VYPR

CVEs

101,963 total · page 1399 of 2,040

  • CVE-2020-5949HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.01

    On BIG-IP versions 14.0.0-14.0.1 and 13.1.0-13.1.3.4, certain traffic pattern sent to a virtual server configured with an FTP profile can cause the FTP channel to break.

  • CVE-2020-27713HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.01

    In certain configurations on version 13.1.3.4, when a BIG-IP AFM HTTP security profile is applied to a virtual server and the BIG-IP system receives a request with specific characteristics, the connection is reset and the Traffic Management Microkernel (TMM) leaks memory.

  • CVE-2020-7791HigDec 11, 2020
    risk 0.42cvss 7.5epss 0.03

    This affects the package i18n before 2.1.15. Vulnerability arises out of insufficient handling of erroneous language tags in src/i18n/Concrete/TextLocalizer.cs and src/i18n/LocalizedApplication.cs.

  • CVE-2020-29254HigDec 11, 2020
    risk 0.57cvss 8.8epss 0.01

    TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF…

  • CVE-2020-27508HigDec 11, 2020
    risk 0.00cvss 7.5epss 0.01

    In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security.

  • CVE-2020-4633HigDec 11, 2020
    risk 0.57cvss 8.8epss 0.03

    IBM Resilient SOAR V38.0 could allow a remote attacker to execute arbitrary code on the system, caused by formula injection due to improper input validation.

  • CVE-2020-7793HigDec 11, 2020
    risk 0.42cvss 7.5epss 0.04

    The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).

  • CVE-2020-7792HigDec 11, 2020
    risk 0.42cvss 7.5epss 0.02

    This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn 'mixes objects into the target object, recursively mixing existing child objects as well'. In both cases, the key used to access the…

  • CVE-2020-7788HigDec 11, 2020
    risk 0.41cvss 7.3epss 0.04

    This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.

  • CVE-2020-35135HigDec 11, 2020
    risk 0.57cvss 8.8epss 0.01

    The ultimate-category-excluder plugin before 1.2 for WordPress allows ultimate-category-excluder.php CSRF.

  • CVE-2020-27786HigDec 11, 2020
    risk 0.00cvss 7.8epss 0.02

    A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of…

  • CVE-2020-27828HigDec 11, 2020
    risk 0.51cvss 7.8epss 0.01

    There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.

  • CVE-2020-13530HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.02

    A denial-of-service vulnerability exists in the Ethernet/IP server functionality of the EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A large number of network requests in a small span of time can cause the running program to stop. An attacker can send a sequence of…

  • CVE-2020-13520HigDec 11, 2020
    risk 0.51cvss 7.8epss 0.02

    An out of bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 reconstructs paths from binary USD files. A specially crafted malformed file can trigger an out of bounds memory modification which can result in remote code execution. To trigger this…

  • CVE-2020-9301HigDec 11, 2020
    risk 0.57cvss 8.8epss 0.01

    Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within…

  • CVE-2020-24447HigDec 11, 2020
    risk 0.46cvss 7.0epss 0.01

    Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must…

  • CVE-2020-24440HigDec 11, 2020
    risk 0.46cvss 7.0epss 0.01

    Adobe Prelude version 9.0.1 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2020-25191HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.01

    Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the CompactRIO (Driver versions prior to 20.5) remotely.

  • CVE-2020-24637HigDec 11, 2020
    risk 0.47cvss 7.2epss 0.02

    Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000…

  • CVE-2020-7560HigDec 11, 2020
    risk 0.56cvss 8.6epss 0.01

    A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions), that could cause a crash of the software or unexpected code execution when opening a malicious…

  • CVE-2020-7543HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.01

    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially…

  • CVE-2020-7542HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.01

    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially…

  • CVE-2020-7539HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.01

    A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a…

  • CVE-2020-7537HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.01

    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially…

  • CVE-2020-7536HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.01

    A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all…

  • CVE-2020-7535HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.01

    A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification…

  • CVE-2020-28219HigDec 11, 2020
    risk 0.51cvss 7.8epss 0.00

    A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) and EcoStruxure Geo SCADA Expert 2020 (Original release and Monthly Updates to…

  • CVE-2020-28217HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.01

    A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol.

  • CVE-2020-28216HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.01

    A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol.

  • CVE-2020-4829HigDec 10, 2020
    risk 0.51cvss 7.8epss 0.00

    IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960.

  • CVE-2020-26269HigDec 10, 2020
    risk 0.42cvss 7.5epss 0.01

    In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories. There are multiple invariants and preconditions that are assumed by the…

  • CVE-2020-25967HigDec 10, 2020
    risk 0.57cvss 8.8epss 0.01

    The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SSTI) vulnerability.

  • CVE-2020-13526HigDec 10, 2020
    risk 0.57cvss 8.8epss 0.02

    SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. The reportTables_Ajax and clientSetupAjax pages are vulnerable to SQL injection in the sort parameter.An attacker can make…

  • CVE-2020-12594HigDec 10, 2020
    risk 0.47cvss 7.2epss 0.01

    A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. This affects SMG prior to 10.7.4.

  • CVE-2020-12516HigDec 10, 2020
    risk 0.49cvss 7.5epss 0.02

    Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.

  • CVE-2020-17159HigDec 10, 2020
    risk 0.51cvss 7.8epss 0.03

    Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability

  • CVE-2020-17158HigDec 10, 2020
    risk 0.57cvss 8.8epss 0.03

    Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability

  • CVE-2020-17156HigDec 10, 2020
    risk 0.51cvss 7.8epss 0.03

    Visual Studio Remote Code Execution Vulnerability

  • CVE-2020-17152HigDec 10, 2020
    risk 0.57cvss 8.8epss 0.03

    Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability

  • CVE-2020-17150HigDec 10, 2020
    risk 0.51cvss 7.8epss 0.03

    Visual Studio Code Remote Code Execution Vulnerability

  • CVE-2020-17148HigDec 10, 2020
    risk 0.51cvss 7.8epss 0.04

    Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability

  • CVE-2020-17147HigDec 10, 2020
    risk 0.57cvss 8.7epss 0.01

    Dynamics CRM Webclient Cross-site Scripting Vulnerability

  • CVE-2020-17144HigKEVDec 10, 2020
    risk 0.70cvss 8.4epss 0.37

    Microsoft Exchange Remote Code Execution Vulnerability

  • CVE-2020-17143HigDec 10, 2020
    risk 0.63cvss 8.8epss 0.71

    Microsoft Exchange Server Information Disclosure Vulnerability

  • CVE-2020-17141HigDec 10, 2020
    risk 0.55cvss 8.4epss 0.07

    Microsoft Exchange Remote Code Execution Vulnerability

  • CVE-2020-17140HigDec 10, 2020
    risk 0.54cvss 8.1epss 0.12

    Windows SMB Information Disclosure Vulnerability

  • CVE-2020-17139HigDec 10, 2020
    risk 0.51cvss 7.8epss 0.01

    Windows Overlay Filter Security Feature Bypass Vulnerability

  • CVE-2020-17137HigDec 10, 2020
    risk 0.51cvss 7.8epss 0.01

    DirectX Graphics Kernel Elevation of Privilege Vulnerability

  • CVE-2020-17136HigDec 10, 2020
    risk 0.55cvss 7.8epss 0.14

    Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

  • CVE-2020-17134HigDec 10, 2020
    risk 0.51cvss 7.8epss 0.01

    Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability