VYPR

CVEs

101,963 total · page 1430 of 2,040

  • CVE-2020-3465HigSep 24, 2020
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a device to reload. The vulnerability is due to incorrect handling of certain valid, but not typical, Ethernet frames. An attacker could exploit this vulnerability by sending the…

  • CVE-2020-3426HigSep 24, 2020
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the implementation of the Low Power, Wide Area (LPWA) subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote…

  • CVE-2020-3425HigSep 24, 2020
    risk 0.57cvss 8.8epss 0.02

    Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these…

  • CVE-2020-3422HigSep 24, 2020
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the IP Service Level Agreement (SLA) responder feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the IP SLA responder to reuse an existing port, resulting in a denial of service (DoS) condition. The vulnerability exists…

  • CVE-2020-3421HigSep 24, 2020
    risk 0.56cvss 8.6epss 0.02

    Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4…

  • CVE-2020-3414HigSep 24, 2020
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the packet processing of Cisco IOS XE Software for Cisco 4461 Integrated Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to…

  • CVE-2020-3409HigSep 24, 2020
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the PROFINET feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash and reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to…

  • CVE-2020-3408HigSep 24, 2020
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability occurs because the regular…

  • CVE-2020-3407HigSep 24, 2020
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or…

  • CVE-2020-3404HigSep 24, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the persistent Telnet/Secure Shell (SSH) CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS) with root privileges. The vulnerability…

  • CVE-2020-3403HigSep 24, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to inject a command to the underlying operating system that will execute with root privileges upon the next reboot of the device. The authenticated user must have privileged EXEC…

  • CVE-2020-3400HigSep 24, 2020
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to utilize parts of the web UI for which they are not authorized.The vulnerability is due to insufficient authorization of web UI access requests. An attacker could…

  • CVE-2020-3399HigSep 24, 2020
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of an…

  • CVE-2020-3390HigSep 24, 2020
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of the Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause the device to unexpectedly reload,…

  • CVE-2020-3359HigSep 24, 2020
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the multicast DNS (mDNS) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper validation of mDNS…

  • CVE-2020-3141HigSep 24, 2020
    risk 0.57cvss 8.8epss 0.02

    Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these…

  • CVE-2020-15223HigSep 24, 2020
    risk 0.45cvss 8.0epss 0.02

    In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandler` ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid.…

  • CVE-2020-15222HigSep 24, 2020
    risk 0.46cvss 8.1epss 0.01

    In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.31.0, when using "private_key_jwt" authentication the uniqueness of the `jti` value is not checked. When using client authentication method "private_key_jwt", OpenId specification says…

  • CVE-2020-13119HigSep 24, 2020
    risk 0.53cvss 8.1epss 0.01

    ismartgate PRO 1.5.9 is vulnerable to clickjacking.

  • CVE-2020-12837HigSep 24, 2020
    risk 0.49cvss 7.5epss 0.01

    ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. The magic bytes of PNG must be used.

  • CVE-2020-12282HigSep 24, 2020
    risk 0.57cvss 8.8epss 0.01

    iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. (This can be combined with reflected XSS.)

  • CVE-2020-24365HigSep 24, 2020
    risk 0.61cvss 8.8epss 0.11

    An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127x9 01.01.02.127 devices. The Monitor Diagnostic network page allows an authenticated attacker to execute a command directly on the target machine. Commands are executed as the root user (uid 0). (Even if a…

  • CVE-2020-12817HigSep 24, 2020
    risk 0.57cvss 8.8epss 0.02

    An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors.

  • CVE-2020-16148HigSep 24, 2020
    risk 0.47cvss 7.2epss 0.02

    The ping page of the administration panel in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via authenticated code injection over the network.

  • CVE-2020-24560HigSep 24, 2020
    risk 0.49cvss 7.5epss 0.02

    An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of…

  • CVE-2020-15604HigSep 24, 2020
    risk 0.49cvss 7.5epss 0.02

    An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of…

  • CVE-2020-25603HigSep 23, 2020
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the port is considered to be valid. Such a sequence is missing an appropriate memory…

  • CVE-2020-25599HigSep 23, 2020
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to…

  • CVE-2020-25595HigSep 23, 2020
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI…

  • CVE-2020-11031HigSep 23, 2020
    risk 0.00cvss 7.8epss 0.00

    In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption…

  • CVE-2020-24213HigSep 23, 2020
    risk 0.49cvss 7.5epss 0.01

    An integer overflow was discovered in YGOPro ygocore v13.51. Attackers can use it to leak the game server thread's memory.

  • CVE-2020-2284HigSep 23, 2020
    risk 0.46cvss 7.1epss 0.01

    Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

  • CVE-2020-2280HigSep 23, 2020
    risk 0.57cvss 8.8epss 0.01

    A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code.

  • CVE-2020-16244HigSep 23, 2020
    risk 0.47cvss 7.2epss 0.01

    GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts the entire platform at high risk because an authenticated user can retrieve all…

  • CVE-2020-7122HigSep 23, 2020
    risk 0.49cvss 7.5epss 0.01

    Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the CDP (Cisco Discovery Protocol) process in the switch.…

  • CVE-2020-7121HigSep 23, 2020
    risk 0.49cvss 7.5epss 0.01

    Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the LLDP (Link Layer Discovery Protocol) process in the…

  • CVE-2020-24625HigSep 23, 2020
    risk 0.49cvss 7.5epss 0.02

    Unathenticated directory traversal in the ReceiverServlet class doGet() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.

  • CVE-2020-24624HigSep 23, 2020
    risk 0.49cvss 7.5epss 0.02

    Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.

  • CVE-2020-14365HigSep 23, 2020
    risk 0.39cvss 7.1epss 0.00

    A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default…

  • CVE-2020-10714HigSep 23, 2020
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and…

  • CVE-2020-25826HigSep 23, 2020
    risk 0.51cvss 7.8epss 0.00

    PingID Integration for Windows Login before 2.4.2 allows local users to gain privileges by modifying CefSharp.BrowserSubprocess.exe.

  • CVE-2020-25821HigSep 23, 2020
    risk 0.49cvss 7.5epss 0.01

    peg-markdown 0.4.14 has a NULL pointer dereference in process_raw_blocks in markdown_lib.c. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

  • CVE-2020-3569HigKEVSep 23, 2020
    risk 0.68cvss 8.6epss 0.03

    Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available…

  • CVE-2020-3143HigSep 23, 2020
    risk 0.47cvss 7.2epss 0.08

    A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected…

  • CVE-2020-3135HigSep 23, 2020
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. The vulnerability is due to insufficient CSRF…

  • CVE-2020-3133HigSep 23, 2020
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper validation of incoming emails. An…

  • CVE-2019-1947HigSep 23, 2020
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an…

  • CVE-2019-1888HigSep 23, 2020
    risk 0.47cvss 7.2epss 0.03

    A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to upload arbitrary files and execute commands on the underlying operating system. To exploit this vulnerability, an attacker…

  • CVE-2019-16023HigSep 23, 2020
    risk 0.49cvss 7.5epss 0.01

    Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect…

  • CVE-2019-16021HigSep 23, 2020
    risk 0.49cvss 7.5epss 0.01

    Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect…