VYPR

CVEs

101,963 total · page 1400 of 2,040

  • CVE-2020-17129HigDec 10, 2020
    risk 0.51cvss 7.8epss 0.03

    Microsoft Excel Remote Code Execution Vulnerability

  • CVE-2020-17128HigDec 10, 2020
    risk 0.51cvss 7.8epss 0.03

    Microsoft Excel Remote Code Execution Vulnerability

  • CVE-2020-17127HigDec 10, 2020
    risk 0.51cvss 7.8epss 0.03

    Microsoft Excel Remote Code Execution Vulnerability

  • CVE-2020-17125HigDec 10, 2020
    risk 0.51cvss 7.8epss 0.03

    Microsoft Excel Remote Code Execution Vulnerability

  • CVE-2020-17124HigDec 10, 2020
    risk 0.51cvss 7.8epss 0.03

    Microsoft PowerPoint Remote Code Execution Vulnerability

  • CVE-2020-17123HigDec 10, 2020
    risk 0.51cvss 7.8epss 0.04

    Microsoft Excel Remote Code Execution Vulnerability

  • CVE-2020-17122HigDec 10, 2020
    risk 0.51cvss 7.8epss 0.03

    Microsoft Excel Remote Code Execution Vulnerability

  • CVE-2020-17121HigDec 10, 2020
    risk 0.57cvss 8.8epss 0.03

    Microsoft SharePoint Remote Code Execution Vulnerability

  • CVE-2020-17118HigDec 10, 2020
    risk 0.53cvss 8.1epss 0.04

    Microsoft SharePoint Remote Code Execution Vulnerability

  • CVE-2020-17115HigDec 10, 2020
    risk 0.52cvss 8.0epss 0.03

    Microsoft SharePoint Server Spoofing Vulnerability

  • CVE-2020-17103HigDec 10, 2020
    risk 0.48cvss 7.0epss 0.27

    Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

  • CVE-2020-17096HigDec 10, 2020
    risk 0.50cvss 7.5epss 0.19

    Windows NTFS Remote Code Execution Vulnerability

  • CVE-2020-17095HigDec 10, 2020
    risk 0.56cvss 8.5epss 0.05

    Windows Hyper-V Remote Code Execution Vulnerability

  • CVE-2020-17092HigDec 10, 2020
    risk 0.51cvss 7.8epss 0.01

    Windows Network Connections Service Elevation of Privilege Vulnerability

  • CVE-2020-17089HigDec 10, 2020
    risk 0.46cvss 7.1epss 0.03

    Microsoft SharePoint Elevation of Privilege Vulnerability

  • CVE-2020-17002HigDec 10, 2020
    risk 0.48cvss 7.4epss 0.03

    Azure SDK for C Security Feature Bypass Vulnerability

  • CVE-2020-16971HigDec 10, 2020
    risk 0.48cvss 7.4epss 0.04

    Azure SDK for Java Security Feature Bypass Vulnerability

  • CVE-2020-16964HigDec 10, 2020
    risk 0.51cvss 7.8epss 0.01

    Windows Backup Engine Elevation of Privilege Vulnerability

  • CVE-2020-16963HigDec 10, 2020
    risk 0.51cvss 7.8epss 0.01

    Windows Backup Engine Elevation of Privilege Vulnerability

  • CVE-2020-16962HigDec 10, 2020
    risk 0.51cvss 7.8epss 0.01

    Windows Backup Engine Elevation of Privilege Vulnerability

  • CVE-2020-16961HigDec 10, 2020
    risk 0.51cvss 7.8epss 0.01

    Windows Backup Engine Elevation of Privilege Vulnerability

  • CVE-2020-16960HigDec 10, 2020
    risk 0.51cvss 7.8epss 0.01

    Windows Backup Engine Elevation of Privilege Vulnerability

  • CVE-2020-16959HigDec 10, 2020
    risk 0.51cvss 7.8epss 0.01

    Windows Backup Engine Elevation of Privilege Vulnerability

  • CVE-2020-16958HigDec 10, 2020
    risk 0.51cvss 7.8epss 0.01

    Windows Backup Engine Elevation of Privilege Vulnerability

  • CVE-2020-10143HigDec 9, 2020
    risk 0.51cvss 7.8epss 0.01

    Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR variable as C:\openssl\. Macrium Reflect contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can…

  • CVE-2020-25499HigDec 9, 2020
    risk 0.58cvss 8.8epss 0.04

    TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.

