VYPR

CVEs

100,082 total · page 1379 of 2,002

  • CVE-2019-6238HigOct 27, 2020
    risk 0.51cvss 7.8epss 0.01

    A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. Processing a maliciously crafted package may…

  • CVE-2018-4474HigOct 27, 2020
    risk 0.49cvss 7.5epss 0.02

    A memory consumption issue was addressed with improved memory handling. This issue is fixed in iCloud for Windows 7.7, watchOS 5, Safari 12, iOS 12, iTunes 12.9 for Windows, tvOS 12. Unexpected interaction causes an ASSERT failure.

  • CVE-2018-4467HigOct 27, 2020
    risk 0.51cvss 7.8epss 0.01

    A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006…

  • CVE-2018-4452HigOct 27, 2020
    risk 0.51cvss 7.8epss 0.01

    A memory consumption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006…

  • CVE-2018-4451HigOct 27, 2020
    risk 0.51cvss 7.8epss 0.01

    This issue is fixed in macOS Mojave 10.14. A memory corruption issue was addressed with improved input validation.

  • CVE-2018-4428HigOct 27, 2020
    risk 0.46cvss 7.1epss 0.00

    A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 12.1.1. A local attacker may be able to share items from the lock screen.

  • CVE-2020-15238HigOct 27, 2020
    risk 0.50cvss 7.1epss 0.05

    Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower…

  • CVE-2020-7755HigOct 27, 2020
    risk 0.00cvss 7.5epss 0.02

    All versions of package dat.gui are vulnerable to Regular Expression Denial of Service (ReDoS) via specifically crafted rgb and rgba values.

  • CVE-2020-11858HigOct 27, 2020
    risk 0.54cvss 7.8epss 0.03

    Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). The vulneravility affects: 1.) Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60,…

  • CVE-2020-7754HigOct 27, 2020
    risk 0.42cvss 7.5epss 0.03

    This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters.

  • CVE-2020-23945HigOct 27, 2020
    risk 0.49cvss 7.5epss 0.01

    A SQL injection vulnerability exists in Victor CMS V1.0 in the cat_id parameter of the category.php file. This parameter can be used by sqlmap to obtain data information in the database.

  • CVE-2020-8579HigOct 27, 2020
    risk 0.49cvss 7.5epss 0.01

    Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an attacker with access to an intercluster LIF to cause a Denial of Service (DoS).

  • CVE-2020-6023HigOct 27, 2020
    risk 0.51cvss 7.8epss 0.00

    Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to escalate privileges while restoring files in Anti-Ransomware.

  • CVE-2020-23864HigOct 27, 2020
    risk 0.51cvss 7.8epss 0.01

    An issue exits in IOBit Malware Fighter version 8.0.2.547. Local escalation of privileges is possible by dropping a malicious DLL file into the WindowsApps folder.

  • CVE-2020-7753HigOct 27, 2020
    risk 0.00cvss 7.5epss 0.04

    All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().

  • CVE-2020-27180HigOct 27, 2020
    risk 0.49cvss 7.5epss 0.01

    konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter.

  • CVE-2020-15352HigOct 27, 2020
    risk 0.47cvss 7.2epss 0.03

    An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

  • CVE-2020-1915HigOct 26, 2020
    risk 0.42cvss 7.5epss 0.02

    An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable…

  • CVE-2020-26878HigOct 26, 2020
    risk 0.58cvss 8.8epss 0.11

    Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.

  • CVE-2020-15272HigOct 26, 2020
    risk 0.00cvss 8.7epss 0.01

    In the git-tag-annotation-action (open source GitHub Action) before version 1.0.1, an attacker can execute arbitrary (*) shell commands if they can control the value of [the `tag` input] or manage to alter the value of [the `GITHUB_REF` environment variable]. The problem has…

  • CVE-2020-26566HigOct 26, 2020
    risk 0.49cvss 7.5epss 0.04

    A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request.

  • CVE-2020-7752HigOct 26, 2020
    risk 0.51cvss 8.8epss 0.06

    This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands.

