VYPR

CVEs

100,472 total · page 1389 of 2,010

  • CVE-2020-15244HigOct 21, 2020
    risk 0.45cvss 8.0epss 0.01

    In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4.

  • CVE-2020-3577HigOct 21, 2020
    risk 0.48cvss 7.4epss 0.00

    A vulnerability in the ingress packet processing path of Cisco Firepower Threat Defense (FTD) Software for interfaces that are configured either as Inline Pair or in Passive mode could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The…

  • CVE-2020-3572HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The…

  • CVE-2020-3571HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the ICMP ingress packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 4110 appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due…

  • CVE-2020-3563HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the packet processing functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to inefficient memory management.…

  • CVE-2020-3562HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the SSL/TLS inspection of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series firewalls could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to…

  • CVE-2020-3554HigOct 21, 2020
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the TCP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The…

  • CVE-2020-3550HigOct 21, 2020
    risk 0.53cvss 8.1epss 0.02

    A vulnerability in the sfmgr daemon of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to perform directory traversal and access directories outside the restricted path. The…

  • CVE-2020-3549HigOct 21, 2020
    risk 0.53cvss 8.1epss 0.01

    A vulnerability in the sftunnel functionality of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient…

  • CVE-2020-3533HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly. The vulnerability is due to a lack of…

  • CVE-2020-3529HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service…

  • CVE-2020-3528HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the OSPF Version 2 (OSPFv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of…

  • CVE-2020-3514HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.00

    A vulnerability in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their Cisco FTD instance and execute commands with root privileges in the host namespace. The attacker must…

  • CVE-2020-3499HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the licensing service of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.The vulnerability is due to improper handling of system resource values by the affected…

  • CVE-2020-3459HigOct 21, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could…

  • CVE-2020-3456HigOct 21, 2020
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the Cisco Firepower Chassis Manager (FCM) of Cisco FXOS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected device. The vulnerability is due to insufficient CSRF…

  • CVE-2020-3455HigOct 21, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the secure boot process of Cisco FXOS Software could allow an authenticated, local attacker to bypass the secure boot mechanisms. The vulnerability is due to insufficient protections of the secure boot process. An attacker could exploit this vulnerability by…

  • CVE-2020-3436HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to upload arbitrary-sized files to specific folders on an affected device, which could lead…

  • CVE-2020-3410HigOct 21, 2020
    risk 0.53cvss 8.1epss 0.01

    A vulnerability in the Common Access Card (CAC) authentication feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and access the FMC system. The attacker must have a valid CAC to initiate the…

  • CVE-2020-3373HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the IP fragment-handling implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. This memory leak could…

  • CVE-2020-3317HigOct 21, 2020
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the ssl_inspection component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to crash Snort instances. The vulnerability is due to insufficient input validation in the ssl_inspection component. An attacker could…

  • CVE-2020-3304HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.04

    A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS)…

  • CVE-2020-17381HigOct 21, 2020
    risk 0.47cvss 7.3epss 0.00

    An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE binary.

  • CVE-2018-11764HigOct 21, 2020
    risk 0.57cvss 8.8epss 0.02

    Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured.

  • CVE-2020-15240HigOct 21, 2020
    risk 0.41cvss 7.4epss 0.01

    omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by…

  • CVE-2020-5651HigOct 21, 2020
    risk 0.57cvss 8.8epss 0.01

    SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL.

  • CVE-2020-27613HigOct 21, 2020
    risk 0.55cvss 8.4epss 0.00

    The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access.

  • CVE-2020-27611HigOct 21, 2020
    risk 0.00cvss 7.3epss 0.01

    BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint.

  • CVE-2020-27610HigOct 21, 2020
    risk 0.49cvss 7.5epss 0.01

    The installation procedure in BigBlueButton before 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block external access.

  • CVE-2020-27603HigOct 21, 2020
    risk 0.49cvss 7.5epss 0.03

    BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files.

  • CVE-2020-14883HigKEVOct 21, 2020
    risk 0.70cvss 7.2epss 0.98

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with…

  • CVE-2020-14880HigOct 21, 2020
    risk 0.55cvss 8.5epss 0.01

    Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network…

  • CVE-2020-14879HigOct 21, 2020
    risk 0.55cvss 8.5epss 0.01

    Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network…

  • CVE-2020-14878HigOct 21, 2020
    risk 0.52cvss 8.0epss 0.01

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment…

  • CVE-2020-14872HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.00

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox…

  • CVE-2020-14865HigOct 21, 2020
    risk 0.53cvss 8.1epss 0.02

    Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection product of Oracle PeopleSoft (component: eSupplier Connection). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to…

  • CVE-2020-14864HigKEVOct 21, 2020
    risk 0.72cvss 7.5epss 0.97

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker…

  • CVE-2020-14863HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1 - 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…

  • CVE-2020-14862HigOct 21, 2020
    risk 0.57cvss 8.8epss 0.02

    Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3 - 12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to…

  • CVE-2020-14857HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2020-14856HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2020-14851HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2020-14850HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Flex Fields). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP…

  • CVE-2020-14849HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2020-14843HigOct 21, 2020
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated…

  • CVE-2020-14842HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network…

  • CVE-2020-14835HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…

  • CVE-2020-14834HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2020-14833HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2020-14831HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via…