VYPR

CVEs

101,963 total · page 1398 of 2,040

  • CVE-2020-25232HigDec 14, 2020
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Due to the usage of an insecure random number generation function and a deprecated cryptographic function, an attacker could extract the key that is used when communicating with an…

  • CVE-2020-25230HigDec 14, 2020
    risk 0.49cvss 7.5epss 0.00

    A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device.

  • CVE-2020-25229HigDec 14, 2020
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The implemented encryption for communication with affected devices is prone to replay attacks due to the usage of a static key. An attacker could change the password or change the…

  • CVE-2020-15796HigDec 14, 2020
    risk 0.49cvss 7.5epss 0.02

    A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a…

  • CVE-2020-14368HigDec 14, 2020
    risk 0.46cvss 7.1epss 0.01

    A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery (CSRF) and consequently allowing a cross-site…

  • CVE-2019-19289HigDec 14, 2020
    risk 0.57cvss 8.8epss 0.00

    A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link.

  • CVE-2019-19286HigDec 14, 2020
    risk 0.47cvss 7.2epss 0.01

    A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow SQL injection attacks if an attacker is able to modify content of particular web pages.

  • CVE-2020-8286HigDec 14, 2020
    risk 0.49cvss 7.5epss 0.05

    curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.

  • CVE-2020-8285HigDec 14, 2020
    risk 0.43cvss 7.5epss 0.10

    curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

  • CVE-2020-8283HigDec 14, 2020
    risk 0.57cvss 8.8epss 0.03

    An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.

  • CVE-2020-8282HigDec 14, 2020
    risk 0.57cvss 8.8epss 0.01

    A security issue was found in EdgePower 24V/54V firmware v1.7.0 and earlier where, due to missing CSRF protections, an attacker would have been able to perform unauthorized remote code execution.

  • CVE-2020-8258HigDec 14, 2020
    risk 0.49cvss 7.5epss 0.01

    Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files.

  • CVE-2020-8231HigDec 14, 2020
    risk 0.49cvss 7.5epss 0.04

    Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.

  • CVE-2020-8177HigDec 14, 2020
    risk 0.51cvss 7.8epss 0.01

    curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.

  • CVE-2020-8169HigDec 14, 2020
    risk 0.49cvss 7.5epss 0.03

    curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).

  • CVE-2020-28860HigDec 14, 2020
    risk 0.57cvss 8.8epss 0.02

    OpenAssetDigital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection.

  • CVE-2020-27252HigDec 14, 2020
    risk 0.57cvss 8.8epss 0.04

    Medtronic MyCareLink Smart 25000 is vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader. If exploited, an attacker could remotely execute code on the MCL Smart…

  • CVE-2020-25187HigDec 14, 2020
    risk 0.58cvss 8.8epss 0.04

    Medtronic MyCareLink Smart 25000 is  vulnerable when an authenticated attacker runs a debug command, which can be sent to the patient reader and cause a heap overflow event within the MCL Smart Patient Reader software stack. The heap overflow could allow an attacker to…

  • CVE-2020-25183HigDec 14, 2020
    risk 0.52cvss 8.0epss 0.01

    Medtronic MyCareLink Smart 25000 contains an authentication protocol vulnerability where the method used to authenticate between the MCL Smart Patient Reader and the Medtronic MyCareLink Smart mobile app is vulnerable to bypass. This vulnerability enables an attacker to use…

  • CVE-2020-20183HigDec 14, 2020
    risk 0.49cvss 7.5epss 0.01

    Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00(ABBX.3) and earlier allows attackers to gain privileges and access certain admin pages.

  • CVE-2020-16104HigDec 14, 2020
    risk 0.53cvss 8.2epss 0.01

    SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This…

  • CVE-2020-16103HigDec 14, 2020
    risk 0.57cvss 8.8epss 0.02

    Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior…

  • CVE-2020-16102HigDec 14, 2020
    risk 0.46cvss 7.1epss 0.01

    Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions…

  • CVE-2020-28858HigDec 14, 2020
    risk 0.57cvss 8.8epss 0.01

    OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly verify whether a request made to the application was intentionally made by the user, allowing for cross-site request forgery attacks on all user functions.

  • CVE-2020-28856HigDec 14, 2020
    risk 0.49cvss 7.5epss 0.02

    OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectively bypassing all IP…

  • CVE-2020-35382HigDec 14, 2020
    risk 0.47cvss 7.2epss 0.01

    SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user.