  • CVE-2020-27187HigOct 26, 2020
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other…

  • CVE-2020-7125HigOct 26, 2020
    risk 0.57cvss 8.8epss 0.01

    A remote escalation of privilege vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

  • CVE-2020-24632HigOct 26, 2020
    risk 0.47cvss 7.2epss 0.03

    A remote execution of arbitrary commandss vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

  • CVE-2020-24631HigOct 26, 2020
    risk 0.47cvss 7.2epss 0.03

    A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

  • CVE-2020-15897HigOct 26, 2020
    risk 0.49cvss 7.5epss 0.01

    Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause traffic loss or incorrect forwarding of traffic via a malformed link-state PDU to the IS-IS router.

  • CVE-2020-13100HigOct 26, 2020
    risk 0.49cvss 7.5epss 0.01

    Arista’s CloudVision eXchange (CVX) server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (crash and restart) in the ControllerOob agent via a malformed control-plane packet.

  • CVE-2020-24848HigOct 23, 2020
    risk 0.51cvss 7.8epss 0.00

    FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.

  • CVE-2020-5990HigOct 23, 2020
    risk 0.51cvss 7.8epss 0.00

    NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.

  • CVE-2020-5978HigOct 23, 2020
    risk 0.51cvss 7.8epss 0.00

    NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges.

  • CVE-2020-5977HigOct 23, 2020
    risk 0.51cvss 7.8epss 0.00

    NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and…

  • CVE-2020-27216HigOct 23, 2020
    risk 0.46cvss 7.0epss 0.04

    In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a…

  • CVE-2020-26561HigOct 23, 2020
    risk 0.58cvss 8.8epss 0.12

    Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd. Successful exploitation leads to arbitrary code execution. NOTE: This vulnerability only affects products that are no longer…

  • CVE-2020-9331HigOct 23, 2020
    risk 0.51cvss 7.8epss 0.00

    CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation (by local users with the SeChangeNotifyPrivilege right) because user-mode input is mishandled during process creation. An attacker can write arbitrary data to an arbitrary location in the…

  • CVE-2020-26887HigOct 23, 2020
    risk 0.54cvss 7.8epss 0.01

    FRITZ!OS before 7.21 on FRITZ!Box devices allows a bypass of a DNS Rebinding protection mechanism.

  • CVE-2019-14719HigOct 23, 2020
    risk 0.51cvss 7.8epss 0.01

    Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager.

  • CVE-2019-14717HigOct 23, 2020
    risk 0.51cvss 7.8epss 0.00

    Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 have a Buffer Overflow via the Run system call.

  • CVE-2019-14712HigOct 23, 2020
    risk 0.51cvss 7.8epss 0.00

    Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation.

  • CVE-2019-14711HigOct 23, 2020
    risk 0.46cvss 7.0epss 0.00

    Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass.

  • CVE-2020-27672HigOct 22, 2020
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.

  • CVE-2020-27671HigOct 22, 2020
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.

  • CVE-2020-27670HigOct 22, 2020
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.

  • CVE-2020-25186HigOct 22, 2020
    risk 0.49cvss 7.5epss 0.01

    An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing parameter entities, which may allow file disclosure.

  • CVE-2020-18129HigOct 22, 2020
    risk 0.57cvss 8.8epss 0.01

    A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php.

  • CVE-2020-15681HigOct 22, 2020
    risk 0.49cvss 7.5epss 0.01

    When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 82.

  • CVE-2020-11853HigOct 22, 2020
    risk 0.66cvss 8.8epss 0.77

    Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions :…

  • CVE-2019-17007HigOct 22, 2020
    risk 0.49cvss 7.5epss 0.01

    In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.

  • CVE-2020-10721HigOct 22, 2020
    risk 0.51cvss 7.8epss 0.01

    A flaw was found in the fabric8-maven-plugin 4.0.0 and later. When using a wildfly-swarm or thorntail custom configuration, a malicious YAML configuration file on the local machine executing the maven plug-in could allow for deserialization of untrusted data resulting in…

  • CVE-2020-9994HigOct 22, 2020
    risk 0.46cvss 7.1epss 0.01

    A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files.