VYPR

CVEs

101,963 total · page 1411 of 2,040

  • CVE-2020-4759HigNov 9, 2020
    risk 0.51cvss 7.8epss 0.02

    IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 188736.

  • CVE-2020-27977HigNov 9, 2020
    risk 0.51cvss 7.8epss 0.00

    CapaSystems CapaInstaller before 6.0.101 does not properly assign, modify, or check privileges for an actor who attempts to edit registry values, allowing an attacker to escalate privileges.

  • CVE-2020-23140HigNov 9, 2020
    risk 0.53cvss 8.1epss 0.01

    Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active.

  • CVE-2020-8268HigNov 9, 2020
    risk 0.42cvss 7.5epss 0.01

    Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor.

  • CVE-2020-15297HigNov 9, 2020
    risk 0.46cvss 7.1epss 0.01

    Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network. This issue affects:…

  • CVE-2020-24400HigNov 9, 2020
    risk 0.46cvss 7.1epss 0.02

    Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. This vulnerability could be exploited by an authenticated user with permissions to the product listing page to read data from the…

  • CVE-2020-28345HigNov 8, 2020
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered on LG mobile devices with Android OS 10 software. The Wi-Fi subsystem may crash because of the lack of a NULL parameter check. The LG ID is LVE-SMP-200025 (November 2020).

  • CVE-2020-28344HigNov 8, 2020
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. System services may crash because of the lack of a NULL parameter check. The LG ID is LVE-SMP-200024 (November 2020).

  • CVE-2020-28343HigNov 8, 2020
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 980, 9820, and 9830 chipsets) software. The NPU driver allows attackers to execute arbitrary code because of unintended write and read operations on memory. The Samsung ID is SVE-2020-18610…

  • CVE-2020-28342HigNov 8, 2020
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (China / India) software. The S Secure application allows attackers to bypass authentication for a locked Gallery application via the Reminder application. The Samsung ID is SVE-2020-18689 (November 2020).

  • CVE-2020-28341HigNov 8, 2020
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos990 chipsets) software. The S3K250AF Secure Element CC EAL 5+ chip allows attackers to execute arbitrary code and obtain sensitive information via a buffer overflow. The Samsung ID is SVE-2020-18632 (November…

  • CVE-2020-28339HigNov 7, 2020
    risk 0.49cvss 7.5epss 0.02

    The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain.

  • CVE-2020-16122HigNov 7, 2020
    risk 0.53cvss 8.2epss 0.00

    PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages.

  • CVE-2020-15259HigNov 6, 2020
    risk 0.00cvss 8.1epss 0.01

    ad-ldap-connector's admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss. CSRF exploits may occur if the user visits a malicious page containing CSRF payload on the same machine…

  • CVE-2020-3604HigNov 6, 2020
    risk 0.51cvss 7.8epss 0.02

    Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex…

  • CVE-2020-3603HigNov 6, 2020
    risk 0.51cvss 7.8epss 0.03

    Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex…

  • CVE-2020-3600HigNov 6, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient security controls on the CLI. An attacker could exploit this vulnerability by using an…

  • CVE-2020-3595HigNov 6, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root group on the underlying operating system. The vulnerability is due to incorrect permissions being set when the affected command is executed. An attacker could…

  • CVE-2020-3594HigNov 6, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted…

  • CVE-2020-3593HigNov 6, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted…

  • CVE-2020-3588HigNov 6, 2020
    risk 0.47cvss 7.3epss 0.00

    A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary code on a targeted system. This vulnerability occurs when this app is deployed in a virtual desktop environment and using virtual…

  • CVE-2020-3574HigNov 6, 2020
    risk 0.49cvss 7.5epss 0.08

    A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP…

  • CVE-2020-3573HigNov 6, 2020
    risk 0.51cvss 7.8epss 0.03

    Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex…

  • CVE-2020-3556HigNov 6, 2020
    risk 0.47cvss 7.3epss 0.00

    A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to cause a targeted AnyConnect user to execute a malicious script. The vulnerability is due to a lack of…

  • CVE-2020-3444HigNov 6, 2020
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this…

  • CVE-2020-28328HigNov 6, 2020
    risk 0.65cvss 8.8epss 0.63

    SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root.