  • CVE-2020-5665HigDec 14, 2020
    risk 0.48cvss 7.4epss 0.01

    Improper check or handling of exceptional conditions in MELSEC iQ-F series FX5U(C) CPU unit firmware version 1.060 and earlier allows an attacker to cause a denial-of-service (DoS) condition on program execution and communication by sending a specially crafted ARP packet.

  • CVE-2020-5635HigDec 14, 2020
    risk 0.57cvss 8.8epss 0.01

    Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker on the adjacent network to send a specially crafted request to a specific URL, which may result in an arbitrary command execution.

  • CVE-2020-35235HigDec 14, 2020
    risk 0.59cvss 8.8epss 0.18

    vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability…

  • CVE-2020-35234HigDec 14, 2020
    risk 0.57cvss 7.5epss 0.65

    The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file (such as #############_debug_log.txt)…

  • CVE-2020-29669HigDec 14, 2020
    risk 0.58cvss 8.8epss 0.05

    In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Guest user is able to reset its own password. This process has a vulnerability which can be used to take over the administrator account and results in shell access. As the admin user may read the /etc/shadow…

  • CVE-2020-29654HigDec 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that leads to compromise of the SYSTEM account.

  • CVE-2020-24340HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The code that processes DNS responses in pico_mdns_handle_data_as_answers_generic() in pico_mdns.c does not check whether the number of answers/responses specified in a DNS packet header corresponds to the response…

  • CVE-2020-24339HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The DNS domain name record decompression functionality in pico_dns_decompress_name() in pico_dns_common.c does not validate the compression pointer offset values with respect to the actual data present in a DNS…

  • CVE-2020-24337HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. When an unsupported TCP option with zero length is provided in an incoming TCP packet, it is possible to cause a Denial-of-Service by achieving an infinite loop in the code that parses TCP options, aka…

  • CVE-2020-24334HigDec 11, 2020
    risk 0.53cvss 8.2epss 0.02

    The code that processes DNS responses in uIP through 1.0, as used in Contiki and Contiki-NG, does not check whether the number of responses specified in the DNS packet header corresponds to the response data available in the DNS packet, leading to an out-of-bounds read and…

  • CVE-2020-17469HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in FNET through 4.6.4. The code for IPv6 fragment reassembly tries to access a previous fragment starting from a network incoming fragment that still doesn't have a reference to the previous one (which supposedly resides in the reassembly list). When…

  • CVE-2020-17468HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in FNET through 4.6.4. The code for processing the hop-by-hop header (in the IPv6 extension headers) doesn't check for a valid length of an extension header, and therefore an out-of-bounds read can occur in _fnet_ip6_ext_header_handler_options in…

  • CVE-2020-17445HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 destination options does not check for a valid length of the destination options header. This results in an Out-of-Bounds Read, and, depending on the memory protection mechanism, this may result in…

  • CVE-2020-17444HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in picoTCP 1.7.0. The routine for processing the next header field (and deducing whether the IPv6 extension headers are valid) doesn't check whether the header extension length field would overflow. Therefore, if it wraps around to zero, iterating through…

  • CVE-2020-17443HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in picoTCP 1.7.0. The code for creating an ICMPv6 echo replies doesn't check whether the ICMPv6 echo request packet's size is shorter than 8 bytes. If the size of the incoming ICMPv6 request packet is shorter than this, the operation that calculates the…

  • CVE-2020-17442HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in picoTCP 1.7.0. The code for parsing the hop-by-hop IPv6 extension headers does not validate the bounds of the extension header length value, which may result in Integer Wraparound. Therefore, a crafted extension header length value may cause…

  • CVE-2020-17440HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that domain names present in the DNS responses have '\0' termination. This results in errors when calculating the offset of the pointer that…

  • CVE-2020-17439HigDec 11, 2020
    risk 0.54cvss 8.3epss 0.03

    An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that the incoming DNS replies match outgoing DNS queries in newdata() in resolv.c. Also, arbitrary DNS replies are parsed if there was any…

  • CVE-2020-17437HigDec 11, 2020
    risk 0.54cvss 8.2epss 0.03

    An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the…

  • CVE-2020-13988HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.04

    An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.

  • CVE-2020-13987HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.

  • CVE-2020-13986HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.

  • CVE-2020-13985HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.05

    An issue was discovered in Contiki through 3.0. A memory corruption vulnerability exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.

  • CVE-2020-13984HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when processing IPv6 extension headers in ext_hdr_options_process in net/ipv6/uip6.c.