VYPR

CVEs

100,081 total · page 1371 of 2,002

  • CVE-2020-11205HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    u'Possible integer overflow to heap overflow while processing command due to lack of check of packet length received' in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile in QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155P, SA8195P, SDX55M, SM8250, SM8350,…

  • CVE-2020-11202HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.02

    Buffer overflow/underflow occurs when typecasting the buffer passed by CPU internally in the library which is not aligned with the actual size of the structure' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in…

  • CVE-2020-11201HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.02

    Arbitrary access to DSP memory due to improper check in loaded library for data received from CPU side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P,…

  • CVE-2020-11175HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    u'Use after free issue in Bluetooth transport driver when a method in the object is accessed after the object has been deleted due to improper timer handling.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,…

  • CVE-2020-11132HigNov 12, 2020
    risk 0.46cvss 7.1epss 0.00

    u'Buffer over read in boot due to size check ignored before copying GUID attribute from request to response' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure…

  • CVE-2020-11131HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    u'Possible buffer overflow in WMA message processing due to integer overflow occurs when processing command received from user space' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8053,…

  • CVE-2020-11130HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    u'Possible buffer overflow in WIFI hal process due to copying data without checking the buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X,…

  • CVE-2020-11127HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of security metadata while processing objects to be loaded' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial…

  • CVE-2020-11121HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    u'Possible buffer overflow in WIFI hal process due to usage of memcpy without checking length of destination buffer' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155,…

  • CVE-2020-7769HigNov 12, 2020
    risk 0.49cvss 8.6epss 0.02

    This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails.

  • CVE-2020-26070HigNov 12, 2020
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due…

  • CVE-2020-2050HigNov 12, 2020
    risk 0.53cvss 8.2epss 0.01

    An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. A remote attacker can successfully authenticate as any user and…

  • CVE-2020-2022HigNov 12, 2020
    risk 0.49cvss 7.5epss 0.01

    An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panorama administrator performs a context switch into that device. This vulnerability…

  • CVE-2020-2000HigNov 12, 2020
    risk 0.47cvss 7.2epss 0.03

    An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. This issue impacts: PAN-OS 8.1…

  • CVE-2020-5992HigNov 11, 2020
    risk 0.51cvss 7.8epss 0.00

    NVIDIA GeForce NOW application software on Windows, all versions prior to 2.0.25.119, contains a vulnerability in its open-source software dependency in which the OpenSSL library is vulnerable to binary planting attacks by a local user, which may lead to code execution or…

  • CVE-2020-26221HigNov 11, 2020
    risk 0.52cvss 8.0epss 0.01

    touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing…

  • CVE-2020-26218HigNov 11, 2020
    risk 0.55cvss 8.0epss 0.02

    touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting. The vulnerability allows an attacker to inject HTML payloads which could result in defacement, user redirection to a malicious webpage/website etc. The issue is patched in version 2.0.

  • CVE-2020-15275HigNov 11, 2020
    risk 0.50cvss 8.7epss 0.02

    MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly…

  • CVE-2020-27524HigNov 11, 2020
    risk 0.46cvss 7.1epss 0.01

    On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may lead to memory content leaks and potentially crash the services.

  • CVE-2020-27523HigNov 11, 2020
    risk 0.49cvss 7.5epss 0.02

    Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which…

  • CVE-2020-4685HigNov 11, 2020
    risk 0.47cvss 7.2epss 0.01

    A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of…

  • CVE-2020-7768HigNov 11, 2020
    risk 0.00cvss 7.5epss 0.04

    The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition.

  • CVE-2020-7329HigNov 11, 2020
    risk 0.47cvss 7.2epss 0.02

    Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully constructed XML files loaded by an ePO administrator.

