VYPR

CVEs

101,962 total · page 1441 of 2,040

  • CVE-2020-7527HigAug 31, 2020
    risk 0.51cvss 7.8epss 0.00

    Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched.

  • CVE-2020-7526HigAug 31, 2020
    risk 0.57cvss 8.8epss 0.02

    Improper Input Validation vulnerability exists in PowerChute Business Edition (software V9.0.x and earlier) which could cause remote code execution when a script is executed during a shutdown event.

  • CVE-2020-7525HigAug 31, 2020
    risk 0.49cvss 7.5epss 0.01

    Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a password when brute force is used.

  • CVE-2020-7524HigAug 31, 2020
    risk 0.49cvss 7.5epss 0.01

    Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to Schneider Electric Modicon M218 Logic…

  • CVE-2020-7523HigAug 31, 2020
    risk 0.51cvss 7.8epss 0.00

    Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify,…

  • CVE-2020-24363HigKEVAug 31, 2020
    risk 0.74cvss 8.8epss 0.21

    TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password.

  • CVE-2020-20625HigAug 31, 2020
    risk 0.49cvss 7.5epss 0.02

    Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthenticated information disclosure and authenticated SQL injection via core/class-sliced.php.

  • CVE-2020-15687HigAug 31, 2020
    risk 0.49cvss 7.5epss 0.02

    Missing access control restrictions in the Hypervisor component of the ACRN Project (v2.0 and v1.6.1) allow a malicious entity, with root access in the Service VM userspace, to abuse the PCIe assign/de-assign Hypercalls via crafted ioctls and payloads. This attack results in a…

  • CVE-2020-13593HigAug 31, 2020
    risk 0.57cvss 8.8epss 0.00

    The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation in Texas Instruments SimpleLink SIMPLELINK-CC2640R2-SDK through 2.2.3 allows the Diffie-Hellman check during the Secure Connection pairing to be skipped if the Link Layer encryption setup is performed earlier.…

  • CVE-2020-11618HigAug 31, 2020
    risk 0.51cvss 7.8epss 0.00

    THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol.

  • CVE-2020-25032HigAug 31, 2020
    risk 0.42cvss 7.5epss 0.04

    An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.

  • CVE-2020-25031HigAug 31, 2020
    risk 0.51cvss 7.8epss 0.01

    checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file.

  • CVE-2020-8097HigAug 30, 2020
    risk 0.53cvss 8.1epss 0.00

    An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. This issue affects: Bitdefender Endpoint…

  • CVE-2020-14352HigAug 30, 2020
    risk 0.52cvss 8.0epss 0.03

    A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the…

  • CVE-2020-7712HigAug 30, 2020
    risk 0.40cvss 7.2epss 0.04

    This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.

  • CVE-2020-24972HigAug 29, 2020
    risk 0.58cvss 8.8epss 0.05

    The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an…

  • CVE-2020-24898HigAug 29, 2020
    risk 0.49cvss 7.6epss 0.01

    The Table Filter and Charts for Confluence Server app before 5.3.26 (for Atlassian Confluence) allows SSRF via the "Table from CSV" macro (URL parameter).

  • CVE-2020-24897HigAug 29, 2020
    risk 0.58cvss 8.9epss 0.01

    The Table Filter and Charts for Confluence Server app before 5.3.25 (for Atlassian Confluence) allow remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) through the provided Markdown markup to the "Table from CSV" macro.

  • CVE-2020-25019HigAug 29, 2020
    risk 0.00cvss 7.5epss 0.01

    jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.

  • CVE-2020-3566HigKEVAug 29, 2020
    risk 0.68cvss 8.6epss 0.04

    A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet…

  • CVE-2020-15159HigAug 28, 2020
    risk 0.43cvss 7.6epss 0.02

    baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file.The affected components are ThemeFilesController.php and…

  • CVE-2020-15155HigAug 28, 2020
    risk 0.41cvss 7.3epss 0.01

    baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7.

