VYPR

CVEs

100,075 total · page 1342 of 2,002

  • CVE-2021-22697HigJan 26, 2021
    risk 0.51cvss 7.8epss 0.03

    A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a use-after-free condition which could result in remote code execution when a malicious SSD file is uploaded and…

  • CVE-2021-21723HigJan 26, 2021
    risk 0.49cvss 7.5epss 0.01

    Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operations, resulting in memory leak, which may eventually lead to device denial of…

  • CVE-2020-9492HigJan 26, 2021
    risk 0.51cvss 8.8epss 0.04

    In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.

  • CVE-2020-8295HigJan 26, 2021
    risk 0.49cvss 7.5epss 0.02

    A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user.

  • CVE-2020-36230HigJan 26, 2021
    risk 0.43cvss 7.5epss 0.12

    A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.

  • CVE-2020-36229HigJan 26, 2021
    risk 0.42cvss 7.5epss 0.04

    A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.

  • CVE-2020-36228HigJan 26, 2021
    risk 0.48cvss 7.5epss 0.83

    An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.

  • CVE-2020-36227HigJan 26, 2021
    risk 0.48cvss 7.5epss 0.78

    A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.

  • CVE-2020-36226HigJan 26, 2021
    risk 0.42cvss 7.5epss 0.04

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.

  • CVE-2020-36225HigJan 26, 2021
    risk 0.42cvss 7.5epss 0.04

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.

  • CVE-2020-36224HigJan 26, 2021
    risk 0.42cvss 7.5epss 0.04

    A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.

  • CVE-2020-36223HigJan 26, 2021
    risk 0.42cvss 7.5epss 0.04

    A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).

  • CVE-2020-36222HigJan 26, 2021
    risk 0.48cvss 7.5epss 0.78

    A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.

  • CVE-2020-36221HigJan 26, 2021
    risk 0.48cvss 7.5epss 0.84

    An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).

  • CVE-2020-36215HigJan 26, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not have bounds on its Send trait or Sync trait, memory corruption can occur.

  • CVE-2020-36213HigJan 26, 2021
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in the abi_stable crate before 0.9.1 for Rust. A retain call can create an invalid UTF-8 string, violating soundness.

  • CVE-2020-36212HigJan 26, 2021
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in the abi_stable crate before 0.9.1 for Rust. DrainFilter lacks soundness because of a double drop.

  • CVE-2020-36211HigJan 26, 2021
    risk 0.39cvss 7.0epss 0.00

    An issue was discovered in the gfwx crate before 0.3.0 for Rust. Because ImageChunkMut does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur.

  • CVE-2020-36210HigJan 26, 2021
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption.

  • CVE-2020-36209HigJan 26, 2021
    risk 0.39cvss 7.0epss 0.00

    An issue was discovered in the late-static crate before 0.4.0 for Rust. Because Sync is implemented for LateStatic with T: Send, a data race can occur.

  • CVE-2020-36208HigJan 26, 2021
    risk 0.44cvss 7.8epss 0.00

    An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption.

  • CVE-2020-36207HigJan 26, 2021
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in the aovec crate through 2020-12-10 for Rust. Because Aovec does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur.

  • CVE-2020-36206HigJan 26, 2021
    risk 0.39cvss 7.0epss 0.00

    An issue was discovered in the rusb crate before 0.7.0 for Rust. Because of a lack of Send and Sync bounds, a data race and memory corruption can occur.

  • CVE-2020-36201HigJan 26, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices.

  • CVE-2020-35845HigJan 26, 2021
    risk 0.51cvss 7.8epss 0.01

    FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x96cf.

  • CVE-2020-35844HigJan 26, 2021
    risk 0.51cvss 7.8epss 0.01

    FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0xbe9c4.

  • CVE-2020-35576HigJan 26, 2021
    risk 0.64cvss 8.8epss 0.42

    A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577.

