VYPR

CVEs

97,194 total · page 1351 of 1,944

  • CVE-2020-1480HigAug 17, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view,…

  • CVE-2020-1479HigAug 17, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create…

  • CVE-2020-1478HigAug 17, 2020
    risk 0.51cvss 7.8epss 0.03

    A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are…

  • CVE-2020-1477HigAug 17, 2020
    risk 0.46cvss 7.0epss 0.03

    A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are…

  • CVE-2020-1475HigAug 17, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could…

  • CVE-2020-1474HigAug 17, 2020
    risk 0.51cvss 7.8epss 0.01

    An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit…

  • CVE-2020-1473HigAug 17, 2020
    risk 0.46cvss 7.0epss 0.03

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by…

  • CVE-2020-1470HigAug 17, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to…

  • CVE-2020-1466HigAug 17, 2020
    risk 0.51cvss 7.8epss 0.04

    A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RD Gateway service on…

  • CVE-2020-1464HigKEVAug 17, 2020
    risk 0.66cvss 7.8epss 0.41

    A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features…

  • CVE-2020-1459HigAug 17, 2020
    risk 0.49cvss 7.5epss 0.04

    An information disclosure vulnerability exists on ARM implementations that use speculative execution in control flow via a side-channel analysis, aka "straight-line speculation." To exploit this vulnerability, an attacker with local privileges would need to run a…

  • CVE-2020-1380HigKEVAug 17, 2020
    risk 0.65cvss 7.8epss 0.24

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker…

  • CVE-2020-1378HigAug 17, 2020
    risk 0.49cvss 7.5epss 0.04

    An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit…

  • CVE-2020-1377HigAug 17, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit…

  • CVE-2020-1339HigAug 17, 2020
    risk 0.51cvss 7.8epss 0.03

    A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as…

  • CVE-2020-1337HigAug 17, 2020
    risk 0.55cvss 7.8epss 0.14

    An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could…

  • CVE-2020-1182HigAug 17, 2020
    risk 0.48cvss 7.3epss 0.03

    A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim server. An…

  • CVE-2020-1046HigAug 17, 2020
    risk 0.51cvss 7.8epss 0.04

    A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. To exploit the vulnerability, an attacker would need to be able to upload a specially…

  • CVE-2020-0604HigAug 17, 2020
    risk 0.51cvss 7.8epss 0.04

    A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged…

  • CVE-2020-3433HigKEVAug 17, 2020
    risk 0.73cvss 7.8epss 0.10

    A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials…

  • CVE-2020-3411HigAug 17, 2020
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this…

  • CVE-2020-3363HigAug 17, 2020
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of…

  • CVE-2020-24372HigAug 17, 2020
    risk 0.49cvss 7.5epss 0.01

    LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in lj_err.c.

  • CVE-2020-24369HigAug 17, 2020
    risk 0.00cvss 7.5epss 0.02

    ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference.

  • CVE-2020-24220HigAug 17, 2020
    risk 0.57cvss 8.8epss 0.02

    ShopXO v1.8.1 has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands and gain control of the server.

  • CVE-2020-9241HigAug 17, 2020
    risk 0.46cvss 7.0epss 0.00

    Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00),10.0.3.1(H563SP21C233) have an improper authorization vulnerability. The device does not restrict certain data received from WAN port. Successful exploit could allow an attacker at WAN side to manage certain…

  • CVE-2020-8233HigAug 17, 2020
    risk 0.58cvss 8.8epss 0.04

    A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.

  • CVE-2020-8210HigAug 17, 2020
    risk 0.49cvss 7.5epss 0.02

    Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 discloses credentials of a service account.

  • CVE-2020-8209HigAug 17, 2020
    risk 0.53cvss 7.5epss 0.49

    Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.

  • CVE-2020-13122HigAug 17, 2020
    risk 0.58cvss 8.8epss 0.07

    The novish command-line interface, included in NoviFlow NoviWare before NW500.2.12 and deployed on NoviSwitch devices, is vulnerable to command injection in the "show status destination ipaddr" command. This could be used by a read-only user (monitoring group) or admin to…

  • CVE-2020-9242HigAug 17, 2020
    risk 0.57cvss 8.8epss 0.01

    FusionCompute 8.0.0 have a command injection vulnerability. The software does not sufficiently validate certain parameters post from user, successful exploit could allow an authenticated attacker to launch a command injection attack.

  • CVE-2020-4686HigAug 17, 2020
    risk 0.53cvss 8.1epss 0.02

    IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678.

  • CVE-2020-13941HigAug 17, 2020
    risk 0.58cvss 8.8epss 0.04

    Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and…

  • CVE-2020-17475HigAug 14, 2020
    risk 0.49cvss 7.5epss 0.01

    Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.

  • CVE-2020-15694HigAug 14, 2020
    risk 0.49cvss 7.5epss 0.02

    In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength() does not raise any error if a malicious server provides a negative Content-Length.

  • CVE-2020-9767HigAug 14, 2020
    risk 0.51cvss 7.8epss 0.01

    A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated privileges to elevate their system privileges as well through use of a…

  • CVE-2020-15142HigAug 14, 2020
    risk 0.45cvss 8.0epss 0.02

    In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution.

  • CVE-2020-7583HigAug 14, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0.8). The application does not properly validate the users' privileges when executing some operations, which could allow a user with low…

  • CVE-2020-22722HigAug 14, 2020
    risk 0.51cvss 7.8epss 0.00

    Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious .exe file in the application and renaming it ScadaAgentSvc.exe, which would…

  • CVE-2020-22721HigAug 14, 2020
    risk 0.51cvss 7.8epss 0.00

    A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8.1.2 allows a local attacker to execute arbitrary code via the Miscellaneous " External Programs by uploading the malicious .exe file to the external program.

  • CVE-2020-9228HigAug 14, 2020
    risk 0.49cvss 7.5epss 0.01

    FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information.

  • CVE-2020-17462HigAug 14, 2020
    risk 0.51cvss 7.8epss 0.01

    CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798.

  • CVE-2019-19643HigAug 14, 2020
    risk 0.49cvss 7.5epss 0.01

    ise smart connect KNX Vaillant 1.2.839 contain a Denial of Service.

  • CVE-2020-16205HigAug 14, 2020
    risk 0.55cvss 7.2epss 0.60

    Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5).

  • CVE-2020-4662HigAug 14, 2020
    risk 0.57cvss 8.8epss 0.01

    IBM Event Streams 10.0.0 could allow an authenticated user to perform tasks to a schema due to improper authentication validation. IBM X-Force ID: 186233.

  • CVE-2019-20383HigAug 13, 2020
    risk 0.51cvss 7.8epss 0.00

    ABBYY network license server in ABBYY FineReader 15 before Release 4 (aka 15.0.112.2130) allows escalation of privileges by local users via manipulations involving files and using symbolic links.

  • CVE-2020-7360HigAug 13, 2020
    risk 0.48cvss 7.4epss 0.00

    An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in…

  • CVE-2020-24346HigAug 13, 2020
    risk 0.51cvss 7.8epss 0.01

    njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c.

  • CVE-2020-24345HigAug 13, 2020
    risk 0.51cvss 7.8epss 0.01

    JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse("[]",a). NOTE: the vendor states that the problem is the lack of the --stack-limit option

  • CVE-2020-24344HigAug 13, 2020
    risk 0.46cvss 7.1epss 0.01

    JerryScript through 2.3.0 has a (function({a=arguments}){const arguments}) buffer over-read.