  • CVE-2020-15154HigAug 28, 2020
    risk 0.41cvss 7.3epss 0.01

    baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: content_fields.php, content_info.php, content_options.php, content_related.php,…

  • CVE-2020-9298HigAug 28, 2020
    risk 0.00cvss 7.5epss 0.01

    The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure.

  • CVE-2020-4559HigAug 28, 2020
    risk 0.49cvss 7.5epss 0.01

    IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti improper validation of user-supplied input. IBM X-Force ID: 183613.

  • CVE-2020-10518HigAug 27, 2020
    risk 0.57cvss 8.8epss 0.04

    A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to…

  • CVE-2020-8602HigAug 27, 2020
    risk 0.47cvss 7.2epss 0.04

    A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution.

  • CVE-2020-15605HigAug 27, 2020
    risk 0.53cvss 8.1epss 0.03

    If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor…

  • CVE-2020-15601HigAug 27, 2020
    risk 0.53cvss 8.1epss 0.03

    If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication…

  • CVE-2020-24717HigAug 27, 2020
    risk 0.00cvss 7.8epss 0.00

    OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777.

  • CVE-2020-24716HigAug 27, 2020
    risk 0.00cvss 7.8epss 0.00

    OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories.

  • CVE-2020-24196HigAug 27, 2020
    risk 0.47cvss 7.2epss 0.03

    An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental v1.0 allows authenticated admin to conduct remote code execution.

  • CVE-2020-3517HigAug 27, 2020
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service (DoS) condition on an affected device. The attack vector is…

  • CVE-2020-3454HigAug 27, 2020
    risk 0.47cvss 7.2epss 0.03

    A vulnerability in the Call Home feature of Cisco NX-OS Software could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input…

  • CVE-2020-3415HigAug 27, 2020
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the Data Management Engine (DME) of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to…

  • CVE-2020-3398HigAug 27, 2020
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a BGP session to repeatedly reset, causing a partial denial of service (DoS) condition due to the BGP session…

  • CVE-2020-3397HigAug 27, 2020
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. The…

  • CVE-2020-3394HigAug 27, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the enable command and get full administrative privileges. To exploit this…

  • CVE-2020-3338HigAug 27, 2020
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the Protocol Independent Multicast (PIM) feature for IPv6 networks (PIM6) of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper error…

  • CVE-2020-24705HigAug 27, 2020
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager through 3.1.0, API Manager Analytics…

  • CVE-2020-24703HigAug 27, 2020
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API…

  • CVE-2020-23972HigAug 27, 2020
    risk 0.54cvss 7.5epss 0.31

    In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file…

  • CVE-2020-4603HigAug 27, 2020
    risk 0.47cvss 7.2epss 0.01

    IBM Security Guardium Insights 2.0.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 184880.

  • CVE-2020-4174HigAug 27, 2020
    risk 0.49cvss 7.5epss 0.01

    IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174683.

  • CVE-2020-4169HigAug 27, 2020
    risk 0.49cvss 7.5epss 0.01

    IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174405.

  • CVE-2019-5321HigAug 26, 2020
    risk 0.57cvss 8.8epss 0.02

    Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Remote Unauthorized Access in the WebUI.

  • CVE-2020-17376HigAug 26, 2020
    risk 0.47cvss 8.3epss 0.02

    An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that…

  • CVE-2020-12855HigAug 26, 2020
    risk 0.57cvss 8.8epss 0.02

    A Host header injection vulnerability has been discovered in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can poison this header resulting in an adversary controlling the execution flow for the 302 HTTP status.

  • CVE-2020-12456HigAug 26, 2020
    risk 0.57cvss 8.8epss 0.03

    A remote code execution vulnerability in Mitel MiVoice Connect Client before 214.100.1223.0 could allow an attacker to execute arbitrary code in the chat notification window, due to improper rendering of chat messages. A successful exploit could allow an attacker to steal…

  • CVE-2020-11797HigAug 26, 2020
    risk 0.49cvss 7.5epss 0.01

    An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an unauthenticated attacker to gain access to unauthorized information due to insufficient access validation. A…