VYPR

CVEs

101,963 total · page 1417 of 2,040

  • CVE-2020-15272HigOct 26, 2020
    risk 0.00cvss 8.7epss 0.01

    In the git-tag-annotation-action (open source GitHub Action) before version 1.0.1, an attacker can execute arbitrary (*) shell commands if they can control the value of [the `tag` input] or manage to alter the value of [the `GITHUB_REF` environment variable]. The problem has…

  • CVE-2020-26566HigOct 26, 2020
    risk 0.49cvss 7.5epss 0.04

    A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request.

  • CVE-2020-7752HigOct 26, 2020
    risk 0.51cvss 8.8epss 0.06

    This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands.

  • CVE-2020-27187HigOct 26, 2020
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other…

  • CVE-2020-7125HigOct 26, 2020
    risk 0.57cvss 8.8epss 0.01

    A remote escalation of privilege vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

  • CVE-2020-24632HigOct 26, 2020
    risk 0.47cvss 7.2epss 0.03

    A remote execution of arbitrary commandss vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

  • CVE-2020-24631HigOct 26, 2020
    risk 0.47cvss 7.2epss 0.03

    A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

  • CVE-2020-15897HigOct 26, 2020
    risk 0.49cvss 7.5epss 0.01

    Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause traffic loss or incorrect forwarding of traffic via a malformed link-state PDU to the IS-IS router.

  • CVE-2020-13100HigOct 26, 2020
    risk 0.49cvss 7.5epss 0.01

    Arista’s CloudVision eXchange (CVX) server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (crash and restart) in the ControllerOob agent via a malformed control-plane packet.

  • CVE-2020-24848HigOct 23, 2020
    risk 0.51cvss 7.8epss 0.00

    FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.

  • CVE-2020-5990HigOct 23, 2020
    risk 0.51cvss 7.8epss 0.00

    NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.

  • CVE-2020-5978HigOct 23, 2020
    risk 0.51cvss 7.8epss 0.00

    NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges.

  • CVE-2020-5977HigOct 23, 2020
    risk 0.51cvss 7.8epss 0.00

    NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and…

  • CVE-2020-27216HigOct 23, 2020
    risk 0.46cvss 7.0epss 0.04

    In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a…

  • CVE-2020-26561HigOct 23, 2020
    risk 0.58cvss 8.8epss 0.12

    Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd. Successful exploitation leads to arbitrary code execution. NOTE: This vulnerability only affects products that are no longer…

  • CVE-2020-9331HigOct 23, 2020
    risk 0.51cvss 7.8epss 0.00

    CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation (by local users with the SeChangeNotifyPrivilege right) because user-mode input is mishandled during process creation. An attacker can write arbitrary data to an arbitrary location in the…

  • CVE-2020-26887HigOct 23, 2020
    risk 0.54cvss 7.8epss 0.01

    FRITZ!OS before 7.21 on FRITZ!Box devices allows a bypass of a DNS Rebinding protection mechanism.

  • CVE-2019-14719HigOct 23, 2020
    risk 0.51cvss 7.8epss 0.01

    Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager.

  • CVE-2019-14717HigOct 23, 2020
    risk 0.51cvss 7.8epss 0.00

    Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 have a Buffer Overflow via the Run system call.

  • CVE-2019-14712HigOct 23, 2020
    risk 0.51cvss 7.8epss 0.00

    Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation.

  • CVE-2019-14711HigOct 23, 2020
    risk 0.46cvss 7.0epss 0.00

    Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass.

  • CVE-2020-27672HigOct 22, 2020
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.

  • CVE-2020-27671HigOct 22, 2020
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.

  • CVE-2020-27670HigOct 22, 2020
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.

  • CVE-2020-25186HigOct 22, 2020
    risk 0.49cvss 7.5epss 0.01

    An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing parameter entities, which may allow file disclosure.

  • CVE-2020-18129HigOct 22, 2020
    risk 0.57cvss 8.8epss 0.01

    A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php.

  • CVE-2020-15681HigOct 22, 2020
    risk 0.49cvss 7.5epss 0.01

    When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 82.

  • CVE-2020-11853HigOct 22, 2020
    risk 0.66cvss 8.8epss 0.77

    Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions :…

  • CVE-2019-17007HigOct 22, 2020
    risk 0.49cvss 7.5epss 0.01

    In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.

  • CVE-2020-10721HigOct 22, 2020
    risk 0.51cvss 7.8epss 0.01

    A flaw was found in the fabric8-maven-plugin 4.0.0 and later. When using a wildfly-swarm or thorntail custom configuration, a malicious YAML configuration file on the local machine executing the maven plug-in could allow for deserialization of untrusted data resulting in…

  • CVE-2020-9994HigOct 22, 2020
    risk 0.46cvss 7.1epss 0.01

    A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files.

  • CVE-2020-9990HigOct 22, 2020
    risk 0.51cvss 7.8epss 0.00

    A race condition was addressed with additional validation. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges.

  • CVE-2020-9985HigOct 22, 2020
    risk 0.51cvss 7.8epss 0.01

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

  • CVE-2020-9984HigOct 22, 2020
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted…

  • CVE-2020-9980HigOct 22, 2020
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted font file may lead to arbitrary code execution.

  • CVE-2020-9940HigOct 22, 2020
    risk 0.51cvss 7.8epss 0.01

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

  • CVE-2020-9938HigOct 22, 2020
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted…

  • CVE-2020-9937HigOct 22, 2020
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously…

  • CVE-2020-9929HigOct 22, 2020
    risk 0.46cvss 7.1epss 0.00

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to cause unexpected system termination or read kernel memory.

  • CVE-2020-9928HigOct 22, 2020
    risk 0.51cvss 7.8epss 0.01

    Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.

  • CVE-2020-9927HigOct 22, 2020
    risk 0.51cvss 7.8epss 0.00

    A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.

  • CVE-2020-9924HigOct 22, 2020
    risk 0.49cvss 7.5epss 0.02

    A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A remote attacker may be able to cause a denial of service.

  • CVE-2020-9921HigOct 22, 2020
    risk 0.46cvss 7.0epss 0.00

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with system privileges.

  • CVE-2020-9919HigOct 22, 2020
    risk 0.51cvss 7.8epss 0.01

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously…

  • CVE-2020-9908HigOct 22, 2020
    risk 0.46cvss 7.1epss 0.00

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to cause unexpected system termination or read kernel memory.

  • CVE-2020-9905HigOct 22, 2020
    risk 0.49cvss 7.5epss 0.03

    A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A remote attacker may be able to cause a denial of service.

  • CVE-2020-9904HigOct 22, 2020
    risk 0.51cvss 7.8epss 0.01

    A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges.

  • CVE-2020-9901HigOct 22, 2020
    risk 0.51cvss 7.8epss 0.00

    An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A local attacker may be able to elevate their privileges.

  • CVE-2020-27665HigOct 22, 2020
    risk 0.42cvss 7.5epss 0.01

    In Strapi before 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-builder) routes.

  • CVE-2020-9900HigOct 22, 2020
    risk 0.51cvss 7.8epss 0.00

    An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A local attacker may be able to elevate their privileges.