VYPR

CVEs

100,082 total · page 1340 of 2,002

  • CVE-2020-28494HigFeb 2, 2021
    risk 0.49cvss 8.6epss 0.02

    This affects the package total.js before 3.4.7. The issue occurs in the image.pipe and image.stream functions. The type parameter is used to build the command that is then executed using child_process.spawn. The issue occurs because child_process.spawn is called with the option…

  • CVE-2020-24335HigFeb 2, 2021
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in uIP through 1.0, as used in Contiki and Contiki-NG. Domain name parsing lacks bounds checks, allowing an attacker to corrupt memory with crafted DNS packets.

  • CVE-2020-25036HigFeb 2, 2021
    risk 0.57cvss 8.8epss 0.02

    UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to escape the restricted administration shell CLI, and access a shell with admin user rights, via an unprotected less command.

  • CVE-2020-25037HigFeb 2, 2021
    risk 0.53cvss 8.2epss 0.01

    UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with admin user privileges via an escape from a restricted command.

  • CVE-2019-20471HigFeb 1, 2021
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used (123456) for administrative purposes. There is no prompt to change this password. Note that this password can be used in…

  • CVE-2019-20470HigFeb 1, 2021
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the…

  • CVE-2021-21287HigFeb 1, 2021
    risk 0.02cvss 7.7epss 0.25

    MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. The target application may have functionality for importing data from a URL, publishing data…

  • CVE-2020-20290HigFeb 1, 2021
    risk 0.49cvss 7.5epss 0.01

    Directory traversal vulnerability in the yccms 3.3 project. The delete, deletesite, and deleteAll functions' improper judgment of the request parameters, triggers a directory traversal vulnerability.

  • CVE-2021-3283HigFeb 1, 2021
    risk 0.49cvss 7.5epss 0.01

    HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3.

  • CVE-2021-3282HigFeb 1, 2021
    risk 0.42cvss 7.5epss 0.01

    HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.

  • CVE-2021-21286HigFeb 1, 2021
    risk 0.50cvss 7.7epss 0.01

    AVideo Platform is an open-source Audio and Video platform. It is similar to a self-hosted YouTube. In AVideo Platform before version 10.2 there is an authorization bypass vulnerability which enables an ordinary user to get admin control. This is fixed in version 10.2. All…

  • CVE-2020-28426HigFeb 1, 2021
    risk 0.48cvss 7.3epss 0.02

    All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId.

  • CVE-2021-21277HigFeb 1, 2021
    risk 0.48cvss 8.5epss 0.03

    angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call "expressions.compile(userControlledInput)" where…

  • CVE-2020-24271HigFeb 1, 2021
    risk 0.57cvss 8.8epss 0.01

    A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an admin account through index.php?s=/admin/rbacuser/insert/navTabId/rbacuser/callbackType/closeCurrent, then post username=***&password=***.

  • CVE-2021-3348HigFeb 1, 2021
    risk 0.00cvss 7.0epss 0.00

    nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71.

  • CVE-2020-15834HigFeb 1, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The wireless network password is exposed in a QR encoded picture that an unauthenticated adversary can download via the web-management interface.

  • CVE-2020-15832HigFeb 1, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The poof.cgi script contains undocumented code that provides the ability to remotely reboot the device. An adversary with the private key (but not the root password) can remotely reboot the device.

  • CVE-2020-13860HigFeb 1, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password algorithm for the undocumented system account mofidev generates a predictable six-digit password.

  • CVE-2020-13857HigFeb 1, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They can be rebooted by sending an unauthenticated poof.cgi HTTP GET request.

  • CVE-2020-13856HigFeb 1, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. Authentication is not required to download the support file that contains sensitive information such as cleartext credentials and password hashes.

  • CVE-2021-23329HigJan 31, 2021
    risk 0.00cvss 7.5epss 0.02

    The package nested-object-assign before 1.0.4 are vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below.

  • CVE-2020-14418HigJan 30, 2021
    risk 0.46cvss 7.0epss 0.00

    A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving directory junctions.