  • CVE-2020-16600HigDec 9, 2020
    risk 0.51cvss 7.8epss 0.01

    A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer.

  • CVE-2020-28086HigDec 9, 2020
    risk 0.49cvss 7.5epss 0.01

    pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log into a remote service with the password. If an attacker controls the central Git server or one of the other…

  • CVE-2020-2049HigDec 9, 2020
    risk 0.51cvss 7.8epss 0.00

    A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the…

  • CVE-2020-7787HigDec 9, 2020
    risk 0.46cvss 8.2epss 0.01

    This affects all versions of package react-adal. It is possible for a specially crafted JWT token and request URL can cause the nonce, session and refresh values to be incorrectly validated, causing the application to treat an attacker-generated JWT token as authentic. The…

  • CVE-2020-7776HigDec 9, 2020
    risk 0.39cvss 7.1epss 0.01

    This affects the package phpoffice/phpspreadsheet from 0.0.0. The library is vulnerable to XSS when creating an html output from an excel file by adding a comment on any cell. The root cause of this issue is within the HTML writer where user comments are concatenated as part of…

  • CVE-2020-29661HigDec 9, 2020
    risk 0.00cvss 7.8epss 0.01

    A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.

  • CVE-2020-26832HigDec 9, 2020
    risk 0.50cvss 7.6epss 0.02

    SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC…

  • CVE-2020-26830HigDec 9, 2020
    risk 0.53cvss 8.1epss 0.01

    SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, does not perform necessary authorization checks for an authenticated user. Due to inadequate access control, a network attacker authenticated as a regular user can use operations which should be restricted to…

  • CVE-2020-26261HigDec 9, 2020
    risk 0.44cvss 7.9epss 0.00

    jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly…

  • CVE-2020-25199HigDec 9, 2020
    risk 0.51cvss 7.8epss 0.01

    A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09-21 and prior when processing project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application.

  • CVE-2020-23520HigDec 9, 2020
    risk 0.47cvss 7.2epss 0.02

    imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality.

  • CVE-2020-29656HigDec 9, 2020
    risk 0.49cvss 7.5epss 0.01

    An information disclosure vulnerability exists in RT-AC88U Download Master before 3.1.0.108. A direct access to /downloadmaster/dm_apply.cgi?action_mode=initial&download_type=General&special_cgi=get_language makes it possible to reach "unknown functionality" in a "known to be…

  • CVE-2020-29655HigDec 9, 2020
    risk 0.49cvss 7.5epss 0.01

    An injection vulnerability exists in RT-AC88U Download Master before 3.1.0.108. Accessing Main_Login.asp?flag=1&productname=FOOBAR&url=/downloadmaster/task.asp will redirect to the login site, which will show the value of the parameter productname within the title. An attacker…

  • CVE-2020-29651HigDec 9, 2020
    risk 0.00cvss 7.5epss 0.05

    A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

  • CVE-2020-26970HigDec 9, 2020
    risk 0.57cvss 8.8epss 0.01

    When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability…

  • CVE-2020-26969HigDec 9, 2020
    risk 0.57cvss 8.8epss 0.01

    Mozilla developers reported memory safety bugs present in Firefox 82. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83.

  • CVE-2020-26968HigDec 9, 2020
    risk 0.57cvss 8.8epss 0.01

    Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects…

  • CVE-2020-26960HigDec 9, 2020
    risk 0.57cvss 8.8epss 0.02

    If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

  • CVE-2020-26959HigDec 9, 2020
    risk 0.57cvss 8.8epss 0.01

    During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

  • CVE-2020-26952HigDec 9, 2020
    risk 0.57cvss 8.8epss 0.01

    Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affects Firefox < 83.

  • CVE-2020-26950HigDec 9, 2020
    risk 0.64cvss 8.8epss 0.42

    In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2.

  • CVE-2020-27614HigDec 9, 2020
    risk 0.51cvss 7.8epss 0.00

    AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the XPC interface that does not properly validate client requests and allows local privilege escalation.

  • CVE-2020-26249HigDec 9, 2020
    risk 0.43cvss 7.7epss 0.01

    Red Discord Bot Dashboard is an easy-to-use interactive web dashboard to control your Redbot. In Red Discord Bot before version 0.1.7a an RCE exploit has been discovered. This exploit allows Discord users with specially crafted Server names and Usernames/Nicknames to inject code…

  • CVE-2020-9991HigDec 8, 2020
    risk 0.49cvss 7.5epss 0.03

    This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service.