VYPR

CVEs

101,963 total · page 1428 of 2,040

  • CVE-2020-15488HigSep 30, 2020
    risk 0.49cvss 7.5epss 0.01

    Re:Desk 2.3 allows insecure file upload.

  • CVE-2020-14377HigSep 30, 2020
    risk 0.46cvss 7.1epss 0.00

    A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can…

  • CVE-2020-14376HigSep 30, 2020
    risk 0.51cvss 7.8epss 0.00

    A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and…

  • CVE-2020-14375HigSep 30, 2020
    risk 0.51cvss 7.8epss 0.00

    A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after…

  • CVE-2020-8243HigKEVSep 30, 2020
    risk 0.66cvss 7.2epss 0.91

    A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution.

  • CVE-2020-26163HigSep 30, 2020
    risk 0.00cvss 8.8epss 0.02

    BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link.

  • CVE-2020-26160HigSep 30, 2020
    risk 0.42cvss 7.5epss 0.02

    jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is…

  • CVE-2020-26150HigSep 30, 2020
    risk 0.49cvss 7.5epss 0.01

    info.php in Logaritmo Aware CallManager 2012 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function.

  • CVE-2020-26149HigSep 30, 2020
    risk 0.42cvss 7.5epss 0.01

    NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno before 1.0.0-9 allow credential disclosure from a client to a server.

  • CVE-2020-26148HigSep 30, 2020
    risk 0.49cvss 7.5epss 0.01

    md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g., assertion failure) via a malformed Markdown document.

  • CVE-2020-25760HigSep 30, 2020
    risk 0.57cvss 8.8epss 0.02

    Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database.

  • CVE-2020-21564HigSep 30, 2020
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in Pluck CMS 4.7.10-dev2 and 4.7.11. There is a file upload vulnerability that can cause a remote command execution via admin.php?action=files.

  • CVE-2020-21527HigSep 30, 2020
    risk 0.50cvss 7.7epss 0.01

    There is an Arbitrary file deletion vulnerability in halo v1.1.3. A backup function in the background allows a user, when deleting their backup files, to delete any files on the system through directory traversal.

  • CVE-2020-21525HigSep 30, 2020
    risk 0.49cvss 7.5epss 0.02

    Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it.

  • CVE-2020-14030HigSep 30, 2020
    risk 0.47cvss 7.2epss 0.02

    An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It stores SMS messages in .NET serialized format on the filesystem. By generating (and writing to the disk) malicious .NET serialized files, an attacker can trick the product into deserializing them, resulting in…

  • CVE-2020-13951HigSep 30, 2020
    risk 0.57cvss 7.5epss 0.70

    Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.

  • CVE-2020-13658HigSep 30, 2020
    risk 0.52cvss 8.0epss 0.00

    In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF attack that would allow a low-level Lansweeper user to elevate their privileges within the application.

  • CVE-2020-13325HigSep 30, 2020
    risk 0.46cvss 7.1epss 0.01

    A vulnerability was discovered in GitLab versions prior 13.1. The comment section of the issue page was not restricting the characters properly, potentially resulting in a denial of service.

  • CVE-2020-13323HigSep 30, 2020
    risk 0.50cvss 7.7epss 0.01

    A vulnerability was discovered in GitLab versions prior 13.1. Under certain conditions private merge requests could be read via Todos

  • CVE-2020-13322HigSep 30, 2020
    risk 0.47cvss 7.2epss 0.01

    A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens.

  • CVE-2020-13321HigSep 30, 2020
    risk 0.54cvss 8.3epss 0.01

    A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added.

  • CVE-2019-20922HigSep 30, 2020
    risk 0.42cvss 7.5epss 0.04

    Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources.

  • CVE-2019-20920HigSep 30, 2020
    risk 0.46cvss 8.1epss 0.03

    Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing…

  • CVE-2018-5354HigSep 30, 2020
    risk 0.57cvss 8.8epss 0.02

    The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote attackers to execute code and escalate privileges via spoofing. When the client is configured to use HTTP, it does not authenticate the intended server before opening a browser window. An…

  • CVE-2018-11765HigSep 30, 2020
    risk 0.49cvss 7.5epss 0.05

    In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled.

  • CVE-2020-12505HigSep 30, 2020
    risk 0.53cvss 8.2epss 0.01

    Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO…

  • CVE-2020-4607HigSep 29, 2020
    risk 0.51cvss 7.8epss 0.00

    IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.

  • CVE-2020-25773HigSep 29, 2020
    risk 0.51cvss 7.8epss 0.02

    A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file.

  • CVE-2020-24563HigSep 29, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to…

  • CVE-2020-24562HigSep 29, 2020
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute…

  • CVE-2020-26121HigSep 27, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction…

  • CVE-2020-25869HigSep 27, 2020
    risk 0.49cvss 7.5epss 0.01

    An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Handling of actor ID does not necessarily use the correct database or correct wiki.

  • CVE-2020-25827HigSep 27, 2020
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests…

  • CVE-2020-26117HigSep 27, 2020
    risk 0.00cvss 8.1epss 0.03

    In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception.

  • CVE-2020-26116HigSep 27, 2020
    risk 0.47cvss 7.2epss 0.06

    http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of…

  • CVE-2020-15214HigSep 25, 2020
    risk 0.46cvss 8.1epss 0.01

    In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to…

  • CVE-2020-15212HigSep 25, 2020
    risk 0.46cvss 8.1epss 0.01

    In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write…

  • CVE-2020-15208HigSep 25, 2020
    risk 0.41cvss 7.4epss 0.01

    In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor,…

  • CVE-2020-15207HigSep 25, 2020
    risk 0.50cvss 8.7epss 0.01

    In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in…

  • CVE-2020-15203HigSep 25, 2020
    risk 0.42cvss 7.5epss 0.01

    In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. This…

  • CVE-2020-15196HigSep 25, 2020
    risk 0.48cvss 8.5epss 0.01

    In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don't validate that the `weights` tensor has the same shape as the data. The check exists for `DenseCountSparseOutput`, where both tensors are fully specified. In the sparse…

  • CVE-2020-15195HigSep 25, 2020
    risk 0.48cvss 8.5epss 0.01

    In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an index outside of bounds of `grad_values`, thus resulting in a heap buffer…

  • CVE-2020-15193HigSep 25, 2020
    risk 0.39cvss 7.1epss 0.01

    In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing…

  • CVE-2020-25149HigSep 25, 2020
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…

  • CVE-2020-25145HigSep 25, 2020
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…

  • CVE-2020-25144HigSep 25, 2020
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…

  • CVE-2020-25143HigSep 25, 2020
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via /ajax/device_entities.php?entity_type=ne…

  • CVE-2020-19455HigSep 25, 2020
    risk 0.49cvss 7.5epss 0.01

    SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/com_jdownloads/helpers/categories.php, order function via the filter_order parameter.

  • CVE-2020-25136HigSep 25, 2020
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…

  • CVE-2020-25134HigSep 25, 2020
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…