VYPR

CVEs

101,963 total · page 1431 of 2,040

  • CVE-2019-16019HigSep 23, 2020
    risk 0.56cvss 8.6epss 0.01

    Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect…

  • CVE-2019-16009HigSep 23, 2020
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an…

  • CVE-2019-16007HigSep 23, 2020
    risk 0.46cvss 7.1epss 0.00

    A vulnerability in the inter-service communication of Cisco AnyConnect Secure Mobility Client for Android could allow an unauthenticated, local attacker to perform a service hijack attack on an affected device or cause a denial of service (DoS) condition. The vulnerability is…

  • CVE-2019-15992HigSep 23, 2020
    risk 0.47cvss 7.2epss 0.04

    A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the…

  • CVE-2019-15957HigSep 23, 2020
    risk 0.47cvss 7.2epss 0.03

    A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system. When processed, the commands…

  • CVE-2019-15289HigSep 23, 2020
    risk 0.49cvss 7.5epss 0.01

    Multiple vulnerabilities in the video service of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerabilities are due to…

  • CVE-2019-15287HigSep 23, 2020
    risk 0.51cvss 7.8epss 0.02

    Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain…

  • CVE-2019-15285HigSep 23, 2020
    risk 0.51cvss 7.8epss 0.02

    Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain…

  • CVE-2019-15283HigSep 23, 2020
    risk 0.51cvss 7.8epss 0.02

    Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain…

  • CVE-2020-25515HigSep 22, 2020
    risk 0.51cvss 7.8epss 0.01

    Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http:///lms/index.php?page=books.

  • CVE-2020-25514HigSep 22, 2020
    risk 0.55cvss 8.4epss 0.01

    Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http:///lms/admin.php.

  • CVE-2020-14031HigSep 22, 2020
    risk 0.47cvss 7.2epss 0.02

    An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\SYSTEM, the only files that will not be deleted are those currently…

  • CVE-2020-14028HigSep 22, 2020
    risk 0.47cvss 7.2epss 0.02

    An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary content, usually with NT AUTHORITY\SYSTEM privileges.

  • CVE-2020-14026HigSep 22, 2020
    risk 0.57cvss 8.8epss 0.02

    CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export.

  • CVE-2020-14025HigSep 22, 2020
    risk 0.57cvss 8.8epss 0.01

    Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as installing new modules or changing a password.

  • CVE-2020-14022HigSep 22, 2020
    risk 0.57cvss 8.8epss 0.02

    Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. It is possible to upload an executable or .bat file that can be executed with the help of a functionality (E.g. the…

  • CVE-2020-25487HigSep 22, 2020
    risk 0.51cvss 7.8epss 0.01

    PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php.

  • CVE-2020-16202HigSep 22, 2020
    risk 0.51cvss 7.8epss 0.00

    WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges.

  • CVE-2020-4622HigSep 22, 2020
    risk 0.49cvss 7.5epss 0.01

    IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 184983.

  • CVE-2020-4621HigSep 22, 2020
    risk 0.57cvss 8.8epss 0.01

    IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to escalate their privileges to administrator due to insufficient authorization checks. IBM X-Force ID: 184981.

  • CVE-2020-4620HigSep 22, 2020
    risk 0.58cvss 8.8epss 0.05

    IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious…

  • CVE-2020-4617HigSep 22, 2020
    risk 0.53cvss 8.1epss 0.01

    IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 184930.

  • CVE-2020-4614HigSep 22, 2020
    risk 0.49cvss 7.5epss 0.01

    IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 184927.

  • CVE-2020-4613HigSep 22, 2020
    risk 0.49cvss 7.5epss 0.01

    IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184925.

  • CVE-2020-4611HigSep 22, 2020
    risk 0.57cvss 8.8epss 0.02

    IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. IBM X-Force ID: 184922.

  • CVE-2020-11855HigSep 22, 2020
    risk 0.54cvss 7.8epss 0.01

    An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges.

  • CVE-2020-8887HigSep 22, 2020
    risk 0.49cvss 7.5epss 0.01

    Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 have a SQL injection vulnerability allowing an unauthenticated attacker to dump database contents via the page parameter in a page=login request to index.php (aka the server login page).

  • CVE-2020-7734HigSep 22, 2020
    risk 0.46cvss 8.2epss 0.01

    All versions of package cabot are vulnerable to Cross-site Scripting (XSS) via the Endpoint column.

  • CVE-2020-6576HigSep 21, 2020
    risk 0.57cvss 8.8epss 0.02

    Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6575HigSep 21, 2020
    risk 0.54cvss 8.3epss 0.01

    Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2020-6574HigSep 21, 2020
    risk 0.51cvss 7.8epss 0.00

    Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.

  • CVE-2020-6559HigSep 21, 2020
    risk 0.57cvss 8.8epss 0.02

    Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6556HigSep 21, 2020
    risk 0.57cvss 8.8epss 0.03

    Heap buffer overflow in SwiftShader in Google Chrome prior to 84.0.4147.135 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6555HigSep 21, 2020
    risk 0.50cvss 7.6epss 0.02

    Out of bounds read in WebGL in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2020-6554HigSep 21, 2020
    risk 0.56cvss 8.6epss 0.01

    Use after free in extensions in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.

  • CVE-2020-6553HigSep 21, 2020
    risk 0.57cvss 8.8epss 0.02

    Use after free in offline mode in Google Chrome on iOS prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6552HigSep 21, 2020
    risk 0.57cvss 8.8epss 0.02

    Use after free in Blink in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6551HigSep 21, 2020
    risk 0.60cvss 8.8epss 0.29

    Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6550HigSep 21, 2020
    risk 0.60cvss 8.8epss 0.29

    Use after free in IndexedDB in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6549HigSep 21, 2020
    risk 0.60cvss 8.8epss 0.29

    Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6548HigSep 21, 2020
    risk 0.57cvss 8.8epss 0.03

    Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6546HigSep 21, 2020
    risk 0.51cvss 7.8epss 0.00

    Inappropriate implementation in installer in Google Chrome prior to 84.0.4147.125 allowed a local attacker to potentially elevate privilege via a crafted filesystem.

  • CVE-2020-6545HigSep 21, 2020
    risk 0.57cvss 8.8epss 0.01

    Use after free in audio in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6544HigSep 21, 2020
    risk 0.57cvss 8.8epss 0.01

    Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6543HigSep 21, 2020
    risk 0.57cvss 8.8epss 0.01

    Use after free in task scheduling in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6542HigSep 21, 2020
    risk 0.57cvss 8.8epss 0.02

    Use after free in ANGLE in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6541HigSep 21, 2020
    risk 0.59cvss 8.8epss 0.23

    Use after free in WebUSB in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6540HigSep 21, 2020
    risk 0.57cvss 8.8epss 0.02

    Buffer overflow in Skia in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6539HigSep 21, 2020
    risk 0.57cvss 8.8epss 0.01

    Use after free in CSS in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6537HigSep 21, 2020
    risk 0.57cvss 8.8epss 0.02

    Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.