  • CVE-2017-18926HigNov 6, 2020
    risk 0.46cvss 7.1epss 0.03

    raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml).

  • CVE-2020-5794HigNov 6, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory. The attacker…

  • CVE-2020-25174HigNov 6, 2020
    risk 0.51cvss 7.8epss 0.00

    A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local attackers to execute code on the system as a high privileged user.

  • CVE-2020-25170HigNov 6, 2020
    risk 0.51cvss 7.8epss 0.01

    An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export.

  • CVE-2020-8580HigNov 6, 2020
    risk 0.49cvss 7.5epss 0.01

    SANtricity OS Controller Software versions 11.30 and higher are susceptible to a vulnerability which allows an unauthenticated attacker with access to the system to cause a Denial of Service (DoS).

  • CVE-2020-7198HigNov 6, 2020
    risk 0.57cvss 8.8epss 0.02

    There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.

  • CVE-2020-27589HigNov 6, 2020
    risk 0.42cvss 7.5epss 0.01

    Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases.

  • CVE-2020-27196HigNov 6, 2020
    risk 0.00cvss 7.5epss 0.01

    An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint (that may or may not expect JSON payloads) causes a…

  • CVE-2020-26883HigNov 6, 2020
    risk 0.00cvss 7.5epss 0.01

    In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents.

  • CVE-2020-26882HigNov 6, 2020
    risk 0.00cvss 7.5epss 0.01

    In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input.

  • CVE-2020-10292HigNov 6, 2020
    risk 0.53cvss 8.2epss 0.01

    Visual Components (owned by KUKA) is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Visual Components software requires a special license which can beobtained from a network license server. The network…

  • CVE-2020-10291HigNov 6, 2020
    risk 0.49cvss 7.5epss 0.01

    Visual Components (owned by KUKA) is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Visual Components software requires a special license which can beobtained from a network license server. The network…

  • CVE-2020-28196HigNov 6, 2020
    risk 0.00cvss 7.5epss 0.04

    MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.

  • CVE-2020-26521HigNov 6, 2020
    risk 0.42cvss 7.5epss 0.02

    The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).

  • CVE-2020-5649HigNov 6, 2020
    risk 0.49cvss 7.5epss 0.04

    Resource management error vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and…

  • CVE-2020-5646HigNov 6, 2020
    risk 0.49cvss 7.5epss 0.04

    NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and…

  • CVE-2020-5645HigNov 6, 2020
    risk 0.49cvss 7.5epss 0.04

    Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier,…

  • CVE-2020-27347HigNov 6, 2020
    risk 0.00cvss 8.8epss 0.01

    In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output.

  • CVE-2020-6877HigNov 5, 2020
    risk 0.57cvss 8.8epss 0.01

    A ZTE product is impacted by an information leak vulnerability. An attacker could use this vulnerability to obtain the authentication password of the handheld terminal and access the device illegally for operation. This affects: ZXA10 eODN V2.3P2T1

  • CVE-2020-25837HigNov 5, 2020
    risk 0.49cvss 7.5epss 0.01

    Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain configurations the vulnerability could disclose sensitive information.

  • CVE-2020-25661HigNov 5, 2020
    risk 0.49cvss 7.5epss 0.02

    A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing…

  • CVE-2020-13537HigNov 5, 2020
    risk 0.51cvss 7.8epss 0.01

    An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT…

  • CVE-2020-13536HigNov 5, 2020
    risk 0.51cvss 7.8epss 0.01

    An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By default MXViewService, which starts as a NT…

  • CVE-2020-5946HigNov 5, 2020
    risk 0.49cvss 7.5epss 0.01

    In BIG-IP Advanced WAF and FPS versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, under some circumstances, certain format client-side alerts sent to the BIG-IP virtual server configured with DataSafe may cause the Traffic Management Microkernel (TMM) to restart,…