  • CVE-2020-7328HigNov 11, 2020
    risk 0.47cvss 7.2epss 0.02

    External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has…

  • CVE-2020-17110HigNov 11, 2020
    risk 0.51cvss 7.8epss 0.04

    HEVC Video Extensions Remote Code Execution Vulnerability

  • CVE-2020-17109HigNov 11, 2020
    risk 0.51cvss 7.8epss 0.04

    HEVC Video Extensions Remote Code Execution Vulnerability

  • CVE-2020-17108HigNov 11, 2020
    risk 0.51cvss 7.8epss 0.04

    HEVC Video Extensions Remote Code Execution Vulnerability

  • CVE-2020-17107HigNov 11, 2020
    risk 0.51cvss 7.8epss 0.04

    HEVC Video Extensions Remote Code Execution Vulnerability

  • CVE-2020-17106HigNov 11, 2020
    risk 0.51cvss 7.8epss 0.04

    HEVC Video Extensions Remote Code Execution Vulnerability

  • CVE-2020-17105HigNov 11, 2020
    risk 0.51cvss 7.8epss 0.03

    AV1 Video Extension Remote Code Execution Vulnerability

  • CVE-2020-17104HigNov 11, 2020
    risk 0.51cvss 7.8epss 0.04

    Visual Studio Code JSHint Extension Remote Code Execution Vulnerability

  • CVE-2020-17101HigNov 11, 2020
    risk 0.51cvss 7.8epss 0.01

    HEIF Image Extensions Remote Code Execution Vulnerability

  • CVE-2020-17091HigNov 11, 2020
    risk 0.51cvss 7.8epss 0.02

    Microsoft Teams Remote Code Execution Vulnerability

  • CVE-2020-17088HigNov 11, 2020
    risk 0.51cvss 7.8epss 0.01

    Windows Common Log File System Driver Elevation of Privilege Vulnerability

  • CVE-2020-17087HigKEVNov 11, 2020
    risk 0.63cvss 7.8epss 0.05

    Windows Kernel Local Elevation of Privilege Vulnerability

  • CVE-2020-17086HigNov 11, 2020
    risk 0.51cvss 7.8epss 0.04

    Raw Image Extension Remote Code Execution Vulnerability

  • CVE-2020-17084HigNov 11, 2020
    risk 0.56cvss 8.5epss 0.04

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2020-17082HigNov 11, 2020
    risk 0.51cvss 7.8epss 0.03

    Raw Image Extension Remote Code Execution Vulnerability

  • CVE-2020-17079HigNov 11, 2020
    risk 0.51cvss 7.8epss 0.03

    Raw Image Extension Remote Code Execution Vulnerability

  • CVE-2020-17078HigNov 11, 2020
    risk 0.51cvss 7.8epss 0.03

    Raw Image Extension Remote Code Execution Vulnerability

  • CVE-2020-17077HigNov 11, 2020
    risk 0.51cvss 7.8epss 0.01

    Windows Update Stack Elevation of Privilege Vulnerability

  • CVE-2020-17076HigNov 11, 2020
    risk 0.51cvss 7.8epss 0.01

    Windows Update Orchestrator Service Elevation of Privilege Vulnerability

  • CVE-2020-17075HigNov 11, 2020
    risk 0.51cvss 7.8epss 0.01

    Windows USO Core Worker Elevation of Privilege Vulnerability

  • CVE-2020-17074HigNov 11, 2020
    risk 0.51cvss 7.8epss 0.01

    Windows Update Orchestrator Service Elevation of Privilege Vulnerability

  • CVE-2020-17073HigNov 11, 2020
    risk 0.51cvss 7.8epss 0.01

    Windows Update Orchestrator Service Elevation of Privilege Vulnerability

  • CVE-2020-17070HigNov 11, 2020
    risk 0.51cvss 7.8epss 0.01

    Windows Update Medic Service Elevation of Privilege Vulnerability

  • CVE-2020-17068HigNov 11, 2020
    risk 0.51cvss 7.8epss 0.01

    Windows GDI+ Remote Code Execution Vulnerability

  • CVE-2020-17067HigNov 11, 2020
    risk 0.51cvss 7.8epss 0.03

    Microsoft Excel Security Feature Bypass Vulnerability

  • CVE-2020-17066HigNov 11, 2020
    risk 0.51cvss 7.8epss 0.04

    Microsoft Excel Remote Code Execution Vulnerability

  • CVE-2020-17065HigNov 11, 2020
    risk 0.51cvss 7.8epss 0.04

    Microsoft Excel Remote Code Execution Vulnerability