VYPR

CVEs

100,081 total · page 1375 of 2,002

  • CVE-2020-22275HigNov 4, 2020
    risk 0.57cvss 8.8epss 0.02

    Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable.

  • CVE-2020-26211HigNov 3, 2020
    risk 0.43cvss 7.7epss 0.01

    In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with…

  • CVE-2020-26210HigNov 3, 2020
    risk 0.00cvss 7.7epss 0.01

    In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have…

  • CVE-2020-16009HigKEVNov 3, 2020
    risk 0.66cvss 8.8epss 0.49

    Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-16008HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.

  • CVE-2020-16007HigNov 3, 2020
    risk 0.51cvss 7.8epss 0.00

    Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.

  • CVE-2020-16006HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.02

    Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-16005HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.02

    Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-16004HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-16003HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-16002HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.02

    Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2020-16001HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.02

    Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-16000HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.02

    Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-15998HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Use after free in USB in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2020-15997HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Use after free in Mojo in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2020-15996HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Use after free in passwords in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2020-15995HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-15994HigNov 3, 2020
    risk 0.58cvss 8.8epss 0.13

    Use after free in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-15992HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.

  • CVE-2020-15991HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2020-15990HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2020-15987HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream.

  • CVE-2020-15983HigNov 3, 2020
    risk 0.51cvss 7.8epss 0.00

    Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page.

  • CVE-2020-15980HigNov 3, 2020
    risk 0.51cvss 7.8epss 0.00

    Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents.

  • CVE-2020-15979HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.02

    Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-15978HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.

  • CVE-2020-15976HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-15975HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-15974HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.

  • CVE-2020-15972HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.03

    Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-15971HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2020-15970HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2020-15969HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.02

    Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-15968HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.02

    Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-15967HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2020-9861HigNov 2, 2020
    risk 0.49cvss 7.5epss 0.01

    A stack overflow issue existed in Swift for Linux. The issue was addressed with improved input validation for dealing with deeply nested malicious JSON input.

  • CVE-2020-7758HigNov 2, 2020
    risk 0.42cvss 7.5epss 0.02

    This affects versions of package browserless-chrome before 1.40.2-chrome-stable. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server.

  • CVE-2020-9368HigNov 2, 2020
    risk 0.49cvss 7.5epss 0.02

    The Module Olea Gift On Order module through 5.0.8 for PrestaShop enables an unauthenticated user to read arbitrary files on the server via getfile.php?file=/.. directory traversal.

  • CVE-2020-8183HigNov 2, 2020
    risk 0.49cvss 7.5epss 0.02

    A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.

  • CVE-2020-5658HigNov 2, 2020
    risk 0.49cvss 7.5epss 0.03

    Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number…

  • CVE-2020-5655HigNov 2, 2020
    risk 0.49cvss 7.5epss 0.03

    NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number…

  • CVE-2020-5654HigNov 2, 2020
    risk 0.49cvss 7.5epss 0.03

    Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or…

  • CVE-2020-5652HigNov 2, 2020
    risk 0.49cvss 7.5epss 0.04

    Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier,…

  • CVE-2020-28046HigNov 2, 2020
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in ProlinOS through 2.4.161.8859R. An attacker with local code execution privileges as a normal user (MAINAPP) can escalate to root privileges by exploiting the setuid installation of the xtables-multi binary and leveraging the ip6tables --modprobe switch.

  • CVE-2020-28045HigNov 2, 2020
    risk 0.51cvss 7.8epss 0.00

    An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. This OS requires installed applications and all system binaries to be signed either by the manufacturer or by the Point Of Sale application developer and distributor. The signature is a 2048-byte RSA…

  • CVE-2020-28043HigNov 2, 2020
    risk 0.49cvss 7.5epss 0.01

    MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL.

  • CVE-2020-28033HigNov 2, 2020
    risk 0.49cvss 7.5epss 0.03

    WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed.

  • CVE-2020-28030HigNov 2, 2020
    risk 0.00cvss 7.5epss 0.02

    In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement.

  • CVE-2020-27992HigNov 2, 2020
    risk 0.51cvss 7.8epss 0.00

    Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse DriverInstall.exe because %PROGRAMFILES(X86)%\Wondershare\dr.fone\Library\DriverInstaller has Full Control for BUILTIN\Users.

  • CVE-2020-27708HigNov 2, 2020
    risk 0.51cvss 7.8epss 0.01

    A vulnerability exists in the Origin Client that could allow a non-Administrative user to elevate their access to either Administrator or System. Once the user has obtained elevated access, they may be able to take control of the system and perform actions otherwise reserved for…