VYPR

CVEs

100,472 total · page 1391 of 2,010

  • CVE-2020-15822HigOct 19, 2020
    risk 0.48cvss 7.3epss 0.01

    In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.

  • CVE-2020-7195HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7194HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7193HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7192HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A devicethresholdconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7191HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A devsoftsel expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7190HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A deviceselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7189HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A faultflasheventselectfact expression language injectionremote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7188HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A userselectpagingcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7187HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A reportpage index expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7186HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A powershellconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7185HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A tvxlanlegend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7184HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A viewbatchtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7183HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A forwardredirect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7182HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A sshconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7181HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A smsrulesdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7180HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A ictexpertdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7179HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A thirdpartyperfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7178HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A mediaforaction expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7177HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A wmiconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7176HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A viewtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7175HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A iccselectdymicparam expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7174HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A soapconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7173HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.03

    A actionselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-24630HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.02

    A remote operatoronlinelist_content privilege escalation vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-16161HigOct 19, 2020
    risk 0.49cvss 7.5epss 0.02

    GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_ScaledData(). Parsing malicious input can result in a crash.

  • CVE-2020-16160HigOct 19, 2020
    risk 0.49cvss 7.5epss 0.01

    GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Decompress(). Parsing malicious input can result in a crash.

  • CVE-2020-16158HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.02

    GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vulnerability in GPMF_ExpandComplexTYPE(). Parsing malicious input can result in a crash or potentially arbitrary code execution.

  • CVE-2020-24266HigOct 19, 2020
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service.

  • CVE-2020-24265HigOct 19, 2020
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service.

  • CVE-2020-15909HigOct 19, 2020
    risk 0.57cvss 8.8epss 0.02

    SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. The N-Central JSESSIONID cookie attribute is not checked against multiple sources such as sourceip, MFA claim, etc. as long as the victim stays logged in within…

  • CVE-2020-13778HigOct 19, 2020
    risk 0.58cvss 8.8epss 0.04

    rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php.

  • CVE-2020-7745HigOct 19, 2020
    risk 0.46cvss 7.1epss 0.03

    This affects the package MintegralAdSDK before 6.6.0.0. The SDK distributed by the company contains malicious functionality that acts as a backdoor. Mintegral and their partners (advertisers) can remotely execute arbitrary code on a user device.

  • CVE-2020-1243HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest…

  • CVE-2020-1167HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.04

    A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would…

  • CVE-2020-1080HigOct 16, 2020
    risk 0.57cvss 8.8epss 0.01

    An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system. This vulnerability…

  • CVE-2020-1047HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system. This vulnerability…

  • CVE-2020-17023HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.04

    A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is…

  • CVE-2020-17022HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.04

    A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program…

  • CVE-2020-17003HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.04

    A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by…

  • CVE-2020-16995HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in Network Watcher Agent virtual machine extension for Linux. An attacker who successfully exploited this vulnerability could execute code with elevated privileges. To exploit this vulnerability, an attacker would have to…

  • CVE-2020-16980HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need…

  • CVE-2020-16977HigOct 16, 2020
    risk 0.46cvss 7.0epss 0.03

    A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on…

  • CVE-2020-16976HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted…

  • CVE-2020-16975HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted…

  • CVE-2020-16974HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted…

  • CVE-2020-16973HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted…

  • CVE-2020-16972HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted…

  • CVE-2020-16969HigOct 16, 2020
    risk 0.46cvss 7.1epss 0.03

    An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages. An attacker who successfully exploited the vulnerability could use this to gain further information from a user. To exploit the vulnerability, an…

  • CVE-2020-16968HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.05

    A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with…