VYPR

CVEs

101,963 total · page 1435 of 2,040

  • CVE-2020-25574HigSep 14, 2020
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop).

  • CVE-2020-24457HigSep 14, 2020
    risk 0.49cvss 7.6epss 0.00

    Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processors may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.

  • CVE-2020-13300HigSep 14, 2020
    risk 0.52cvss 8.0epss 0.01

    GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.

  • CVE-2020-13299HigSep 14, 2020
    risk 0.53cvss 8.1epss 0.01

    A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could re-use it to obtain a valid session.

  • CVE-2020-0570HigSep 14, 2020
    risk 0.47cvss 7.3epss 0.01

    Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.

  • CVE-2019-0233HigSep 14, 2020
    risk 0.54cvss 7.5epss 0.69

    An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.

  • CVE-2020-25379HigSep 14, 2020
    risk 0.57cvss 8.8epss 0.02

    Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated attacker to inject a malicious SQL query.

  • CVE-2020-8817HigSep 14, 2020
    risk 0.53cvss 8.1epss 0.01

    Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata.

  • CVE-2020-12789HigSep 14, 2020
    risk 0.49cvss 7.5epss 0.01

    The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets.

  • CVE-2020-12788HigSep 14, 2020
    risk 0.49cvss 7.5epss 0.01

    CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks.

  • CVE-2020-12787HigSep 14, 2020
    risk 0.49cvss 7.5epss 0.01

    Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling.

  • CVE-2020-25540HigSep 14, 2020
    risk 0.02cvss 7.5epss 0.76

    ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter.

  • CVE-2020-25291HigSep 13, 2020
    risk 0.51cvss 7.8epss 0.02

    GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x.

  • CVE-2020-25287HigSep 13, 2020
    risk 0.47cvss 7.2epss 0.03

    Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php the_file=..%2Findex.php&open=Open request.

  • CVE-2020-25281HigSep 11, 2020
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Applications with sensitive security settings (such as the package verifier application) mishandle unknown-source installations. The LG ID is LVE-SMP-190002 (September 2020).

  • CVE-2020-23824HigSep 11, 2020
    risk 0.57cvss 8.8epss 0.01

    ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a website with the malicious page that will…

  • CVE-2020-14363HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.01

    An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to…

  • CVE-2020-1594HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.04

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is…

  • CVE-2020-1593HigSep 11, 2020
    risk 0.50cvss 7.6epss 0.03

    A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the…

  • CVE-2020-1576HigSep 11, 2020
    risk 0.55cvss 8.5epss 0.02

    A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application…

  • CVE-2020-1559HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code…

  • CVE-2020-1532HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when the Windows InstallService improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to…

  • CVE-2020-1523HigSep 11, 2020
    risk 0.58cvss 8.9epss 0.02

    A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data. To exploit the vulnerability, an attacker would need to be…

  • CVE-2020-1508HigSep 11, 2020
    risk 0.50cvss 7.6epss 0.03

    A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the…

  • CVE-2020-1507HigSep 11, 2020
    risk 0.52cvss 7.9epss 0.03

    An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, a user would…

  • CVE-2020-1491HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a…

  • CVE-2020-1471HigSep 11, 2020
    risk 0.48cvss 7.3epss 0.01

    An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, an attacker…

  • CVE-2020-1460HigSep 11, 2020
    risk 0.56cvss 8.6epss 0.04

    A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions…

  • CVE-2020-1453HigSep 11, 2020
    risk 0.56cvss 8.6epss 0.02

    A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application…

  • CVE-2020-1452HigSep 11, 2020
    risk 0.56cvss 8.6epss 0.02

    A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application…

  • CVE-2020-1376HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in the way that fdSSDP.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker…

  • CVE-2020-1345HigSep 11, 2020
    risk 0.48cvss 7.4epss 0.03

    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to…

  • CVE-2020-1338HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.04

    A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current…

  • CVE-2020-1335HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.04

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is…

  • CVE-2020-1332HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.04

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is…

  • CVE-2020-1319HigSep 11, 2020
    risk 0.48cvss 7.3epss 0.05

    A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change,…

  • CVE-2020-1308HigSep 11, 2020
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or…

  • CVE-2020-1285HigSep 11, 2020
    risk 0.55cvss 8.4epss 0.04

    A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install…

  • CVE-2020-1252HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.04

    A remote code execution vulnerability exists when Windows improperly handles objects in memory. To exploit the vulnerability an attacker would have to convince a user to run a specially crafted application. An attacker who successfully exploited this vulnerability…

  • CVE-2020-1245HigSep 11, 2020
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view,…

  • CVE-2020-1228HigSep 11, 2020
    risk 0.49cvss 7.5epss 0.04

    A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive. To exploit the vulnerability, an authenticated attacker…

  • CVE-2020-1218HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.04

    A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current…

  • CVE-2020-1200HigSep 11, 2020
    risk 0.56cvss 8.6epss 0.02

    A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application…

  • CVE-2020-1198HigSep 11, 2020
    risk 0.48cvss 7.4epss 0.03

    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to…

  • CVE-2020-1193HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.04

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is…

  • CVE-2020-1169HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.04

    An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by…

  • CVE-2020-1129HigSep 11, 2020
    risk 0.58cvss 8.8epss 0.04

    A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change,…

  • CVE-2020-1115HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability…

  • CVE-2020-1098HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit this vulnerability, an attacker…

  • CVE-2020-1074HigSep 11, 2020
    risk 0.55cvss 7.8epss 0.53

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this…