VYPR

CVEs

100,075 total · page 1343 of 2,002

  • CVE-2020-17532HigJan 25, 2021
    risk 0.50cvss 8.8epss 0.03

    When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5

  • CVE-2020-12525HigJan 22, 2021
    risk 0.48cvss 7.3epss 0.01

    M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.

  • CVE-2020-12513HigJan 22, 2021
    risk 0.51cvss 7.5epss 0.31

    Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.

  • CVE-2020-12512HigJan 22, 2021
    risk 0.49cvss 7.5epss 0.01

    Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting

  • CVE-2020-12511HigJan 22, 2021
    risk 0.57cvss 8.8epss 0.01

    Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.

  • CVE-2021-21260HigJan 22, 2021
    risk 0.49cvss 7.6epss 0.01

    Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a stored XSS which can enables an attacker takeover of the admin account through a payload…

  • CVE-2021-21259HigJan 22, 2021
    risk 0.00cvss 7.4epss 0.01

    HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker can inject arbitrary JavaScript into a HedgeDoc note, which is executed when the note is viewed in slide mode. Depending on the…

  • CVE-2020-4766HigJan 22, 2021
    risk 0.49cvss 7.5epss 0.01

    IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. IBM X-Force ID: 188093.

  • CVE-2021-22847HigJan 22, 2021
    risk 0.57cvss 8.8epss 0.02

    Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege.

  • CVE-2020-26295HigJan 21, 2021
    risk 0.00cvss 8.7epss 0.02

    OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions…

  • CVE-2020-26285HigJan 21, 2021
    risk 0.00cvss 8.7epss 0.03

    OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was…

  • CVE-2020-3685HigJan 21, 2021
    risk 0.49cvss 7.5epss 0.01

    Pointer variable which is freed is not cleared can result in memory corruption and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice…

  • CVE-2020-11217HigJan 21, 2021
    risk 0.51cvss 7.8epss 0.00

    A possible double free or invalid memory access in audio driver while reading Speaker Protection parameters in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

  • CVE-2020-11214HigJan 21, 2021
    risk 0.49cvss 7.5epss 0.01

    Buffer over-read while processing NDL attribute if attribute length is larger than expected and then FW is treating it as more number of immutable schedules in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon…

  • CVE-2020-11200HigJan 21, 2021
    risk 0.49cvss 7.5epss 0.01

    Buffer over-read while parsing RPS due to lack of check of input validation on values received from user side. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

  • CVE-2020-11185HigJan 21, 2021
    risk 0.51cvss 7.8epss 0.00

    Out of bound issue in WLAN driver while processing vdev responses from firmware due to lack of validation of data received from firmware in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure…

  • CVE-2020-11181HigJan 21, 2021
    risk 0.51cvss 7.8epss 0.00

    Out of bound access issue while handling cvp process control command due to improper validation of buffer pointer received from HLOS in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

  • CVE-2020-11180HigJan 21, 2021
    risk 0.51cvss 7.8epss 0.00

    Out of bound access in computer vision control due to improper validation of command length before processing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

  • CVE-2020-11179HigJan 21, 2021
    risk 0.46cvss 7.0epss 0.00

    Arbitrary read and write to kernel addresses by temporarily overwriting ring buffer pointer and creating a race condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &…

  • CVE-2020-11146HigJan 21, 2021
    risk 0.51cvss 7.8epss 0.00

    Out of bound write while copying data using IOCTL due to lack of check of array index received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon…

  • CVE-2020-11145HigJan 21, 2021
    risk 0.49cvss 7.5epss 0.01

    Divide by zero issue can happen while updating delta extension header due to improper validation of master SN and extension header SN in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon…

  • CVE-2020-11139HigJan 21, 2021
    risk 0.49cvss 7.5epss 0.01

    Out of bound memory access while processing frames due to lack of check of invalid frames received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music,…

  • CVE-2020-11119HigJan 21, 2021
    risk 0.49cvss 7.5epss 0.01

    Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial…

  • CVE-2021-1068HigJan 20, 2021
    risk 0.51cvss 7.8epss 0.00

    NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVDEC component, in which an attacker can read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or escalation of privileges.

  • CVE-2020-26252HigJan 20, 2021
    risk 0.00cvss 8.7epss 0.02

    OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable…

  • CVE-2021-1248HigJan 20, 2021
    risk 0.57cvss 8.8epss 0.02

    Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details section of…

  • CVE-2021-1247HigJan 20, 2021
    risk 0.57cvss 8.8epss 0.02

    Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details section of…

  • CVE-2021-1241HigJan 20, 2021
    risk 0.56cvss 8.6epss 0.01

    Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

  • CVE-2021-1222HigJan 20, 2021
    risk 0.53cvss 8.1epss 0.01

    A vulnerability in the web-based management interface of Cisco Smart Software Manager Satellite could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly…

  • CVE-2021-1219HigJan 20, 2021
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could…

  • CVE-2021-1305HigJan 20, 2021
    risk 0.57cvss 8.8epss 0.01

    Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information…

  • CVE-2021-1304HigJan 20, 2021
    risk 0.57cvss 8.8epss 0.02

    Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information…

  • CVE-2021-1303HigJan 20, 2021
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An attacker could exploit…

  • CVE-2021-1302HigJan 20, 2021
    risk 0.57cvss 8.8epss 0.02

    Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information…

  • CVE-2021-1299HigJan 20, 2021
    risk 0.57cvss 8.8epss 0.02

    Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these…

  • CVE-2021-1298HigJan 20, 2021
    risk 0.57cvss 8.8epss 0.02

    Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these…

  • CVE-2021-1280HigJan 20, 2021
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the loading mechanism of specific DLLs of Cisco Advanced Malware Protection (AMP) for Endpoints for Windows and Immunet for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker…

  • CVE-2021-1279HigJan 20, 2021
    risk 0.56cvss 8.6epss 0.01

    Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

  • CVE-2021-1278HigJan 20, 2021
    risk 0.56cvss 8.6epss 0.02

    Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

  • CVE-2021-1277HigJan 20, 2021
    risk 0.49cvss 7.5epss 0.00

    Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate…

  • CVE-2021-1276HigJan 20, 2021
    risk 0.49cvss 7.5epss 0.00

    Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate…

  • CVE-2021-1274HigJan 20, 2021
    risk 0.56cvss 8.6epss 0.02

    Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

  • CVE-2021-1273HigJan 20, 2021
    risk 0.56cvss 8.6epss 0.01

    Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

  • CVE-2021-1272HigJan 20, 2021
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. This vulnerability is due to…

  • CVE-2021-1263HigJan 20, 2021
    risk 0.51cvss 7.8epss 0.01

    Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these…

  • CVE-2021-1262HigJan 20, 2021
    risk 0.51cvss 7.8epss 0.01

    Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these…

  • CVE-2021-1261HigJan 20, 2021
    risk 0.51cvss 7.8epss 0.01

    Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these…

  • CVE-2021-1260HigJan 20, 2021
    risk 0.51cvss 7.8epss 0.01

    Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these…

  • CVE-2021-1257HigJan 20, 2021
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness…

  • CVE-2020-27859HigJan 20, 2021
    risk 0.49cvss 7.5epss 0.03

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetEuaLogDownloadAction class. The issue results…