VYPR

CVEs

101,963 total · page 1415 of 2,040

  • CVE-2018-19943HigKEVOct 28, 2020
    risk 0.71cvss 8.0epss 0.18

    If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build…

  • CVE-2020-4767HigOct 28, 2020
    risk 0.49cvss 7.5epss 0.02

    IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could cause the application to crash. IBM X-Force ID: 188906.

  • CVE-2020-15278HigOct 28, 2020
    risk 0.43cvss 7.7epss 0.01

    Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit allows Discord users with a high privilege level within the guild to bypass hierarchy checks when the application is in a specific condition that is beyond that…

  • CVE-2020-27978HigOct 28, 2020
    risk 0.49cvss 7.5epss 0.02

    Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session.

  • CVE-2020-27975HigOct 28, 2020
    risk 0.57cvss 8.8epss 0.01

    osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php CSRF.

  • CVE-2020-22552HigOct 28, 2020
    risk 0.49cvss 7.5epss 0.01

    The Snap7 server component in version 1.4.1, when an attacker sends a crafted packet with COTP protocol the last-data-unit flag set to No and S7 writes a var function, the Snap7 server will be crashed.

  • CVE-2020-8260HigKEVOct 28, 2020
    risk 0.70cvss 7.2epss 0.96

    A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.

  • CVE-2020-8254HigOct 28, 2020
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect…

  • CVE-2020-8250HigOct 28, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.

  • CVE-2020-8249HigOct 28, 2020
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow.

  • CVE-2020-8248HigOct 28, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.

  • CVE-2020-8241HigOct 28, 2020
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server.

  • CVE-2020-8240HigOct 28, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is…

  • CVE-2020-5145HigOct 28, 2020
    risk 0.56cvss 8.6epss 0.01

    SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to remote code execution in the target system.

  • CVE-2020-5144HigOct 28, 2020
    risk 0.51cvss 7.8epss 0.01

    SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability.

  • CVE-2020-9973HigOct 27, 2020
    risk 0.51cvss 7.8epss 0.02

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted USD file may lead to unexpected…

  • CVE-2020-9961HigOct 27, 2020
    risk 0.51cvss 7.8epss 0.02

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.

  • CVE-2020-9941HigOct 27, 2020
    risk 0.49cvss 7.5epss 0.03

    This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. A remote attacker may be able to unexpectedly alter application state.

  • CVE-2020-9932HigOct 27, 2020
    risk 0.57cvss 8.8epss 0.01

    A memory corruption issue was addressed with improved validation. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, tvOS 13. Processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2020-9782HigOct 27, 2020
    risk 0.49cvss 7.5epss 0.01

    A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A remote attacker may be able to overwrite existing files.

  • CVE-2020-9774HigOct 27, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Encrypted data may be inappropriately…

  • CVE-2020-3880HigOct 27, 2020
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Processing a maliciously crafted…

  • CVE-2020-3864HigOct 27, 2020
    risk 0.51cvss 7.8epss 0.00

    A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin.

  • CVE-2020-3863HigOct 27, 2020
    risk 0.51cvss 7.8epss 0.01

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. An application may be able to execute arbitrary code with system privileges.

  • CVE-2020-3855HigOct 27, 2020
    risk 0.46cvss 7.1epss 0.01

    An access issue was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. A malicious application may be able to overwrite arbitrary files.

  • CVE-2020-3851HigOct 27, 2020
    risk 0.51cvss 7.8epss 0.01

    A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra, macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High…

  • CVE-2020-27892HigOct 27, 2020
    risk 0.49cvss 7.5epss 0.01

    The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Discover Commands Received Response message or a ZCL Discover Commands Generated Response message. It crashes in zclParseInDiscCmdsRspCmd().

  • CVE-2020-27891HigOct 27, 2020
    risk 0.49cvss 7.5epss 0.01

    The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Read Reporting Configuration Response message. It crashes in zclHandleExternal().

  • CVE-2020-27890HigOct 27, 2020
    risk 0.53cvss 8.2epss 0.01

    The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Write Attributes No Response message. It crashes in zclParseInWriteCmd() and does not update the specific attribute's value.

  • CVE-2020-27888HigOct 27, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Controller 6.0.28 devices. Cached credentials are not erased from an access point returning wirelessly from a disconnected state. This may provide unintended network access.

  • CVE-2019-8854HigOct 27, 2020
    risk 0.49cvss 7.5epss 0.01

    A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. A device may be passively tracked by its Wi-Fi MAC address.

  • CVE-2019-8852HigOct 27, 2020
    risk 0.51cvss 7.8epss 0.03

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An application may be able to execute arbitrary code with kernel privileges.

  • CVE-2019-8848HigOct 27, 2020
    risk 0.51cvss 7.8epss 0.01

    This issue was addressed with improved checks. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows,…

  • CVE-2019-8847HigOct 27, 2020
    risk 0.51cvss 7.8epss 0.01

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An application may be able to execute arbitrary code with kernel privileges.

  • CVE-2019-8846HigOct 27, 2020
    risk 0.57cvss 8.8epss 0.02

    A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to…

  • CVE-2019-8851HigOct 27, 2020
    risk 0.49cvss 7.5epss 0.01

    A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A Mac may not lock immediately upon wake.

  • CVE-2019-8844HigOct 27, 2020
    risk 0.57cvss 8.8epss 0.02

    Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted…

  • CVE-2019-8841HigOct 27, 2020
    risk 0.51cvss 7.8epss 0.00

    An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3. An application may be able to execute arbitrary code with kernel privileges.

  • CVE-2019-8840HigOct 27, 2020
    risk 0.57cvss 8.8epss 0.01

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 11.3. Compiling with untrusted sources may lead to arbitrary code execution with user privileges.

  • CVE-2019-8838HigOct 27, 2020
    risk 0.51cvss 7.8epss 0.01

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to…

  • CVE-2019-8837HigOct 27, 2020
    risk 0.51cvss 7.8epss 0.01

    A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A malicious application may be able to access restricted files.

  • CVE-2019-8836HigOct 27, 2020
    risk 0.51cvss 7.8epss 0.01

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges.

  • CVE-2019-8835HigOct 27, 2020
    risk 0.57cvss 8.8epss 0.02

    Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may…

  • CVE-2019-8833HigOct 27, 2020
    risk 0.51cvss 7.8epss 0.01

    A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to…

  • CVE-2019-8832HigOct 27, 2020
    risk 0.51cvss 7.8epss 0.01

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to…

  • CVE-2019-8831HigOct 27, 2020
    risk 0.51cvss 7.8epss 0.01

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. An application may be able to execute…

  • CVE-2019-8830HigOct 27, 2020
    risk 0.57cvss 8.8epss 0.02

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iOS 12.4.4, watchOS 5.3.4. Processing…

  • CVE-2019-8829HigOct 27, 2020
    risk 0.51cvss 7.8epss 0.01

    A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6.1, tvOS 13.2, iOS 13.2 and iPadOS 13.2. An application may be able to execute arbitrary code…

  • CVE-2019-8828HigOct 27, 2020
    risk 0.51cvss 7.8epss 0.01

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to…

  • CVE-2019-8826HigOct 27, 2020
    risk 0.57cvss 8.8epss 0.01

    A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15. Processing maliciously crafted web content may lead to arbitrary code execution.