VYPR

CVEs

101,975 total · page 1448 of 2,040

  • CVE-2020-0554HigAug 13, 2020
    risk 0.46cvss 7.0epss 0.01

    Race condition in software installer for some Intel(R) Wireless Bluetooth(R) products on Windows* 7, 8.1 and 10 may allow an unprivileged user to potentially enable escalation of privilege via local access.

  • CVE-2020-0513HigAug 13, 2020
    risk 0.51cvss 7.8epss 0.00

    Out of bounds write for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-0510HigAug 13, 2020
    risk 0.51cvss 7.8epss 0.00

    Out of bounds read in some Intel(R) Graphics Drivers before versions 15.45.31.5127 and 15.40.45.5126 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-8763HigAug 13, 2020
    risk 0.51cvss 7.8epss 0.00

    Improper permissions in the installer for the Intel(R) RealSense(TM) D400 Series UWP driver for Windows* 10 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-8743HigAug 13, 2020
    risk 0.51cvss 7.8epss 0.00

    Improper permissions in the installer for the Intel(R) Mailbox Interface driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-8736HigAug 13, 2020
    risk 0.51cvss 7.8epss 0.00

    Improper access control in subsystem for the Intel(R) Computing Improvement Program before version 2.4.5718 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-8732HigAug 13, 2020
    risk 0.57cvss 8.8epss 0.01

    Heap-based buffer overflow in the firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

  • CVE-2020-8731HigAug 13, 2020
    risk 0.57cvss 8.8epss 0.00

    Incorrect execution-assigned permissions in the file system for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-8730HigAug 13, 2020
    risk 0.57cvss 8.8epss 0.00

    Heap-based overflow for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-8729HigAug 13, 2020
    risk 0.51cvss 7.8epss 0.00

    Buffer copy without checking size of input for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-8722HigAug 13, 2020
    risk 0.53cvss 8.2epss 0.00

    Buffer overflow in a subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2020-8721HigAug 13, 2020
    risk 0.53cvss 8.2epss 0.00

    Improper input validation for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2020-8719HigAug 13, 2020
    risk 0.53cvss 8.2epss 0.00

    Buffer overflow in subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2020-8718HigAug 13, 2020
    risk 0.57cvss 8.8epss 0.00

    Buffer overflow in a subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-8714HigAug 13, 2020
    risk 0.51cvss 7.8epss 0.00

    Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-8713HigAug 13, 2020
    risk 0.57cvss 8.8epss 0.01

    Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

  • CVE-2020-8712HigAug 13, 2020
    risk 0.51cvss 7.8epss 0.00

    Buffer overflow in a verification process for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-8709HigAug 13, 2020
    risk 0.57cvss 8.8epss 0.01

    Improper authentication in socket services for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

  • CVE-2020-8708HigAug 13, 2020
    risk 0.57cvss 8.8epss 0.01

    Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

  • CVE-2020-8707HigAug 13, 2020
    risk 0.57cvss 8.8epss 0.01

    Buffer overflow in daemon for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

  • CVE-2020-8706HigAug 13, 2020
    risk 0.57cvss 8.8epss 0.01

    Buffer overflow in a daemon for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

  • CVE-2020-7304HigAug 13, 2020
    risk 0.49cvss 7.6epss 0.00

    Cross site request forgery vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attacker to embed a CRSF script via adding a new label.

  • CVE-2020-16303HigAug 13, 2020
    risk 0.51cvss 7.8epss 0.02

    A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.

  • CVE-2020-12287HigAug 13, 2020
    risk 0.51cvss 7.8epss 0.00

    Incorrect permissions in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2020.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-15868HigAug 12, 2020
    risk 0.49cvss 7.5epss 0.01

    Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control.

