VYPR

CVEs

101,963 total · page 1412 of 2,040

  • CVE-2020-5945HigNov 5, 2020
    risk 0.55cvss 8.4epss 0.01

    In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability (XSS). The issue allows a minor privilege escalation for resource admin to escalate to full admin.

  • CVE-2020-5942HigNov 5, 2020
    risk 0.49cvss 7.5epss 0.01

    In BIG-IP PEM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when processing Capabilities-Exchange-Answer (CEA) packets with certain attributes from the Policy and Charging Rules Function (PCRF) server, the…

  • CVE-2020-5941HigNov 5, 2020
    risk 0.49cvss 7.5epss 0.01

    On BIG-IP versions 16.0.0-16.0.0.1 and 15.1.0-15.1.0.5, using the RESOLV::lookup command within an iRule may cause the Traffic Management Microkernel (TMM) to generate a core file and restart. This issue occurs when data exceeding the maximum limit of a hostname passes to the…

  • CVE-2020-5939HigNov 5, 2020
    risk 0.49cvss 7.5epss 0.01

    In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.3, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, and 13.1.0-13.1.3.4, BIG-IP Virtual Edition (VE) systems on VMware, with an Intel-based 85299 Network Interface Controller (NIC) card and Single Root I/O Virtualization (SR-IOV) enabled on vSphere,…

  • CVE-2020-5793HigNov 5, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory. An attacker could…

  • CVE-2020-24437HigNov 5, 2020
    risk 0.54cvss 7.8epss 0.45

    Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the…

  • CVE-2020-24436HigNov 5, 2020
    risk 0.52cvss 7.8epss 0.16

    Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds write vulnerability that could result in writing past the end of an allocated memory structure. An attacker could leverage this…

  • CVE-2020-24435HigNov 5, 2020
    risk 0.55cvss 7.8epss 0.51

    Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a heap-based buffer overflow vulnerability in the submitForm function, potentially resulting in arbitrary code execution in the context of the…

  • CVE-2020-24433HigNov 5, 2020
    risk 0.52cvss 7.8epss 0.15

    Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could enable a user without administrator privileges to delete arbitrary files and…

  • CVE-2020-24430HigNov 5, 2020
    risk 0.52cvss 7.8epss 0.18

    Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability when handling malicious JavaScript. This vulnerability could result in arbitrary code execution in the context of…

  • CVE-2020-24429HigNov 5, 2020
    risk 0.50cvss 7.7epss 0.03

    Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in local privilege escalation. Exploitation of this issue requires user interaction…

  • CVE-2020-24428HigNov 5, 2020
    risk 0.50cvss 7.7epss 0.02

    Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition vulnerability that could result in local privilege escalation. Exploitation of…

  • CVE-2020-13661HigNov 5, 2020
    risk 0.57cvss 8.8epss 0.01

    Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose…

  • CVE-2020-26507HigNov 5, 2020
    risk 0.51cvss 7.8epss 0.01

    A CSV Injection (also known as Formula Injection) vulnerability in the Marmind web application with version 4.1.141.0 allows malicious users to gain remote control of other computers. By providing formula code in the “Notes” functionality in the main screen, an attacker can…

  • CVE-2020-25399HigNov 5, 2020
    risk 0.51cvss 7.8epss 0.01

    Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat.

  • CVE-2020-25398HigNov 5, 2020
    risk 0.57cvss 8.8epss 0.02

    CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality.

  • CVE-2020-28115HigNov 5, 2020
    risk 0.57cvss 8.8epss 0.01

    SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the object_path parameter.

  • CVE-2020-27688HigNov 5, 2020
    risk 0.49cvss 7.5epss 0.02

    RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt() method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted…

  • CVE-2020-27402HigNov 5, 2020
    risk 0.51cvss 7.8epss 0.01

    The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port (UART) connection or using adb.

  • CVE-2020-24849HigNov 5, 2020
    risk 0.57cvss 8.8epss 0.03

    A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly escaped shell metacharacters obtained from the POST request at the page_config_adv.php page, it is possible to perform remote code execution by an authenticated attacker. This is…

  • CVE-2020-15950HigNov 5, 2020
    risk 0.57cvss 8.8epss 0.01

    Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout.

  • CVE-2020-15949HigNov 5, 2020
    risk 0.49cvss 7.5epss 0.01

    Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover.

  • CVE-2020-7763HigNov 5, 2020
    risk 0.42cvss 7.5epss 0.02

    This affects the package phantom-html-to-pdf before 0.6.1.

  • CVE-2020-27387HigNov 5, 2020
    risk 0.04cvss 8.8epss 0.18

    An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the…

  • CVE-2020-25201HigNov 4, 2020
    risk 0.00cvss 7.5epss 0.03

    HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5.

  • CVE-2020-26207HigNov 4, 2020
    risk 0.00cvss 8.0epss 0.02

    DatabaseSchemaViewer before version 2.7.4.3 is vulnerable to arbitrary code execution if a user is tricked into opening a specially crafted `.dbschema` file. The patch was released in v2.7.4.3. As a workaround, ensure `.dbschema` files from untrusted sources are not opened.

  • CVE-2020-27692HigNov 4, 2020
    risk 0.57cvss 8.8epss 0.01

    The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings (responsible for managing devices remotely).…

  • CVE-2020-7129HigNov 4, 2020
    risk 0.47cvss 7.2epss 0.03

    A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

  • CVE-2020-8037HigNov 4, 2020
    risk 0.00cvss 7.5epss 0.03

    The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.

  • CVE-2020-8036HigNov 4, 2020
    risk 0.00cvss 7.5epss 0.01

    The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way.

  • CVE-2020-22278HigNov 4, 2020
    risk 0.57cvss 8.8epss 0.02

    phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents.

  • CVE-2020-22277HigNov 4, 2020
    risk 0.52cvss 8.0epss 0.02

    Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile.

  • CVE-2020-22275HigNov 4, 2020
    risk 0.57cvss 8.8epss 0.02

    Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable.

  • CVE-2020-26211HigNov 3, 2020
    risk 0.43cvss 7.7epss 0.01

    In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with…

  • CVE-2020-26210HigNov 3, 2020
    risk 0.00cvss 7.7epss 0.01

    In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have…

  • CVE-2020-16009HigKEVNov 3, 2020
    risk 0.66cvss 8.8epss 0.49

    Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-16008HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.

  • CVE-2020-16007HigNov 3, 2020
    risk 0.51cvss 7.8epss 0.00

    Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.

  • CVE-2020-16006HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.02

    Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-16005HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.02

    Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-16004HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-16003HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-16002HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.02

    Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2020-16001HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.02

    Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-16000HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.02

    Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-15998HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Use after free in USB in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2020-15997HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Use after free in Mojo in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2020-15996HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Use after free in passwords in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2020-15995HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-15994HigNov 3, 2020
    risk 0.58cvss 8.8epss 0.13

    Use after free in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.