VYPR

CVEs

100,082 total · page 1383 of 2,002

  • CVE-2020-15261HigOct 19, 2020
    risk 0.04cvss 8.0epss 0.11

    On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually…

  • CVE-2020-15256HigOct 19, 2020
    risk 0.43cvss 7.7epss 0.02

    A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `includeInheritedProps` mode (if version >= 0.11.0 is used), which has to be explicitly enabled by creating a new instance of…

  • CVE-2020-6085HigOct 19, 2020
    risk 0.49cvss 7.5epss 0.04

    An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An…

  • CVE-2020-6084HigOct 19, 2020
    risk 0.49cvss 7.5epss 0.04

    An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An…

  • CVE-2020-15263HigOct 19, 2020
    risk 0.45cvss 8.0epss 0.01

    In platform before version 9.4.4, inline attributes are not properly escaped. If the data that came from users was not escaped, then an XSS vulnerability is possible. The issue was introduced in 9.0.0 and fixed in 9.4.4.

  • CVE-2020-9263HigOct 19, 2020
    risk 0.51cvss 7.8epss 0.01

    HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick…

  • CVE-2020-9113HigOct 19, 2020
    risk 0.52cvss 8.0epss 0.00

    HUAWEI Mate 20 versions earlier than 10.0.0.188(C00E74R3P8) have a buffer overflow vulnerability in the Bluetooth module. Due to insufficient input validation, an unauthenticated attacker may craft Bluetooth messages after successful paring, causing buffer overflow. Successful…

  • CVE-2020-9112HigOct 19, 2020
    risk 0.51cvss 7.8epss 0.00

    Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. Due to lack of privilege restrictions on some of the business functions of the device. An attacker could exploit this vulnerability to access the protecting information,…

  • CVE-2020-24388HigOct 19, 2020
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. The function does not validate the embedded length field of a message received from the device. This could lead to an oversized memcpy() call that will crash the running process. This…

  • CVE-2020-24387HigOct 19, 2020
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The function does not explicitly check the returned session id from the device. An invalid session id would lead to out-of-bounds read and write operations in the session array. This…

  • CVE-2020-15822HigOct 19, 2020
    risk 0.48cvss 7.3epss 0.01

    In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.

  • CVE-2020-7195HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7194HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7193HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7192HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A devicethresholdconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7191HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A devsoftsel expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7190HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A deviceselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7189HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A faultflasheventselectfact expression language injectionremote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7188HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A userselectpagingcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7187HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A reportpage index expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7186HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A powershellconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7185HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A tvxlanlegend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7184HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A viewbatchtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7183HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A forwardredirect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7182HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A sshconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7181HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A smsrulesdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7180HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A ictexpertdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7179HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A thirdpartyperfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7178HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A mediaforaction expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7177HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A wmiconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7176HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A viewtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7175HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A iccselectdymicparam expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7174HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A soapconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7173HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A actionselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-24630HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.02

    A remote operatoronlinelist_content privilege escalation vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-16161HigOct 19, 2020
    risk 0.49cvss 7.5epss 0.02

    GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_ScaledData(). Parsing malicious input can result in a crash.

  • CVE-2020-16160HigOct 19, 2020
    risk 0.49cvss 7.5epss 0.01

    GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Decompress(). Parsing malicious input can result in a crash.

  • CVE-2020-16158HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.02

    GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vulnerability in GPMF_ExpandComplexTYPE(). Parsing malicious input can result in a crash or potentially arbitrary code execution.

  • CVE-2020-24266HigOct 19, 2020
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service.

  • CVE-2020-24265HigOct 19, 2020
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service.

  • CVE-2020-15909HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.02

    SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. The N-Central JSESSIONID cookie attribute is not checked against multiple sources such as sourceip, MFA claim, etc. as long as the victim stays logged in within…

  • CVE-2020-13778HigOct 19, 2020
    risk 0.58cvss 8.8epss 0.04

    rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php.

  • CVE-2020-7745HigOct 19, 2020
    risk 0.46cvss 7.1epss 0.03

    This affects the package MintegralAdSDK before 6.6.0.0. The SDK distributed by the company contains malicious functionality that acts as a backdoor. Mintegral and their partners (advertisers) can remotely execute arbitrary code on a user device.

  • CVE-2020-1243HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest…

  • CVE-2020-1167HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.04

    A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would…

  • CVE-2020-1080HigOct 16, 2020
    risk 0.57cvss 8.8epss 0.01

    An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system. This vulnerability…

  • CVE-2020-1047HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system. This vulnerability…

  • CVE-2020-17023HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.04

    A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is…

  • CVE-2020-17022HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.04

    A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program…

  • CVE-2020-17003HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.04

    A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by…