VYPR

CVEs

97,565 total · page 1367 of 1,952

  • CVE-2020-10605HigJul 17, 2020
    risk 0.49cvss 7.5epss 0.01

    Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests for password storage files.

  • CVE-2020-5758HigJul 17, 2020
    risk 0.58cvss 8.8epss 0.04

    Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API.

  • CVE-2020-5756HigJul 17, 2020
    risk 0.57cvss 8.8epss 0.02

    Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router.

  • CVE-2020-15108HigJul 17, 2020
    risk 0.00cvss 7.1epss 0.01

    In glpi before 9.5.1, there is a SQL injection for all usages of "Clone" feature. This has been fixed in 9.5.1.

  • CVE-2020-0228HigJul 17, 2020
    risk 0.49cvss 7.5epss 0.00

    There is an improper configuration of recorder related service. Product: AndroidVersions: Android SoCAndroid ID: A-156333723

  • CVE-2020-0227HigJul 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching from the background, with no additional execution privileges…

  • CVE-2020-0226HigJul 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In createWithSurfaceParent of Client.cpp, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-15816HigJul 17, 2020
    risk 0.57cvss 8.8epss 0.04

    In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables.

  • CVE-2020-0120HigJul 17, 2020
    risk 0.51cvss 7.8epss 0.00

    In notifyErrorForPendingRequests of QCamera3HWI.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-1653HigJul 17, 2020
    risk 0.49cvss 7.5epss 0.02

    On Juniper Networks Junos OS devices, a stream of TCP packets sent to the Routing Engine (RE) may cause mbuf leak which can lead to Flexible PIC Concentrator (FPC) crash or the system to crash and restart (vmcore). This issue can be trigged by IPv4 or IPv6 and it is caused only…

  • CVE-2020-1650HigJul 17, 2020
    risk 0.49cvss 7.5epss 0.01

    On Juniper Networks Junos MX Series with service card configured, receipt of a stream of specific packets may crash the MS-PIC component on MS-MIC or MS-MPC. By continuously sending these specific packets, an attacker can repeatedly bring down MS-PIC on MS-MIC/MS-MPC causing a…

  • CVE-2020-1649HigJul 17, 2020
    risk 0.49cvss 7.5epss 0.01

    When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine (PFE) will become disabled upon receipt of small fragments…

  • CVE-2020-1648HigJul 17, 2020
    risk 0.49cvss 7.5epss 0.01

    On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a routing process daemon (RPD) crash and restart. This issue can occur even before the BGP session with the peer is established. Repeated receipt of this specific BGP packet…

  • CVE-2020-1646HigJul 17, 2020
    risk 0.49cvss 7.5epss 0.01

    On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific UPDATE for an EBGP peer can lead to a routing process daemon (RPD) crash and restart. This issue occurs only when the device is receiving and processing the BGP UPDATE for an EBGP peer. This issue…

  • CVE-2020-1645HigJul 17, 2020
    risk 0.54cvss 8.3epss 0.01

    When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may…

  • CVE-2020-1644HigJul 17, 2020
    risk 0.49cvss 7.5epss 0.01

    On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt of a specific BGP UPDATE packet causes an internal counter to be incremented incorrectly, which over time can lead to the routing protocols process (RPD) crash and restart. This issue affects both IBGP and…

  • CVE-2020-1640HigJul 17, 2020
    risk 0.49cvss 7.5epss 0.01

    An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a Denial of Service (DoS) condition. This framework requires these packets to be…

  • CVE-2020-15813HigJul 17, 2020
    risk 0.00cvss 8.1epss 0.01

    Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stored in LDAP. The connection configuration allows the usage of unencrypted, SSL- or TLS-secured connections. Unfortunately, the Graylog client code (in all…

  • CVE-2020-5131HigJul 17, 2020
    risk 0.51cvss 7.8epss 0.01

    SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 9.0.815…

  • CVE-2020-7826HigJul 17, 2020
    risk 0.57cvss 8.8epss 0.01

    EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow remote files to be download by setting the arguments to the vulnerable method. This can be leveraged for code execution. When the vulnerable method is called, they fail to…

  • CVE-2020-7825HigJul 17, 2020
    risk 0.57cvss 8.8epss 0.02

    A vulnerability exists that could allow the execution of operating system commands on systems running MiPlatform 2019.05.16 and earlier. An attacker could execute arbitrary remote command by sending parameters to WinExec function in ExtCommandApi.dll module of MiPlatform.