  • CVE-2020-16139HigAug 12, 2020
    risk 0.58cvss 7.5epss 0.80

    A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through sending specially crafted packets. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being…

  • CVE-2020-16138HigAug 12, 2020
    risk 0.53cvss 7.5epss 0.21

    A denial-of-service issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to remotely disable the device until it is power cycled. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to…

  • CVE-2020-17360HigAug 12, 2020
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in ReadyTalk Avian 1.2.0. The vm::arrayCopy method defined in classpath-common.h contains multiple boundary checks that are performed to prevent out-of-bounds memory read/write. However, two of these boundary checks contain an integer overflow that leads…

  • CVE-2020-17505HigAug 12, 2020
    risk 0.67cvss 8.8epss 0.82

    Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.

  • CVE-2020-17497HigAug 12, 2020
    risk 0.53cvss 8.1epss 0.01

    eapol.c in iNet wireless daemon (IWD) through 1.8 allows attackers to trigger a PTK reinstallation by retransmitting EAPOL Msg4/4.

  • CVE-2020-12674HigAug 12, 2020
    risk 0.49cvss 7.5epss 0.06

    In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.

  • CVE-2020-12673HigAug 12, 2020
    risk 0.49cvss 7.5epss 0.06

    In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.

  • CVE-2020-12100HigAug 12, 2020
    risk 0.49cvss 7.5epss 0.05

    In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.

  • CVE-2020-13291HigAug 12, 2020
    risk 0.53cvss 8.1epss 0.01

    In GitLab before 13.2.3, project sharing could temporarily allow too permissive access.

  • CVE-2020-13290HigAug 12, 2020
    risk 0.49cvss 7.5epss 0.01

    In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page

  • CVE-2020-6309HigAug 12, 2020
    risk 0.49cvss 7.5epss 0.02

    SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing the attacker to send several payloads and leading to complete denial of service.

  • CVE-2020-6301HigAug 12, 2020
    risk 0.53cvss 8.1epss 0.01

    SAP ERP (HCM Travel Management), versions - 600, 602, 603, 604, 605, 606, 607, 608, allows an authenticated but unauthorized attacker to read, modify and settle trips, resulting in escalation of privileges, due to Missing Authorization Check.

  • CVE-2020-6298HigAug 12, 2020
    risk 0.53cvss 8.1epss 0.01

    SAP Banking Services (Generic Market Data), versions - 400, 450, 500, allows an unauthorized user to display protected Business Partner Generic Market Data (GMD) and change related GMD key figure values, due to Missing Authorization Check.

  • CVE-2020-6296HigAug 12, 2020
    risk 0.57cvss 8.8epss 0.01

    SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the…

  • CVE-2020-6295HigAug 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log files leading to a compromise of the installed Cockpit. This compromise could…

  • CVE-2020-2232HigAug 12, 2020
    risk 0.42cvss 7.5epss 0.01

    Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure.

  • CVE-2020-8913HigAug 12, 2020
    risk 0.57cvss 8.8epss 0.03

    A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targets a specific application, and if a victim were to install this apk, the…

  • CVE-2020-17495HigAug 11, 2020
    risk 0.42cvss 7.5epss 0.01

    django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database.

  • CVE-2020-17487HigAug 11, 2020
    risk 0.49cvss 7.5epss 0.02

    radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. This is due to a malformed object identifier in IMAGE_DIRECTORY_ENTRY_SECURITY.

  • CVE-2020-16170HigAug 11, 2020
    risk 0.49cvss 7.5epss 0.02

    Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to listen in on any ongoing calls between temi robots and their users if they can brute-force/guess a six-digit value via unspecified vectors.

  • CVE-2020-0259HigAug 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In android_verity_ctr of dm-android-verity.c, there is a possible way to modify a dm-verity protected filesystem due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0257HigAug 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In SpecializeCommon of com_android_internal_os_Zygote.cpp, there is a permissions bypass due to an incomplete cleanup. This could lead to local escalation of privilege in isolated processes with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2020-0254HigAug 11, 2020
    risk 0.49cvss 7.5epss 0.00

    There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647751

  • CVE-2020-0251HigAug 11, 2020
    risk 0.49cvss 7.5epss 0.00

    There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647626

  • CVE-2020-0243HigAug 11, 2020
    risk 0.51cvss 7.8epss 0.00

    In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…