VYPR

CVEs

101,963 total · page 1432 of 2,040

  • CVE-2020-6532HigSep 21, 2020
    risk 0.57cvss 8.8epss 0.01

    Use after free in SCTP in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-15965HigSep 21, 2020
    risk 0.57cvss 8.8epss 0.03

    Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

  • CVE-2020-15964HigSep 21, 2020
    risk 0.57cvss 8.8epss 0.03

    Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-15962HigSep 21, 2020
    risk 0.57cvss 8.8epss 0.02

    Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

  • CVE-2020-15960HigSep 21, 2020
    risk 0.57cvss 8.8epss 0.02

    Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

  • CVE-2020-4643HigSep 21, 2020
    risk 0.49cvss 7.5epss 0.03

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information. IBM X-Force ID: 185590.

  • CVE-2020-4581HigSep 21, 2020
    risk 0.49cvss 7.5epss 0.02

    IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. IBM X-Force ID: 184441.

  • CVE-2020-4580HigSep 21, 2020
    risk 0.49cvss 7.5epss 0.02

    IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted a JSON request with invalid characters. IBM X-Force ID: 184439.

  • CVE-2020-4579HigSep 21, 2020
    risk 0.49cvss 7.5epss 0.02

    IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted HTTP/2 request with invalid characters. IBM X-Force ID: 184438.

  • CVE-2020-25796HigSep 19, 2020
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the InlineArray implementation, an unaligned reference may be generated for a type that has a large alignment requirement.

  • CVE-2020-25795HigSep 19, 2020
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, insert_from can have a memory-safety issue upon a panic.

  • CVE-2020-25794HigSep 19, 2020
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, clone can have a memory-safety issue upon a panic.

  • CVE-2020-25793HigSep 19, 2020
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with From<InlineArray<A, T>>.

  • CVE-2020-25792HigSep 19, 2020
    risk 0.42cvss 7.5epss 0.03

    An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair().

  • CVE-2020-25791HigSep 19, 2020
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit().

  • CVE-2020-25790HigSep 19, 2020
    risk 0.51cvss 7.2epss 0.16

    Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security…

  • CVE-2020-25788HigSep 19, 2020
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST["url"] in an error message.

  • CVE-2020-8253HigSep 18, 2020
    risk 0.49cvss 7.5epss 0.02

    Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files.

  • CVE-2020-8252HigSep 18, 2020
    risk 0.51cvss 7.8epss 0.01

    The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.

  • CVE-2020-8251HigSep 18, 2020
    risk 0.49cvss 7.5epss 0.09

    Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections.

  • CVE-2020-8247HigSep 18, 2020
    risk 0.57cvss 8.8epss 0.01

    Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before…

  • CVE-2020-8246HigSep 18, 2020
    risk 0.49cvss 7.5epss 0.02

    Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before…

  • CVE-2020-8237HigSep 18, 2020
    risk 0.49cvss 7.5epss 0.02

    Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack.

  • CVE-2020-8225HigSep 18, 2020
    risk 0.49cvss 7.5epss 0.01

    A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.

  • CVE-2020-8201HigSep 18, 2020
    risk 0.49cvss 7.4epss 0.05

    Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks…

  • CVE-2020-11861HigSep 18, 2020
    risk 0.51cvss 7.8epss 0.00

    Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system.

  • CVE-2020-3979HigSep 18, 2020
    risk 0.51cvss 7.8epss 0.00

    InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not required, they are loaded if present, which could allow an attacker to plant a…

  • CVE-2020-25766HigSep 18, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page.

  • CVE-2020-14029HigSep 18, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local files.

  • CVE-2020-0405HigSep 18, 2020
    risk 0.51cvss 7.8epss 0.00

    In NetworkStackNotifier, there is a possible permissions bypass due to an unsafe implicit PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0319HigSep 18, 2020
    risk 0.51cvss 7.8epss 0.00

    In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0300HigSep 18, 2020
    risk 0.49cvss 7.5epss 0.01

    In NFC, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148736216

  • CVE-2020-0299HigSep 18, 2020
    risk 0.51cvss 7.8epss 0.00

    In Bluetooth, there is a possible spoofing of bluetooth device metadata due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0298HigSep 18, 2020
    risk 0.51cvss 7.8epss 0.00

    In Bluetooth, there is a possible control over Bluetooth enabled state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0286HigSep 18, 2020
    risk 0.49cvss 7.5epss 0.01

    In Bluetooth AVRCP, there is a possible leak of audio metadata due to residual data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:…

  • CVE-2020-0273HigSep 18, 2020
    risk 0.51cvss 7.8epss 0.00

    In hwservicemanager, there is a possible out of bounds write due to freeing a wild pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-0271HigSep 18, 2020
    risk 0.47cvss 7.3epss 0.00

    In the Settings app, there is an insecure default value. This could lead to local escalation of privilege and tapjacking with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144507081

  • CVE-2020-5976HigSep 18, 2020
    risk 0.49cvss 7.5epss 0.01

    NVIDIA GeForce NOW, versions prior to 2.0.23 (Windows, macOS) and versions prior to 5.31 (Android, Shield TV), contains a vulnerability in the application software where the network test component transmits sensitive information insecurely, which may lead to information…

  • CVE-2020-5975HigSep 18, 2020
    risk 0.49cvss 7.5epss 0.01

    NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, contains a vulnerability in the desktop application software that includes sensitive information as part of a URL, which may lead to information disclosure.

  • CVE-2020-15958HigSep 18, 2020
    risk 0.56cvss 8.6epss 0.03

    An issue was discovered in 1CRM System through 8.6.7. An insecure direct object reference to internally stored files allows a remote attacker to access various sensitive information via an unauthenticated request with a predictable URL.

  • CVE-2020-0262HigSep 18, 2020
    risk 0.51cvss 7.8epss 0.00

    In WiFi tethering, there is a possible attacker controlled intent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android…

  • CVE-2020-0089HigSep 18, 2020
    risk 0.51cvss 7.8epss 0.00

    In the audio server, there is a missing permission check. This could lead to local escalation of privilege regarding audio settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:…

  • CVE-2020-15776HigSep 18, 2020
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. The CSRF prevention token is stored in a request cookie that is not annotated as HttpOnly. An attacker with the ability to execute arbitrary code in a user's browser could impose an arbitrary value for this token,…

  • CVE-2020-15775HigSep 18, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise conveys high level build information such as project names and build counts over time. This page is incorrectly viewable anonymously.

  • CVE-2020-15771HigSep 18, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. Cross-site transmission of cookie containing CSRF token allows remote attacker to bypass CSRF mitigation.

  • CVE-2020-15768HigSep 18, 2020
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection in Gradle Enterprise allows remote attackers to obtain authentication cookies, if they are able to discover a separate XSS…

  • CVE-2020-25751HigSep 18, 2020
    risk 0.57cvss 8.8epss 0.02

    The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter.

  • CVE-2020-25750HigSep 18, 2020
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input ($_POST['xml']) is used for simplexml_load_string without sanitization. NOTE: This…

  • CVE-2020-25744HigSep 18, 2020
    risk 0.53cvss 8.1epss 0.01

    SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to create or overwrite arbitrary files, which could cause a denial of service (DoS) condition, because a symlink from %LOCALAPPDATA%\SaferVPN\Log is followed.

  • CVE-2020-25733HigSep 18, 2020
    risk 0.49cvss 7.5epss 0.02

    webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types.