  • CVE-2020-35239HigJan 26, 2021
    risk 0.57cvss 8.8epss 0.01

    A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP…

  • CVE-2020-29001HigJan 26, 2021
    risk 0.47cvss 7.2epss 0.01

    An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, Geeni GNC-CW025 Doorbell 2.9.5, Merkury MI-CW024 Doorbell 2.9.6, and Merkury MI-CW017 Camera 2.9.6 devices. A vulnerability exists in the RESTful Services API that allows a remote attacker to take full control of the…

  • CVE-2020-29000HigJan 26, 2021
    risk 0.47cvss 7.2epss 0.03

    An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the RTSP service that allows a remote attacker to take full control of the device with a high-privileged account. By sending a crafted message, an attacker is able to remotely deliver a…

  • CVE-2020-28999HigJan 26, 2021
    risk 0.47cvss 7.2epss 0.02

    An issue was discovered in Apexis Streaming Video Web Application on Geeni GNC-CW013 doorbell 1.8.1 devices. A remote attacker can take full control of the camera with a high-privileged account. The vulnerability exists because a static username and password are compiled into a…

  • CVE-2020-28874HigJan 26, 2021
    risk 0.49cvss 7.5epss 0.02

    reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter).

  • CVE-2020-27814HigJan 26, 2021
    risk 0.51cvss 7.8epss 0.02

    A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.

  • CVE-2020-27541HigJan 26, 2021
    risk 0.49cvss 7.5epss 0.01

    Denial of Service vulnerability in Rostelecom CS-C2SHW 5.0.082.1. AgentGreen service has a bug in parsing broadcast discovery UDP packet. Sending a packet of too small size will lead to an attempt of allocating buffer of negative size. As the result service AgentGreen will be…

  • CVE-2020-27288HigJan 26, 2021
    risk 0.51cvss 7.8epss 0.01

    An untrusted pointer dereference has been identified in the way TPEditor(v1.98 and prior) processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.

  • CVE-2020-27284HigJan 26, 2021
    risk 0.51cvss 7.8epss 0.01

    TPEditor (v1.98 and prior) is vulnerable to two out-of-bounds write instances in the way it processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.

  • CVE-2020-27280HigJan 26, 2021
    risk 0.51cvss 7.8epss 0.01

    A use after free issue has been identified in the way ISPSoft(v3.12 and prior) processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution.

  • CVE-2020-25737HigJan 26, 2021
    risk 0.51cvss 7.8epss 0.00

    An elevation of privilege vulnerability exists in Hackolade versions prior 4.2.0 on Windows has an issue in specific deployment scenarios that could allow local users to gain elevated privileges during an uninstall of the application.

  • CVE-2020-25173HigJan 26, 2021
    risk 0.51cvss 7.8epss 0.00

    An attacker with local network access can obtain a fixed cryptography key which may allow for further compromise of Reolink P2P cameras outside of local network access

  • CVE-2020-25169HigJan 26, 2021
    risk 0.49cvss 7.5epss 0.01

    The affected Reolink P2P products do not sufficiently protect data transferred between the local device and Reolink servers. This can allow an attacker to access sensitive information, such as camera feeds.

  • CVE-2020-24549HigJan 26, 2021
    risk 0.57cvss 8.8epss 0.03

    openMAINT before 1.1-2.4.2 allows remote authenticated users to run arbitrary JSP code on the underlying web server.

  • CVE-2020-23826HigJan 26, 2021
    risk 0.58cvss 8.8epss 0.13

    The Yale WIPC-303W 2.21 through 2.31 camera is vulnerable to remote command execution (RCE) through command injection via the HTTP API. NOTE: This may be a duplicate of CVE-2020-10176

  • CVE-2020-23449HigJan 26, 2021
    risk 0.49cvss 7.5epss 0.01

    newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID.

  • CVE-2020-23162HigJan 26, 2021
    risk 0.49cvss 7.5epss 0.01

    Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices before 10.04k allows remote attackers to read a session-file and obtain plain-text user credentials.

  • CVE-2020-23160HigJan 26, 2021
    risk 0.58cvss 8.8epss 0.07

    Remote code execution in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to arbitrary commands as root on the devices.

  • CVE-2020-22643HigJan 26, 2021
    risk 0.47cvss 7.2epss 0.02

    Feehi CMS 2.1.0 is affected by an arbitrary file upload vulnerability, potentially resulting in remote code execution. After an administrator logs in, open the administrator image upload page to potentially upload malicious files.

  • CVE-2020-16236HigJan 26, 2021
    risk 0.51cvss 7.8epss 0.01

    FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code.

  • CVE-2020-0236HigJan 26, 2021
    risk 0.49cvss 7.5epss 0.01

    In A2DP_GetCodecType of a2dp_codec_config, there is a possible out-of-bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android,…

  • CVE-2020-4949HigJan 26, 2021
    risk 0.54cvss 8.2epss 0.05

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025.

  • CVE-2021-21272HigJan 25, 2021
    risk 0.43cvss 7.7epss 0.01

    ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature…