VYPR

CVEs

100,082 total · page 1387 of 2,002

  • CVE-2020-6083HigOct 14, 2020
    risk 0.49cvss 7.5epss 0.04

    An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can…

  • CVE-2020-25188HigOct 14, 2020
    risk 0.51cvss 7.8epss 0.02

    An attacker who convinces a valid user to open a specially crafted project file to exploit could execute code under the privileges of the application due to an out-of-bounds read vulnerability on the LAquis SCADA (Versions prior to 4.3.1.870).

  • CVE-2019-2194HigOct 14, 2020
    risk 0.51cvss 7.8epss 0.00

    In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-7330HigOct 14, 2020
    risk 0.49cvss 7.5epss 0.00

    Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via editing of environment variables

  • CVE-2020-12928HigOct 13, 2020
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master V15 may allow any authenticated user to escalate privileges to NT authority system.

  • CVE-2020-25645HigOct 13, 2020
    risk 0.49cvss 7.5epss 0.02

    A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic…

  • CVE-2018-20243HigOct 13, 2020
    risk 0.49cvss 7.5epss 0.03

    The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629.

  • CVE-2020-15251HigOct 13, 2020
    risk 0.00cvss 7.7epss 0.01

    In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected.…

  • CVE-2020-17417HigOct 13, 2020
    risk 0.51cvss 7.8epss 0.09

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2020-17416HigOct 13, 2020
    risk 0.51cvss 7.8epss 0.09

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2020-17415HigOct 13, 2020
    risk 0.51cvss 7.8epss 0.02

    This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PhantomPDF 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw…

  • CVE-2020-17414HigOct 13, 2020
    risk 0.51cvss 7.8epss 0.02

    This vulnerability allows local attackers to escalate privileges on affected installations of Foxit Reader 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists…

  • CVE-2020-17413HigOct 13, 2020
    risk 0.51cvss 7.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2020-17412HigOct 13, 2020
    risk 0.51cvss 7.8epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2020-17410HigOct 13, 2020
    risk 0.51cvss 7.8epss 0.09

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2020-17406HigOct 13, 2020
    risk 0.58cvss 8.8epss 0.05

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the ping parameter provided to…

  • CVE-2020-16124HigOct 13, 2020
    risk 0.00cvss 7.3epss 0.01

    Integer Overflow or Wraparound vulnerability in the XML RPC library of OpenRobotics ros_comm communications packages allows unauthenticated network traffic to cause unexpected behavior. This issue affects: OpenRobotics ros_comm communications packages Noetic and prior versions.…

  • CVE-2020-7743HigOct 13, 2020
    risk 0.41cvss 7.3epss 0.04

    The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.

  • CVE-2020-15012HigOct 12, 2020
    risk 0.56cvss 8.6epss 0.03

    A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. A user that requests a crafted path can traverse up the file system to get access to content on disk (that the user running nxrm also has access to).

  • CVE-2020-26546HigOct 12, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in HelpDeskZ 1.0.2. The feature to auto-login a user, via the RememberMe functionality, is prone to SQL injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

  • CVE-2020-25825HigOct 12, 2020
    risk 0.49cvss 7.5epss 0.02

    In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs.

  • CVE-2020-9123HigOct 12, 2020
    risk 0.51cvss 7.8epss 0.01

    HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) and versions earlier than 10.1.0.160(C01E160R2P8) have a buffer overflow vulnerability. An attacker induces users to install malicious applications and sends specially constructed packets to affected devices after…

  • CVE-2020-9090HigOct 12, 2020
    risk 0.51cvss 7.8epss 0.00

    FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product.

  • CVE-2020-4388HigOct 12, 2020
    risk 0.53cvss 8.2epss 0.01

    IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks. IBM X-Force ID: 179270.

  • CVE-2020-4302HigOct 12, 2020
    risk 0.51cvss 7.8epss 0.02

    IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the…

  • CVE-2020-26869HigOct 12, 2020
    risk 0.49cvss 7.5epss 0.02

    ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users. This issue also affects third-party systems based on the Web Services Toolkit.

  • CVE-2020-26868HigOct 12, 2020
    risk 0.49cvss 7.5epss 0.02

    ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by legitimate web clients. This issue also affects third-party systems based on the Web…

  • CVE-2020-4779HigOct 12, 2020
    risk 0.53cvss 8.1epss 0.01

    A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156.

  • CVE-2020-4778HigOct 12, 2020
    risk 0.49cvss 7.5epss 0.01

    IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. IBM X-Force ID: 189156.

  • CVE-2020-4776HigOct 12, 2020
    risk 0.49cvss 7.5epss 0.02

    A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted file path in URL request to view arbitrary files on the system.…

  • CVE-2020-4772HigOct 12, 2020
    risk 0.53cvss 8.1epss 0.01

    An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. A remote attacker could exploit this vulnerability to expose sensitive information, denial of service, server side request forgery or consume memory resources.…

  • CVE-2020-5140HigOct 12, 2020
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6…

  • CVE-2020-5139HigOct 12, 2020
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7,…

  • CVE-2020-5138HigOct 12, 2020
    risk 0.49cvss 7.5epss 0.02

    A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12,…

  • CVE-2020-5137HigOct 12, 2020
    risk 0.49cvss 7.5epss 0.02

    A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12,…

  • CVE-2020-5133HigOct 12, 2020
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.

  • CVE-2020-26947HigOct 10, 2020
    risk 0.00cvss 7.8epss 0.00

    monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . directory in an embedded RPATH (with a preference ahead of /usr/lib), which allows local users to gain privileges via a Trojan horse library in the current working directory.

  • CVE-2020-26945HigOct 10, 2020
    risk 0.00cvss 8.1epss 0.02

    MyBatis before 3.5.6 mishandles deserialization of object streams.

  • CVE-2020-26929HigOct 9, 2020
    risk 0.48cvss 7.3epss 0.01

    Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6220 before 1.1.0.100 and R6230 before 1.1.0.100.

  • CVE-2020-26921HigOct 9, 2020
    risk 0.54cvss 8.3epss 0.01

    Certain NETGEAR devices are affected by authentication bypass. This affects GS110EMX before 1.0.1.7, GS810EMX before 1.7.1.3, XS512EM before 1.0.1.3, and XS724EM before 1.0.1.3.

  • CVE-2020-26920HigOct 9, 2020
    risk 0.57cvss 8.8epss 0.01

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.3.110, SRR60 before 2.5.3.110, and SRS60 before 2.5.3.110.

  • CVE-2020-26912HigOct 9, 2020
    risk 0.49cvss 7.5epss 0.01

    Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2…

  • CVE-2020-26911HigOct 9, 2020
    risk 0.54cvss 8.3epss 0.01

    Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before…

  • CVE-2020-26910HigOct 9, 2020
    risk 0.55cvss 8.4epss 0.01

    Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

  • CVE-2020-26909HigOct 9, 2020
    risk 0.57cvss 8.8epss 0.02

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.58 and R7500v2 before 1.0.3.48.

  • CVE-2020-26522HigOct 9, 2020
    risk 0.57cvss 8.8epss 0.01

    A cross-site request forgery (CSRF) vulnerability in mod/user/act_user.php in Garfield Petshop through 2020-10-01 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.

  • CVE-2020-15838HigOct 9, 2020
    risk 0.57cvss 8.8epss 0.01

    The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions.

  • CVE-2019-19115HigOct 8, 2020
    risk 0.51cvss 7.8epss 0.01

    An escalation of privilege vulnerability in Nahimic APO Software Component Driver 1.4.2, 1.5.0, 1.5.1, 1.6.1 and 1.6.2 allows an attacker to execute code with SYSTEM privileges.

  • CVE-2020-26894HigOct 8, 2020
    risk 0.00cvss 7.8epss 0.00

    LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious "cmd.exe" in the folder of the vulnerable LiveCode application. If the application is using LiveCode's "shell()" function, it will attempt to search for "cmd.exe" in the…

  • CVE-2020-9048HigOct 8, 2020
    risk 0.46cvss 7.1epss 0.01

    A vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client could allow a remote unauthenticated attacker on the network to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service…