VYPR

CVEs

100,082 total · page 1381 of 2,002

  • CVE-2020-24424HigOct 21, 2020
    risk 0.46cvss 7.0epss 0.01

    Adobe Premiere Pro version 14.4 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2020-24423HigOct 21, 2020
    risk 0.46cvss 7.0epss 0.01

    Adobe Media Encoder version 14.4 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2020-24420HigOct 21, 2020
    risk 0.46cvss 7.0epss 0.01

    Adobe Photoshop for Windows version 21.2.1 (and earlier) is affected by an uncontrolled search path element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must…

  • CVE-2020-24419HigOct 21, 2020
    risk 0.46cvss 7.0epss 0.01

    Adobe After Effects version 17.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open…

  • CVE-2020-24418HigOct 21, 2020
    risk 0.51cvss 7.8epss 0.03

    Adobe After Effects version 17.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .aepx file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the…

  • CVE-2020-9750HigOct 21, 2020
    risk 0.51cvss 7.8epss 0.04

    Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability, which could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate.

  • CVE-2020-9749HigOct 21, 2020
    risk 0.51cvss 7.8epss 0.04

    Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate.

  • CVE-2020-9748HigOct 21, 2020
    risk 0.51cvss 7.8epss 0.06

    Adobe Animate version 20.5 (and earlier) is affected by a stack overflow vulnerability, which could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate.

  • CVE-2020-9747HigOct 21, 2020
    risk 0.51cvss 7.8epss 0.04

    Adobe Animate version 20.5 (and earlier) is affected by a double free vulnerability when parsing a crafted .fla file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.

  • CVE-2020-24422HigOct 21, 2020
    risk 0.46cvss 7.0epss 0.03

    Adobe Creative Cloud Desktop Application version 5.2 (and earlier) and 2.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires…

  • CVE-2020-15244HigOct 21, 2020
    risk 0.45cvss 8.0epss 0.01

    In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4.

  • CVE-2020-3577HigOct 21, 2020
    risk 0.48cvss 7.4epss 0.00

    A vulnerability in the ingress packet processing path of Cisco Firepower Threat Defense (FTD) Software for interfaces that are configured either as Inline Pair or in Passive mode could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The…

  • CVE-2020-3572HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The…

  • CVE-2020-3571HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the ICMP ingress packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 4110 appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due…

  • CVE-2020-3563HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the packet processing functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to inefficient memory management.…

  • CVE-2020-3562HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the SSL/TLS inspection of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series firewalls could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to…

  • CVE-2020-3554HigOct 21, 2020
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the TCP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The…

  • CVE-2020-3550HigOct 21, 2020
    risk 0.53cvss 8.1epss 0.02

    A vulnerability in the sfmgr daemon of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to perform directory traversal and access directories outside the restricted path. The…

  • CVE-2020-3549HigOct 21, 2020
    risk 0.53cvss 8.1epss 0.01

    A vulnerability in the sftunnel functionality of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient…

  • CVE-2020-3533HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly. The vulnerability is due to a lack of…

  • CVE-2020-3529HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service…

  • CVE-2020-3528HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the OSPF Version 2 (OSPFv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of…

  • CVE-2020-3514HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.00

    A vulnerability in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their Cisco FTD instance and execute commands with root privileges in the host namespace. The attacker must…

  • CVE-2020-3499HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the licensing service of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.The vulnerability is due to improper handling of system resource values by the affected…

  • CVE-2020-3459HigOct 21, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could…

  • CVE-2020-3456HigOct 21, 2020
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the Cisco Firepower Chassis Manager (FCM) of Cisco FXOS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected device. The vulnerability is due to insufficient CSRF…

  • CVE-2020-3455HigOct 21, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the secure boot process of Cisco FXOS Software could allow an authenticated, local attacker to bypass the secure boot mechanisms. The vulnerability is due to insufficient protections of the secure boot process. An attacker could exploit this vulnerability by…

  • CVE-2020-3436HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to upload arbitrary-sized files to specific folders on an affected device, which could lead…

  • CVE-2020-3410HigOct 21, 2020
    risk 0.53cvss 8.1epss 0.01

    A vulnerability in the Common Access Card (CAC) authentication feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and access the FMC system. The attacker must have a valid CAC to initiate the…

  • CVE-2020-3373HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the IP fragment-handling implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. This memory leak could…

  • CVE-2020-3317HigOct 21, 2020
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the ssl_inspection component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to crash Snort instances. The vulnerability is due to insufficient input validation in the ssl_inspection component. An attacker could…

  • CVE-2020-3304HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.04

    A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS)…

  • CVE-2020-17381HigOct 21, 2020
    risk 0.47cvss 7.3epss 0.00

    An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE binary.

  • CVE-2018-11764HigOct 21, 2020
    risk 0.57cvss 8.8epss 0.02

    Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured.

  • CVE-2020-15240HigOct 21, 2020
    risk 0.41cvss 7.4epss 0.01

    omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by…

  • CVE-2020-5651HigOct 21, 2020
    risk 0.57cvss 8.8epss 0.01

    SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL.

  • CVE-2020-27613HigOct 21, 2020
    risk 0.55cvss 8.4epss 0.00

    The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access.

  • CVE-2020-27611HigOct 21, 2020
    risk 0.00cvss 7.3epss 0.01

    BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint.

  • CVE-2020-27610HigOct 21, 2020
    risk 0.49cvss 7.5epss 0.01

    The installation procedure in BigBlueButton before 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block external access.

  • CVE-2020-27603HigOct 21, 2020
    risk 0.49cvss 7.5epss 0.03

    BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files.

  • CVE-2020-14883HigKEVOct 21, 2020
    risk 0.70cvss 7.2epss 0.98

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with…

  • CVE-2020-14880HigOct 21, 2020
    risk 0.55cvss 8.5epss 0.01

    Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network…

  • CVE-2020-14879HigOct 21, 2020
    risk 0.55cvss 8.5epss 0.01

    Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network…

  • CVE-2020-14878HigOct 21, 2020
    risk 0.52cvss 8.0epss 0.01

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment…

  • CVE-2020-14872HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.00

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox…

  • CVE-2020-14865HigOct 21, 2020
    risk 0.53cvss 8.1epss 0.02

    Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection product of Oracle PeopleSoft (component: eSupplier Connection). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to…

  • CVE-2020-14864HigKEVOct 21, 2020
    risk 0.72cvss 7.5epss 0.97

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker…

  • CVE-2020-14863HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1 - 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…

  • CVE-2020-14862HigOct 21, 2020
    risk 0.57cvss 8.8epss 0.02

    Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3 - 12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to…

  • CVE-2020-14857HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via…