  • CVE-2021-1318HigFeb 4, 2021
    risk 0.47cvss 7.2epss 0.03

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities…

  • CVE-2021-1317HigFeb 4, 2021
    risk 0.47cvss 7.2epss 0.03

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities…

  • CVE-2021-1316HigFeb 4, 2021
    risk 0.47cvss 7.2epss 0.03

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities…

  • CVE-2021-1315HigFeb 4, 2021
    risk 0.47cvss 7.2epss 0.03

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities…

  • CVE-2021-1314HigFeb 4, 2021
    risk 0.47cvss 7.2epss 0.03

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities…

  • CVE-2021-1313HigFeb 4, 2021
    risk 0.56cvss 8.6epss 0.02

    Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details…

  • CVE-2021-1297HigFeb 4, 2021
    risk 0.49cvss 7.5epss 0.04

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be…

  • CVE-2021-1296HigFeb 4, 2021
    risk 0.49cvss 7.5epss 0.04

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be…

  • CVE-2021-1288HigFeb 4, 2021
    risk 0.56cvss 8.6epss 0.02

    Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details…

  • CVE-2021-1268HigFeb 4, 2021
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. The vulnerability exists because the software…

  • CVE-2020-27872HigFeb 4, 2021
    risk 0.57cvss 8.8epss 0.01

    This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on…

  • CVE-2020-28450HigFeb 4, 2021
    risk 0.56cvss 8.6epss 0.02

    This affects all versions of package decal. The vulnerability is in the extend function.

  • CVE-2020-28449HigFeb 4, 2021
    risk 0.56cvss 8.6epss 0.02

    This affects all versions of package decal. The vulnerability is in the set function.

  • CVE-2020-6088HigFeb 4, 2021
    risk 0.49cvss 7.5epss 0.03

    An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An…

  • CVE-2020-27249HigFeb 4, 2021
    risk 0.51cvss 7.8epss 0.01

    A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0004 and…

  • CVE-2020-27248HigFeb 4, 2021
    risk 0.51cvss 7.8epss 0.01

    A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0003 and…

  • CVE-2020-27247HigFeb 4, 2021
    risk 0.51cvss 7.8epss 0.01

    A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0002, an…

  • CVE-2020-14246HigFeb 4, 2021
    risk 0.49cvss 7.5epss 0.01

    HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials.

  • CVE-2020-13586HigFeb 4, 2021
    risk 0.51cvss 7.8epss 0.02

    A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious…

  • CVE-2020-13580HigFeb 4, 2021
    risk 0.57cvss 7.8epss 0.73

    An exploitable heap-based buffer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser to explicitly trust a length from a particular record…

  • CVE-2020-13579HigFeb 4, 2021
    risk 0.57cvss 7.8epss 0.73

    An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an…

  • CVE-2021-25276HigFeb 3, 2021
    risk 0.46cvss 7.1epss 0.00

    In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. An unprivileged Windows user (having access to the server's filesystem) can add an FTP user by copying a…

  • CVE-2021-25275HigFeb 3, 2021
    risk 0.51cvss 7.8epss 0.01

    SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can…

  • CVE-2020-25857HigFeb 3, 2021
    risk 0.49cvss 7.5epss 0.01

    The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for denial…

  • CVE-2020-25856HigFeb 3, 2021
    risk 0.53cvss 8.1epss 0.02

    The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code…

  • CVE-2020-25855HigFeb 3, 2021
    risk 0.53cvss 8.1epss 0.03

    The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution…

  • CVE-2020-25854HigFeb 3, 2021
    risk 0.53cvss 8.1epss 0.03

    The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer…

  • CVE-2020-25853HigFeb 3, 2021
    risk 0.49cvss 7.5epss 0.01

    The function CheckMic() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, _rt_md5_hmac_veneer() or _rt_hmac_sha1_veneer(), resulting in a stack buffer over-read…

  • CVE-2020-17516HigFeb 3, 2021
    risk 0.49cvss 7.5epss 0.02

    Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the…

  • CVE-2021-25776HigFeb 3, 2021
    risk 0.49cvss 7.5epss 0.01

    In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.

  • CVE-2021-25769HigFeb 3, 2021
    risk 0.49cvss 7.5epss 0.02

    In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator wasn't able to access attachments.

  • CVE-2021-25765HigFeb 3, 2021
    risk 0.57cvss 8.8epss 0.01

    In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload was possible.

  • CVE-2021-25758HigFeb 3, 2021
    risk 0.51cvss 7.8epss 0.01

    In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to local code execution.

  • CVE-2020-35667HigFeb 3, 2021
    risk 0.49cvss 7.5epss 0.01

    JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials.

  • CVE-2020-2506HigKEVFeb 3, 2021
    risk 0.60cvss 7.3epss 0.02

    The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP…

  • CVE-2020-28895HigFeb 3, 2021
    risk 0.48cvss 7.3epss 0.01

    In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.

  • CVE-2020-27222HigFeb 3, 2021
    risk 0.49cvss 7.5epss 0.01

    In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. That wrong internal state is set by a previous certificate based DTLS handshake failure with TLS…

  • CVE-2020-29166HigFeb 3, 2021
    risk 0.49cvss 7.5epss 0.02

    PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by file read/manipulation, which can result in remote information disclosure.

  • CVE-2020-29163HigFeb 3, 2021
    risk 0.57cvss 8.8epss 0.01

    PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL injection.

  • CVE-2021-21294HigFeb 2, 2021
    risk 0.42cvss 7.5epss 0.02

    Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections…

  • CVE-2021-21293HigFeb 2, 2021
    risk 0.42cvss 7.5epss 0.02

    blaze is a Scala library for building asynchronous pipelines, with a focus on network IO. All servers running blaze-core before version 0.14.15 are affected by a vulnerability in which unbounded connection acceptance leads to file handle exhaustion. Blaze, accepts connections…

  • CVE-2020-8672HigFeb 2, 2021
    risk 0.51cvss 7.8epss 0.00

    Out of bound read in BIOS firmware for 8th, 9th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 Series Processors may allow an unauthenticated user to potentially enable elevation of privilege or denial of service via local access.

  • CVE-2020-1910HigFeb 2, 2021
    risk 0.51cvss 7.8epss 0.05

    A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially crafted image and sent the resulting image.

  • CVE-2020-14255HigFeb 2, 2021
    risk 0.49cvss 7.5epss 0.01

    HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations.

  • CVE-2021-23271HigFeb 2, 2021
    risk 0.52cvss 8.0epss 0.01

    The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO…

  • CVE-2021-21289HigFeb 2, 2021
    risk 0.41cvss 7.4epss 0.04

    Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versions of mechanize allow for OS commands to be injected using several classes'…

  • CVE-2019-25018HigFeb 2, 2021
    risk 0.49cvss 7.5epss 0.02

    In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client…

  • CVE-2021-25310HigFeb 2, 2021
    risk 0.58cvss 8.8epss 0.05

    The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the ui_language POST parameter to the apply.cgi form endpoint. This occurs…

  • CVE-2020-28495HigFeb 2, 2021
    risk 0.41cvss 7.3epss 0.04

    This affects the package total.js before 3.4.7. The set function can be used to set a value into the object according to the path. However the keys of the path being set are not properly sanitized, leading to a prototype pollution vulnerability. The impact depends on the…