VYPR

CVEs

97,194 total · page 1347 of 1,944

  • CVE-2020-5918HigAug 26, 2020
    risk 0.49cvss 7.5epss 0.01

    In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management Microkernel (TMM) may stop responding when processing Stream Control Transmission Protocol (SCTP) traffic when traffic volume is…

  • CVE-2020-5914HigAug 26, 2020
    risk 0.49cvss 7.5epss 0.01

    In BIG-IP ASM versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, undisclosed server cookie scenario may cause BD to restart under some circumstances.

  • CVE-2020-5913HigAug 26, 2020
    risk 0.48cvss 7.4epss 0.01

    In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Client or Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts SSL/TLS connections and may result in a man-in-the-middle…

  • CVE-2020-5912HigAug 26, 2020
    risk 0.46cvss 7.1epss 0.00

    In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the restjavad process's dump command does not follow current best coding practices and may overwrite arbitrary files.

  • CVE-2020-16251HigAug 26, 2020
    risk 0.54cvss 8.2epss 0.03

    HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.

  • CVE-2020-16250HigAug 26, 2020
    risk 0.53cvss 8.2epss 0.01

    HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1..

  • CVE-2020-15484HigAug 26, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Nescomed Multipara Monitor M1000 devices. The internal storage of the underlying Linux system stores data in cleartext, without integrity protection against tampering.

  • CVE-2020-13410HigAug 26, 2020
    risk 0.42cvss 7.5epss 0.02

    An issue was discovered in MoscaJS Aedes 0.42.0. lib/write.js does not properly consider exceptions during the writing of an invalid packet to a stream.

  • CVE-2020-24315HigAug 26, 2020
    risk 0.49cvss 7.5epss 0.02

    Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database.

  • CVE-2020-24312HigAug 26, 2020
    risk 0.50cvss 7.5epss 0.16

    mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the…

  • CVE-2019-14904HigAug 26, 2020
    risk 0.40cvss 7.3epss 0.00

    A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw…

  • CVE-2020-15777HigAug 25, 2020
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. The extension uses a socket connection to send serialized Java objects. Deserialization is not restricted to an allow-list, thus allowing an attacker to achieve code execution via a malicious…

  • CVE-2020-17404HigAug 25, 2020
    risk 0.51cvss 7.8epss 0.05

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2020-17403HigAug 25, 2020
    risk 0.51cvss 7.8epss 0.05

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2020-17400HigAug 25, 2020
    risk 0.57cvss 8.8epss 0.01

    This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists…

  • CVE-2020-17399HigAug 25, 2020
    risk 0.57cvss 8.8epss 0.01

    This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists…

  • CVE-2020-17397HigAug 25, 2020
    risk 0.53cvss 8.2epss 0.00

    This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw…

  • CVE-2020-17396HigAug 25, 2020
    risk 0.57cvss 8.8epss 0.01

    This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists…

  • CVE-2020-17395HigAug 25, 2020
    risk 0.53cvss 8.2epss 0.00

    This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw…

  • CVE-2020-17392HigAug 25, 2020
    risk 0.57cvss 8.8epss 0.01

    This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw…

  • CVE-2020-17390HigAug 25, 2020
    risk 0.57cvss 8.8epss 0.01

    This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw…

  • CVE-2020-17389HigAug 25, 2020
    risk 0.58cvss 8.8epss 0.10

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists…

  • CVE-2020-17388HigAug 25, 2020
    risk 0.58cvss 8.8epss 0.08

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists…

  • CVE-2020-17387HigAug 25, 2020
    risk 0.58cvss 8.8epss 0.10

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists…

  • CVE-2020-15645HigAug 25, 2020
    risk 0.58cvss 8.8epss 0.11

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists…

  • CVE-2020-15644HigAug 25, 2020
    risk 0.58cvss 8.8epss 0.09

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists…

  • CVE-2020-15643HigAug 25, 2020
    risk 0.62cvss 8.8epss 0.59

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists…

  • CVE-2020-15642HigAug 25, 2020
    risk 0.58cvss 8.8epss 0.07

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The…

  • CVE-2020-15641HigAug 25, 2020
    risk 0.49cvss 7.5epss 0.03

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the…

  • CVE-2020-15640HigAug 25, 2020
    risk 0.49cvss 7.5epss 0.03

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the…

  • CVE-2020-24616HigAug 25, 2020
    risk 0.46cvss 8.1epss 0.09

    FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).

  • CVE-2020-24614HigAug 25, 2020
    risk 0.57cvss 8.8epss 0.03

    Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository.

  • CVE-2020-14522HigAug 25, 2020
    risk 0.49cvss 7.5epss 0.01

    Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition.

  • CVE-2020-14512HigAug 25, 2020
    risk 0.53cvss 8.1epss 0.01

    GateManager versions prior to 9.2c, The affected product uses a weak hash type, which may allow an attacker to view user passwords.

  • CVE-2020-14508HigAug 25, 2020
    risk 0.53cvss 8.1epss 0.02

    GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition.

  • CVE-2020-17385HigAug 25, 2020
    risk 0.49cvss 7.5epss 0.02

    Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system.

  • CVE-2020-17384HigAug 25, 2020
    risk 0.47cvss 7.2epss 0.02

    Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system.

  • CVE-2020-24572HigAug 24, 2020
    risk 0.01cvss 8.8epss 0.07

    An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS (Raspberry Pi) running this software, and execute commands on the system…

  • CVE-2020-7377HigAug 24, 2020
    risk 0.53cvss 8.1epss 0.01

    The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run…

  • CVE-2020-7376HigAug 24, 2020
    risk 0.46cvss 7.1epss 0.01

    The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a…

  • CVE-2020-24364HigAug 24, 2020
    risk 0.57cvss 8.8epss 0.03

    MineTime through 1.8.5 allows arbitrary command execution via the notes field in a meeting. Could lead to RCE via meeting invite.

  • CVE-2020-7705HigAug 24, 2020
    risk 0.46cvss 7.1epss 0.01

    This affects the package MintegralAdSDK from 0.0.0. The SDK distributed by the company contains malicious functionality that tracks any URL opened by the app and reports it back to the company, along with performing advertisement attribution fraud. Mintegral can remotely…

  • CVE-2020-24606HigAug 24, 2020
    risk 0.56cvss 8.6epss 0.05

    Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists…

  • CVE-2020-4587HigAug 24, 2020
    risk 0.51cvss 7.8epss 0.00

    IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578.

  • CVE-2020-14044HigAug 24, 2020
    risk 0.47cvss 7.2epss 0.03

    ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This…

  • CVE-2020-14043HigAug 24, 2020
    risk 0.57cvss 8.8epss 0.02

    ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. The request to download a plugin from the marketplace is only available to admin users and it isn't CSRF protected in…

  • CVE-2020-7831HigAug 24, 2020
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory via directory traversal for automatic execution. The victim user need to reboot, however.

  • CVE-2020-19891HigAug 24, 2020
    risk 0.47cvss 7.2epss 0.01

    DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $_POST['updatefile'] is filename and $_POST['tinymce_content'] is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get…

  • CVE-2020-19889HigAug 24, 2020
    risk 0.57cvss 8.8epss 0.01

    DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user.

  • CVE-2020-19886HigAug 24, 2020
    risk 0.53cvss 8.1epss 0.00

    DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcms_pid=-80&deletemenu=9 can delete any menu.