  • CVE-2021-25646HigJan 29, 2021
    risk 0.68cvss 8.8epss 0.99

    Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an…

  • CVE-2021-25138HigJan 29, 2021
    risk 0.51cvss 7.8epss 0.00

    The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice…

  • CVE-2021-25137HigJan 29, 2021
    risk 0.51cvss 7.8epss 0.00

    The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice…

  • CVE-2021-25136HigJan 29, 2021
    risk 0.51cvss 7.8epss 0.00

    The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice…

  • CVE-2021-25135HigJan 29, 2021
    risk 0.51cvss 7.8epss 0.00

    The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice…

  • CVE-2021-25134HigJan 29, 2021
    risk 0.51cvss 7.8epss 0.00

    The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice…

  • CVE-2021-25133HigJan 29, 2021
    risk 0.51cvss 7.8epss 0.00

    The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice…

  • CVE-2021-25132HigJan 29, 2021
    risk 0.51cvss 7.8epss 0.00

    The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice…

  • CVE-2021-25131HigJan 29, 2021
    risk 0.51cvss 7.8epss 0.00

    The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice…

  • CVE-2021-25130HigJan 29, 2021
    risk 0.51cvss 7.8epss 0.00

    The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice…

  • CVE-2021-25129HigJan 29, 2021
    risk 0.51cvss 7.8epss 0.00

    The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice getvideodata_func…

  • CVE-2021-25128HigJan 29, 2021
    risk 0.51cvss 7.8epss 0.00

    The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice gethelpdata_func…

  • CVE-2021-25127HigJan 29, 2021
    risk 0.51cvss 7.8epss 0.00

    The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice…

  • CVE-2021-25126HigJan 29, 2021
    risk 0.51cvss 7.8epss 0.00

    The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice…

  • CVE-2021-25125HigJan 29, 2021
    risk 0.51cvss 7.8epss 0.00

    The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice…

  • CVE-2021-25124HigJan 29, 2021
    risk 0.51cvss 7.8epss 0.00

    The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice deletevideo_func…

  • CVE-2021-3347HigJan 29, 2021
    risk 0.00cvss 7.8epss 0.01

    An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.

  • CVE-2021-3345HigJan 29, 2021
    risk 0.51cvss 7.8epss 0.01

    _gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later.

  • CVE-2021-20586HigJan 29, 2021
    risk 0.49cvss 7.5epss 0.03

    Resource management errors vulnerability in a robot controller of MELFA FR Series(controller "CR800-*V*D" of RV-*FR***-D-* all versions, controller "CR800-*HD" of RH-*FRH***-D-* all versions, controller "CR800-*HRD" of RH-*FRHR***-D-* all versions, controller "CR800-*V*R with…

  • CVE-2021-25910HigJan 29, 2021
    risk 0.52cvss 8.0epss 0.00

    Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an authenticated user.

  • CVE-2021-25909HigJan 29, 2021
    risk 0.56cvss 8.6epss 0.01

    ZIV Automation 4CCT-EA6-334126BF firmware version 3.23.80.27.36371, allows an unauthenticated, remote attacker to cause a denial of service condition on the device. An attacker could exploit this vulnerability by sending specific packets to the port 7919.

  • CVE-2021-25123HigJan 29, 2021
    risk 0.51cvss 7.8epss 0.00

    The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice…

  • CVE-2021-3176HigJan 29, 2021
    risk 0.52cvss 8.0epss 0.01

    The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.15 and 7.x before 7.1.2 could allow an attacker to gain access to user information by sending certain code, due to improper input validation of http links. A successful exploit could allow…

  • CVE-2020-35145HigJan 29, 2021
    risk 0.51cvss 7.8epss 0.01

    Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue.

  • CVE-2020-29005HigJan 29, 2021
    risk 0.49cvss 7.5epss 0.01

    The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure.

  • CVE-2020-29004HigJan 29, 2021
    risk 0.57cvss 8.8epss 0.01

    The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.

  • CVE-2020-28405HigJan 29, 2021
    risk 0.57cvss 8.8epss 0.02

    An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to change the privileges of any user of the application. This can be used to grant himself the administrative role or remove all administrative…

  • CVE-2020-28403HigJan 29, 2021
    risk 0.52cvss 8.0epss 0.01

    A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an attacker to change the privileges of any user of the application. This can be used to grant himself administrative role or remove the administrative account…