  • CVE-2020-4464HigJul 17, 2020
    risk 0.58cvss 8.8epss 0.13

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. IBM X-Force ID: 181489.

  • CVE-2020-7684HigJul 17, 2020
    risk 0.42cvss 7.5epss 0.01

    This affects all versions of package rollup-plugin-serve. There is no path sanitization in readFile operation.

  • CVE-2020-9688HigJul 17, 2020
    risk 0.51cvss 7.8epss 0.05

    Adobe Download Manager version 2.0.0.518 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-9673HigJul 17, 2020
    risk 0.51cvss 7.8epss 0.01

    Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.

  • CVE-2020-9672HigJul 17, 2020
    risk 0.51cvss 7.8epss 0.01

    Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.

  • CVE-2020-9650HigJul 17, 2020
    risk 0.51cvss 7.8epss 0.03

    Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-9646HigJul 17, 2020
    risk 0.51cvss 7.8epss 0.03

    Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-11978HigKEVJul 17, 2020
    risk 0.16cvss 8.8epss 0.99

    An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow…

  • CVE-2020-12015HigJul 16, 2020
    risk 0.49cvss 7.5epss 0.02

    A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC…

  • CVE-2020-12009HigJul 16, 2020
    risk 0.49cvss 7.5epss 0.04

    A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC…

  • CVE-2020-13405HigJul 16, 2020
    risk 0.43cvss 7.5epss 0.14

    userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request.

  • CVE-2020-3405HigJul 16, 2020
    risk 0.48cvss 7.3epss 0.01

    A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when…

  • CVE-2020-3388HigJul 16, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability…

  • CVE-2020-3387HigJul 16, 2020
    risk 0.58cvss 8.8epss 0.14

    A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system. The vulnerability is due to insufficient input sanitization during user authentication processing. An attacker could exploit…

  • CVE-2020-3381HigJul 16, 2020
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system. The vulnerability is due to a lack of…

  • CVE-2020-3380HigJul 16, 2020
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in the CLI of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient restrictions during the…

  • CVE-2020-3379HigJul 16, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by…

  • CVE-2020-3369HigJul 16, 2020
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of FTP traffic. An…

  • CVE-2020-3358HigJul 16, 2020
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisco Small Business RV VPN Routers could allow an unauthenticated, remote attacker to cause the device to unexpectedly restart, causing a denial of service (DoS) condition. The vulnerability is due to a lack of…

  • CVE-2020-3351HigJul 16, 2020
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper validation of fields in Cisco SD-WAN peering messages that are encapsulated in UDP packets. An…

  • CVE-2020-3332HigJul 16, 2020
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. The vulnerability is due to…

  • CVE-2020-3180HigJul 16, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password. This account has root privileges. The vulnerability exists because the affected software has a…

  • CVE-2020-3146HigJul 16, 2020
    risk 0.57cvss 8.8epss 0.03

    Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary code on…

  • CVE-2020-3145HigJul 16, 2020
    risk 0.57cvss 8.8epss 0.02

    Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary code on…

  • CVE-2019-20915HigJul 16, 2020
    risk 0.46cvss 8.1epss 0.01

    An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in bit_write_TF in bits.c.

  • CVE-2019-20913HigJul 16, 2020
    risk 0.46cvss 8.1epss 0.01

    An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in dwg_encode_entity in common_entity_data.spec.

  • CVE-2019-20912HigJul 16, 2020
    risk 0.50cvss 8.8epss 0.01

    An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a stack overflow in bits.c, possibly related to bit_read_TF.

  • CVE-2019-20910HigJul 16, 2020
    risk 0.46cvss 8.1epss 0.01

    An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in decode_R13_R2000 in decode.c, a different vulnerability than CVE-2019-20011.

  • CVE-2019-20909HigJul 16, 2020
    risk 0.42cvss 7.5epss 0.02

    An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_LWPOLYLINE in dwg.spec.