VYPR

CVEs

101,963 total · page 1413 of 2,040

  • CVE-2020-15992HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.

  • CVE-2020-15991HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2020-15990HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2020-15987HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream.

  • CVE-2020-15983HigNov 3, 2020
    risk 0.51cvss 7.8epss 0.00

    Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page.

  • CVE-2020-15980HigNov 3, 2020
    risk 0.51cvss 7.8epss 0.00

    Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents.

  • CVE-2020-15979HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.02

    Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-15978HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.

  • CVE-2020-15976HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-15975HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-15974HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.

  • CVE-2020-15972HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.03

    Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-15971HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2020-15970HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2020-15969HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.02

    Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-15968HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.02

    Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-15967HigNov 3, 2020
    risk 0.57cvss 8.8epss 0.01

    Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2020-9861HigNov 2, 2020
    risk 0.49cvss 7.5epss 0.01

    A stack overflow issue existed in Swift for Linux. The issue was addressed with improved input validation for dealing with deeply nested malicious JSON input.

  • CVE-2020-7758HigNov 2, 2020
    risk 0.42cvss 7.5epss 0.02

    This affects versions of package browserless-chrome before 1.40.2-chrome-stable. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server.

  • CVE-2020-9368HigNov 2, 2020
    risk 0.49cvss 7.5epss 0.02

    The Module Olea Gift On Order module through 5.0.8 for PrestaShop enables an unauthenticated user to read arbitrary files on the server via getfile.php?file=/.. directory traversal.

  • CVE-2020-8183HigNov 2, 2020
    risk 0.49cvss 7.5epss 0.02

    A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.

  • CVE-2020-5658HigNov 2, 2020
    risk 0.49cvss 7.5epss 0.03

    Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number…

  • CVE-2020-5655HigNov 2, 2020
    risk 0.49cvss 7.5epss 0.03

    NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number…

  • CVE-2020-5654HigNov 2, 2020
    risk 0.49cvss 7.5epss 0.03

    Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or…

  • CVE-2020-5652HigNov 2, 2020
    risk 0.49cvss 7.5epss 0.04

    Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier,…

  • CVE-2020-28046HigNov 2, 2020
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in ProlinOS through 2.4.161.8859R. An attacker with local code execution privileges as a normal user (MAINAPP) can escalate to root privileges by exploiting the setuid installation of the xtables-multi binary and leveraging the ip6tables --modprobe switch.

  • CVE-2020-28045HigNov 2, 2020
    risk 0.51cvss 7.8epss 0.00

    An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. This OS requires installed applications and all system binaries to be signed either by the manufacturer or by the Point Of Sale application developer and distributor. The signature is a 2048-byte RSA…

  • CVE-2020-28043HigNov 2, 2020
    risk 0.49cvss 7.5epss 0.01

    MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL.

  • CVE-2020-28033HigNov 2, 2020
    risk 0.49cvss 7.5epss 0.03

    WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed.

  • CVE-2020-28030HigNov 2, 2020
    risk 0.00cvss 7.5epss 0.02

    In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement.

  • CVE-2020-27992HigNov 2, 2020
    risk 0.51cvss 7.8epss 0.00

    Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse DriverInstall.exe because %PROGRAMFILES(X86)%\Wondershare\dr.fone\Library\DriverInstaller has Full Control for BUILTIN\Users.

  • CVE-2020-27708HigNov 2, 2020
    risk 0.51cvss 7.8epss 0.01

    A vulnerability exists in the Origin Client that could allow a non-Administrative user to elevate their access to either Administrator or System. Once the user has obtained elevated access, they may be able to take control of the system and perform actions otherwise reserved for…

  • CVE-2020-14425HigNov 2, 2020
    risk 0.57cvss 7.8epss 0.39

    Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog.

  • CVE-2020-10937HigNov 2, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in IPFS (aka go-ipfs) 0.4.23. An attacker can generate ephemeral identities (Sybils) and leverage the IPFS connection management reputation system to poison other nodes' routing tables, eclipsing the nodes that are the target of the attack from the rest…

  • CVE-2018-19952HigNov 2, 2020
    risk 0.49cvss 7.5epss 0.01

    If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.

  • CVE-2020-3704HigNov 2, 2020
    risk 0.49cvss 7.5epss 0.01

    u'While processing invalid connection request PDU which is nonstandard (interval or timeout is 0) from central device may lead peripheral system enter into dead lock state.(This CVE is equivalent to InvalidConnectionRequest(CVE-2019-19193) mentioned in sweyntooth paper)' in…

  • CVE-2020-3696HigNov 2, 2020
    risk 0.51cvss 7.8epss 0.00

    u'Use after free while installing new security rule in ipcrtr as old one is deleted and this rule could still be in use for checking security permission for particular process' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon…

  • CVE-2020-3694HigNov 2, 2020
    risk 0.51cvss 7.8epss 0.00

    u'Use out of range pointer issue can occur due to incorrect buffer range check during the execution of qseecom' in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music in Bitra, Nicobar, Saipan, SM6150, SM8150, SM8250, SXR2130

  • CVE-2020-3693HigNov 2, 2020
    risk 0.51cvss 7.8epss 0.00

    u'Use out of range pointer issue can occur due to incorrect buffer range check during the execution of qseecom.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in…

  • CVE-2020-3690HigNov 2, 2020
    risk 0.51cvss 7.8epss 0.00

    u'Due to an incorrect SMMU configuration, the modem crypto engine can potentially compromise the hypervisor' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,…

  • CVE-2020-3684HigNov 2, 2020
    risk 0.51cvss 7.8epss 0.00

    u'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applies them without validation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,…

  • CVE-2020-3678HigNov 2, 2020
    risk 0.51cvss 7.8epss 0.00

    u'A buffer overflow could occur if the API is improperly used due to UIE init does not contain a buffer size a param' in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Agatti, Kamorta, QCS404, QCS605,…

  • CVE-2020-3638HigNov 2, 2020
    risk 0.51cvss 7.8epss 0.00

    u'An Unaligned address or size can propagate to the database due to improper page permissions and can lead to improper access control' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,…

  • CVE-2020-11174HigNov 2, 2020
    risk 0.51cvss 7.8epss 0.00

    u'Array index underflow issue in adsp driver due to improper check of channel id before used as array index.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,…

  • CVE-2020-11173HigNov 2, 2020
    risk 0.46cvss 7.0epss 0.00

    u'Two threads running simultaneously from user space can lead to race condition in fastRPC driver' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon…

  • CVE-2020-11164HigNov 2, 2020
    risk 0.51cvss 7.8epss 0.00

    u'Third-party app may also call the broadcasts in Perfdump and cause privilege escalation issue due to improper access control' in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti,…

  • CVE-2020-11162HigNov 2, 2020
    risk 0.51cvss 7.8epss 0.00

    u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon…

  • CVE-2020-11157HigNov 2, 2020
    risk 0.49cvss 7.5epss 0.00

    u'Lack of handling unexpected control messages while encryption was in progress can terminate the connection and thus leading to a DoS' in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,…

  • CVE-2020-11156HigNov 2, 2020
    risk 0.53cvss 8.1epss 0.00

    u'Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap packet received from peer device.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon…

  • CVE-2020-11155HigNov 2, 2020
    risk 0.57cvss 8.8epss 0.01

    u'Buffer overflow while processing PDU packet in bluetooth due to lack of check of buffer length before copying into it.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial…