VYPR

CVEs

101,963 total · page 1419 of 2,040

  • CVE-2020-3533HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly. The vulnerability is due to a lack of…

  • CVE-2020-3529HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service…

  • CVE-2020-3528HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the OSPF Version 2 (OSPFv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of…

  • CVE-2020-3514HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.00

    A vulnerability in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their Cisco FTD instance and execute commands with root privileges in the host namespace. The attacker must…

  • CVE-2020-3499HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the licensing service of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.The vulnerability is due to improper handling of system resource values by the affected…

  • CVE-2020-3459HigOct 21, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could…

  • CVE-2020-3456HigOct 21, 2020
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the Cisco Firepower Chassis Manager (FCM) of Cisco FXOS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected device. The vulnerability is due to insufficient CSRF…

  • CVE-2020-3455HigOct 21, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the secure boot process of Cisco FXOS Software could allow an authenticated, local attacker to bypass the secure boot mechanisms. The vulnerability is due to insufficient protections of the secure boot process. An attacker could exploit this vulnerability by…

  • CVE-2020-3436HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to upload arbitrary-sized files to specific folders on an affected device, which could lead…

  • CVE-2020-3410HigOct 21, 2020
    risk 0.53cvss 8.1epss 0.01

    A vulnerability in the Common Access Card (CAC) authentication feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and access the FMC system. The attacker must have a valid CAC to initiate the…

  • CVE-2020-3373HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the IP fragment-handling implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. This memory leak could…

  • CVE-2020-3317HigOct 21, 2020
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the ssl_inspection component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to crash Snort instances. The vulnerability is due to insufficient input validation in the ssl_inspection component. An attacker could…

  • CVE-2020-3304HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.04

    A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS)…

  • CVE-2020-17381HigOct 21, 2020
    risk 0.47cvss 7.3epss 0.00

    An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE binary.

  • CVE-2018-11764HigOct 21, 2020
    risk 0.57cvss 8.8epss 0.02

    Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured.

  • CVE-2020-15240HigOct 21, 2020
    risk 0.41cvss 7.4epss 0.01

    omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by…

  • CVE-2020-5651HigOct 21, 2020
    risk 0.57cvss 8.8epss 0.01

    SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL.

  • CVE-2020-27613HigOct 21, 2020
    risk 0.55cvss 8.4epss 0.00

    The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access.

  • CVE-2020-27611HigOct 21, 2020
    risk 0.00cvss 7.3epss 0.01

    BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint.

  • CVE-2020-27610HigOct 21, 2020
    risk 0.49cvss 7.5epss 0.01

    The installation procedure in BigBlueButton before 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block external access.

  • CVE-2020-27603HigOct 21, 2020
    risk 0.49cvss 7.5epss 0.03

    BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files.

  • CVE-2020-14883HigKEVOct 21, 2020
    risk 0.70cvss 7.2epss 0.98

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with…

  • CVE-2020-14880HigOct 21, 2020
    risk 0.55cvss 8.5epss 0.01

    Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network…

  • CVE-2020-14879HigOct 21, 2020
    risk 0.55cvss 8.5epss 0.01

    Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network…

  • CVE-2020-14878HigOct 21, 2020
    risk 0.52cvss 8.0epss 0.01

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment…

  • CVE-2020-14872HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.00

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox…

  • CVE-2020-14865HigOct 21, 2020
    risk 0.53cvss 8.1epss 0.02

    Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection product of Oracle PeopleSoft (component: eSupplier Connection). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to…

  • CVE-2020-14864HigKEVOct 21, 2020
    risk 0.72cvss 7.5epss 0.97

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker…

  • CVE-2020-14863HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1 - 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…

  • CVE-2020-14862HigOct 21, 2020
    risk 0.57cvss 8.8epss 0.02

    Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3 - 12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to…

  • CVE-2020-14857HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2020-14856HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2020-14851HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2020-14850HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Flex Fields). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP…

  • CVE-2020-14849HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2020-14843HigOct 21, 2020
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated…

  • CVE-2020-14842HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network…

  • CVE-2020-14835HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…

  • CVE-2020-14834HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2020-14833HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2020-14831HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2020-14828HigOct 21, 2020
    risk 0.47cvss 7.2epss 0.02

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.…

  • CVE-2020-14824HigOct 21, 2020
    risk 0.56cvss 8.6epss 0.02

    Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated…

  • CVE-2020-14820HigOct 21, 2020
    risk 0.49cvss 7.5epss 0.04

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with…

  • CVE-2020-14819HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle…

  • CVE-2020-14817HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2020-14816HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2020-14815HigOct 21, 2020
    risk 0.54cvss 8.2epss 0.08

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated…

  • CVE-2020-14808HigOct 21, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to…

  • CVE-2020-14807HigOct 21, 2020
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospitality Applications (component: WebConnect). Supported versions that are affected are 8.10.2 and 8.11-8.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to…