VYPR

CVEs

101,963 total · page 1429 of 2,040

  • CVE-2020-25133HigSep 25, 2020
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…

  • CVE-2020-19451HigSep 25, 2020
    risk 0.49cvss 7.5epss 0.01

    SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, updateLog function via the X-forwarded-for Header parameter.

  • CVE-2020-19450HigSep 25, 2020
    risk 0.49cvss 7.5epss 0.01

    SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, getUserLimits function in the list parameter.

  • CVE-2020-5930HigSep 25, 2020
    risk 0.49cvss 7.5epss 0.01

    In BIG-IP 15.0.0-15.1.0.4, 14.1.0-14.1.2.7, 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2 and BIG-IQ 5.2.0-7.1.0, unauthenticated attackers can cause disruption of service via undisclosed methods.

  • CVE-2020-15369HigSep 25, 2020
    risk 0.57cvss 8.8epss 0.01

    Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to…

  • CVE-2019-16212HigSep 25, 2020
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker to conduct an LDAP injection. The vulnerability could allow a remote attacker to bypass the authentication process.

  • CVE-2018-6448HigSep 25, 2020
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host.

  • CVE-2020-26112HigSep 25, 2020
    risk 0.49cvss 7.5epss 0.01

    The email quota cache in cPanel before 90.0.10 allows overwriting of files.

  • CVE-2020-26109HigSep 25, 2020
    risk 0.49cvss 7.5epss 0.01

    cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557).

  • CVE-2020-26107HigSep 25, 2020
    risk 0.49cvss 7.5epss 0.01

    cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561).

  • CVE-2020-26106HigSep 25, 2020
    risk 0.49cvss 7.5epss 0.01

    cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558).

  • CVE-2020-26104HigSep 25, 2020
    risk 0.49cvss 7.5epss 0.01

    In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552).

  • CVE-2020-26103HigSep 25, 2020
    risk 0.49cvss 7.5epss 0.01

    In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551).

  • CVE-2020-26102HigSep 25, 2020
    risk 0.49cvss 7.5epss 0.01

    In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550).

  • CVE-2020-26099HigSep 25, 2020
    risk 0.49cvss 7.5epss 0.01

    cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491).

  • CVE-2020-25748HigSep 25, 2020
    risk 0.53cvss 8.1epss 0.01

    A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify…

  • CVE-2020-24718HigSep 25, 2020
    risk 0.53cvss 8.2epss 0.01

    bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges…

  • CVE-2020-24692HigSep 25, 2020
    risk 0.46cvss 7.1epss 0.00

    The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session.

  • CVE-2020-24621HigSep 25, 2020
    risk 0.00cvss 8.8epss 0.03

    A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry) module before 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file could be written to a directory. This file could then be accessed and…

  • CVE-2020-24593HigSep 25, 2020
    risk 0.47cvss 7.2epss 0.01

    Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation.

  • CVE-2020-23837HigSep 25, 2020
    risk 0.57cvss 8.8epss 0.01

    A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin (or other) users after an authenticated admin visits a third-party site or clicks on a URL.

  • CVE-2020-13387HigSep 25, 2020
    risk 0.49cvss 7.5epss 0.01

    Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323.

  • CVE-2020-12824HigSep 25, 2020
    risk 0.49cvss 7.5epss 0.01

    Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP.

  • CVE-2019-7178HigSep 25, 2020
    risk 0.47cvss 7.2epss 0.02

    Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup.

  • CVE-2019-7177HigSep 25, 2020
    risk 0.47cvss 7.2epss 0.01

    Pexip Infinity before 20.1 allows Code Injection onto nodes via an admin.

  • CVE-2018-10585HigSep 25, 2020
    risk 0.49cvss 7.5epss 0.01

    Pexip Infinity before 18 allows remote Denial of Service (XML parsing).

  • CVE-2018-10432HigSep 25, 2020
    risk 0.49cvss 7.5epss 0.01

    Pexip Infinity before 18 allows Remote Denial of Service (TLS handshakes in RTMP).

  • CVE-2020-17365HigSep 24, 2020
    risk 0.51cvss 7.8epss 0.00

    Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. The vulnerability allows a local user to corrupt system files: a local user can…

  • CVE-2020-15843HigSep 24, 2020
    risk 0.47cvss 7.3epss 0.00

    ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client\, %PROGRAMFILES%\ActiveFax\Install\ and %PROGRAMFILES%\ActiveFax\Terminal\. The folder permissions allow "Full…

  • CVE-2020-13991HigSep 24, 2020
    risk 0.00cvss 7.5epss 0.02

    vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a register.

  • CVE-2020-15850HigSep 24, 2020
    risk 0.51cvss 7.8epss 0.01

    Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the…

  • CVE-2016-11086HigSep 24, 2020
    risk 0.41cvss 7.4epss 0.01

    lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information.

  • CVE-2020-19447HigSep 24, 2020
    risk 0.49cvss 7.5epss 0.01

    SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php via the f_marked_files_id parameter.

  • CVE-2020-3560HigSep 24, 2020
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit…

  • CVE-2020-3559HigSep 24, 2020
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An attacker could exploit this…

  • CVE-2020-3552HigSep 24, 2020
    risk 0.48cvss 7.4epss 0.00

    A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An…

  • CVE-2020-3527HigSep 24, 2020
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the Polaris kernel of Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to crash the device. The vulnerability is due to insufficient packet size validation. An attacker could exploit this vulnerability by sending jumbo frames…

  • CVE-2020-3526HigSep 24, 2020
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the Common Open Policy Service (COPS) engine of Cisco IOS XE Software on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to crash a device. The vulnerability is due to insufficient input validation. An attacker could…

  • CVE-2020-3512HigSep 24, 2020
    risk 0.48cvss 7.4epss 0.00

    A vulnerability in the PROFINET handler for Link Layer Discovery Protocol (LLDP) messages of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a crash on an affected device, resulting in a denial of service (DoS) condition.…

  • CVE-2020-3511HigSep 24, 2020
    risk 0.48cvss 7.4epss 0.00

    A vulnerability in the ISDN subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input…

  • CVE-2020-3510HigSep 24, 2020
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the Umbrella Connector component of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to trigger a reload, resulting in a denial of service condition on an affected device. The vulnerability is due to…

  • CVE-2020-3509HigSep 24, 2020
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the DHCP message handler of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the supervisor to crash, which could result in a denial of service (DoS) condition. The vulnerability is due…

  • CVE-2020-3508HigSep 24, 2020
    risk 0.48cvss 7.4epss 0.00

    A vulnerability in the IP Address Resolution Protocol (ARP) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers with a 20-Gbps Embedded Services Processor (ESP) installed could allow an unauthenticated, adjacent attacker to cause an affected…

  • CVE-2020-3497HigSep 24, 2020
    risk 0.48cvss 7.4epss 0.01

    Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)…

  • CVE-2020-3494HigSep 24, 2020
    risk 0.48cvss 7.4epss 0.00

    Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)…

  • CVE-2020-3493HigSep 24, 2020
    risk 0.48cvss 7.4epss 0.01

    Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)…

  • CVE-2020-3492HigSep 24, 2020
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers and Cisco AireOS Software for Cisco Wireless LAN Controllers (WLC) could allow an unauthenticated, remote attacker to cause a denial of…

  • CVE-2020-3489HigSep 24, 2020
    risk 0.48cvss 7.4epss 0.01

    Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)…

  • CVE-2020-3488HigSep 24, 2020
    risk 0.48cvss 7.4epss 0.01

    Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)…

  • CVE-2020-3480HigSep 24, 2020
    risk 0.56cvss 8.6epss 0.01

    Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4…