VYPR

CVEs

101,963 total · page 1404 of 2,040

  • CVE-2020-26890HigNov 24, 2020
    risk 0.49cvss 7.5epss 0.03

    Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event…

  • CVE-2020-25696HigNov 23, 2020
    risk 0.49cvss 7.5epss 0.03

    A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary…

  • CVE-2020-25660HigNov 23, 2020
    risk 0.57cvss 8.8epss 0.01

    A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to…

  • CVE-2020-26228HigNov 23, 2020
    risk 0.53cvss 8.1epss 0.01

    TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly…

  • CVE-2020-24227HigNov 23, 2020
    risk 0.49cvss 7.5epss 0.01

    Playground Sessions v2.5.582 (and earlier) for Windows, stores the user credentials in plain text allowing anyone with access to UserProfiles.sol to extract the email and password.

  • CVE-2018-16723HigNov 23, 2020
    risk 0.51cvss 7.8epss 0.00

    In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12364020.

  • CVE-2018-16722HigNov 23, 2020
    risk 0.51cvss 7.8epss 0.00

    In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360094, a related issue to CVE-2018-16305.

  • CVE-2018-16721HigNov 23, 2020
    risk 0.51cvss 7.8epss 0.00

    In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360090, a related issue to CVE-2018-16306.

  • CVE-2018-16720HigNov 23, 2020
    risk 0.51cvss 7.8epss 0.00

    In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x1236001c, a related issue to CVE-2018-16304.

  • CVE-2018-16719HigNov 23, 2020
    risk 0.51cvss 7.8epss 0.00

    In Jingyun Antivirus v2.4.2.39, the driver file (hookbody.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00221482.

  • CVE-2020-15246HigNov 23, 2020
    risk 0.42cvss 7.5epss 0.02

    October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.421 and before version 1.0.469, an attacker can read local files on an October CMS server via a specially crafted request. Issue has been patched in Build…

  • CVE-2020-7927HigNov 23, 2020
    risk 0.53cvss 8.1epss 0.01

    Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and…

  • CVE-2020-26239HigNov 23, 2020
    risk 0.00cvss 7.6epss 0.01

    Scratch Addons is a WebExtension that supports both Chrome and Firefox. Scratch Addons before version 1.3.2 is vulnerable to DOM-based XSS. If the victim visited a specific website, the More Links addon of the Scratch Addons extension used incorrect regular expression which…

  • CVE-2020-12351HigNov 23, 2020
    risk 0.61cvss 8.8epss 0.08

    Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

  • CVE-2019-14586HigNov 23, 2020
    risk 0.52cvss 8.0epss 0.01

    Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.

  • CVE-2019-14575HigNov 23, 2020
    risk 0.51cvss 7.8epss 0.00

    Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2019-14563HigNov 23, 2020
    risk 0.51cvss 7.8epss 0.00

    Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-7777HigNov 23, 2020
    risk 0.47cvss 7.2epss 0.02

    This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is…

  • CVE-2020-28421HigNov 23, 2020
    risk 0.51cvss 7.8epss 0.00

    CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges.

  • CVE-2019-14559HigNov 23, 2020
    risk 0.49cvss 7.5epss 0.01

    Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.

  • CVE-2020-7925HigNov 23, 2020
    risk 0.49cvss 7.5epss 0.02

    Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB…

  • CVE-2020-27985HigNov 23, 2020
    risk 0.00cvss 7.8epss 0.01

    Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home//SecurityOnion/setup/so-setup.

  • CVE-2020-28975HigNov 21, 2020
    risk 0.42cvss 7.5epss 0.03

    svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in…

  • CVE-2020-14258HigNov 21, 2020
    risk 0.49cvss 7.5epss 0.01

    HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the client. Versions 9, 10 and 11 are affected.

  • CVE-2020-14234HigNov 21, 2020
    risk 0.49cvss 7.5epss 0.01

    HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to release 9.0.1 FP10 IF6 and release 10.0.1 are affected.

  • CVE-2020-14230HigNov 21, 2020
    risk 0.49cvss 7.5epss 0.01

    HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1…

  • CVE-2020-25185HigNov 21, 2020
    risk 0.57cvss 8.8epss 0.02

    The affected product is vulnerable to five post-authentication buffer overflows, which may allow a logged in user to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09).

  • CVE-2020-4005HigNov 20, 2020
    risk 0.51cvss 7.8epss 0.00

    VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process…

  • CVE-2020-4004HigNov 20, 2020
    risk 0.53cvss 8.2epss 0.00

    VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local…

  • CVE-2020-28845HigNov 20, 2020
    risk 0.51cvss 7.8epss 0.01

    A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system.

  • CVE-2020-20740HigNov 20, 2020
    risk 0.00cvss 7.8epss 0.01

    PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version().

  • CVE-2020-26236HigNov 20, 2020
    risk 0.00cvss 7.5epss 0.01

    In ScratchVerifier before commit a603769, an attacker can hijack the verification process to log into someone else's account on any site that uses ScratchVerifier for logins. A possible exploitation would follow these steps: 1. User starts login process. 2. Attacker attempts…

  • CVE-2020-19667HigNov 20, 2020
    risk 0.51cvss 7.8epss 0.02

    Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7.

  • CVE-2020-13671HigKEVNov 20, 2020
    risk 0.70cvss 8.8epss 0.04

    Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0…

  • CVE-2020-4937HigNov 20, 2020
    risk 0.49cvss 7.5epss 0.01

    IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 191814.

  • CVE-2020-4739HigNov 20, 2020
    risk 0.51cvss 7.8epss 0.00

    IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking…

  • CVE-2020-5668HigNov 20, 2020
    risk 0.49cvss 7.5epss 0.05

    Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules (R00/01/02CPU firmware version '19' and earlier, R04/08/16/32/120 (EN) CPU firmware version '51' and earlier, R08/16/32/120SFCPU firmware version '22' and earlier, R08/16/32/120PCPU firmware version…

  • CVE-2020-7572HigNov 19, 2020
    risk 0.57cvss 8.8epss 0.02

    A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial…

  • CVE-2020-7569HigNov 19, 2020
    risk 0.57cvss 8.8epss 0.02

    A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and…

  • CVE-2020-7566HigNov 19, 2020
    risk 0.47cvss 7.3epss 0.00

    A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221…

  • CVE-2020-7565HigNov 19, 2020
    risk 0.47cvss 7.3epss 0.00

    A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221…

  • CVE-2020-7559HigNov 19, 2020
    risk 0.49cvss 7.5epss 0.02

    A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software…

  • CVE-2020-7558HigNov 19, 2020
    risk 0.51cvss 7.8epss 0.02

    A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

  • CVE-2020-7557HigNov 19, 2020
    risk 0.51cvss 7.8epss 0.02

    A CWE-125 Out-of-bounds Read vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

  • CVE-2020-7556HigNov 19, 2020
    risk 0.51cvss 7.8epss 0.02

    A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

  • CVE-2020-7555HigNov 19, 2020
    risk 0.51cvss 7.8epss 0.02

    A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

  • CVE-2020-7554HigNov 19, 2020
    risk 0.51cvss 7.8epss 0.02

    A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

  • CVE-2020-7553HigNov 19, 2020
    risk 0.51cvss 7.8epss 0.02

    A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

  • CVE-2020-7552HigNov 19, 2020
    risk 0.51cvss 7.8epss 0.02

    A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247, that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

  • CVE-2020-7551HigNov 19, 2020
    risk 0.51cvss 7.8epss 0.02

    A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247, that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.