VYPR

CVEs

101,975 total · page 1453 of 2,040

  • CVE-2020-15616HigJul 28, 2020
    risk 0.49cvss 7.5epss 0.04

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the…

  • CVE-2020-13918HigJul 28, 2020
    risk 0.49cvss 7.5epss 0.02

    Incorrect access control in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to leak system information (that can be used for a jailbreak) via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500,…

  • CVE-2020-13915HigJul 28, 2020
    risk 0.49cvss 7.5epss 0.02

    Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720,…

  • CVE-2020-13914HigJul 28, 2020
    risk 0.49cvss 7.5epss 0.02

    webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to cause a denial of service (Segmentation fault) to the webserver via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710,…

  • CVE-2020-15714HigJul 28, 2020
    risk 0.57cvss 8.8epss 0.03

    rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.crud.php script using the custom_Location parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database.

  • CVE-2020-15713HigJul 28, 2020
    risk 0.57cvss 8.8epss 0.03

    rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.php script using the sortBy parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database.

  • CVE-2020-4375HigJul 28, 2020
    risk 0.49cvss 7.5epss 0.02

    IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. IBM X-Force ID: 179080.

  • CVE-2020-12845HigJul 27, 2020
    risk 0.49cvss 7.5epss 0.03

    Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a…

  • CVE-2020-1457HigJul 27, 2020
    risk 0.52cvss 7.8epss 0.12

    A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1425.

  • CVE-2020-1425HigJul 27, 2020
    risk 0.51cvss 7.8epss 0.09

    A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1457.

  • CVE-2020-10609HigJul 27, 2020
    risk 0.49cvss 7.5epss 0.02

    Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be read or allow modification to system settings by someone with access to the device.

  • CVE-2020-15593HigJul 27, 2020
    risk 0.51cvss 7.8epss 0.00

    SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC…

  • CVE-2020-15592HigJul 27, 2020
    risk 0.49cvss 7.5epss 0.02

    SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privilege Escalation via a crafted file. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among…

  • CVE-2020-5611HigJul 27, 2020
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Social Sharing Plugin versions prior to 1.2.10 allows remote attackers to hijack the authentication of administrators via unspecified vectors.

  • CVE-2020-15953HigJul 27, 2020
    risk 0.48cvss 7.4epss 0.02

    LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and…

  • CVE-2020-7687HigJul 25, 2020
    risk 0.49cvss 7.5epss 0.02

    This affects all versions of package fast-http. There is no path sanitization in the path provided at fs.readFile in index.js.

  • CVE-2020-7686HigJul 25, 2020
    risk 0.49cvss 7.5epss 0.02

    This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function.

  • CVE-2020-7683HigJul 25, 2020
    risk 0.49cvss 7.5epss 0.02

    This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function.

  • CVE-2020-7682HigJul 25, 2020
    risk 0.49cvss 7.5epss 0.02

    This affects all versions of package marked-tree. There is no path sanitization in the path provided at fs.readFile in index.js.

  • CVE-2020-7681HigJul 25, 2020
    risk 0.49cvss 7.5epss 0.02

    This affects all versions of package marscode. There is no path sanitization in the path provided at fs.readFile in index.js.

  • CVE-2020-10604HigJul 25, 2020
    risk 0.49cvss 7.5epss 0.02

    In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive.

  • CVE-2020-10610HigJul 24, 2020
    risk 0.51cvss 7.8epss 0.00

    In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure,…

  • CVE-2020-10608HigJul 24, 2020
    risk 0.51cvss 7.8epss 0.00

    In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. This exploitation can target another local user of PI System software on the computer to escalate privilege and result in…

  • CVE-2020-10606HigJul 24, 2020
    risk 0.51cvss 7.8epss 0.00

    In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. This exploitation can result in unauthorized information disclosure, deletion, or modification if the local computer also processes PI…

  • CVE-2020-8207HigJul 24, 2020
    risk 0.57cvss 8.8epss 0.02

    Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running.

  • CVE-2020-8174HigJul 24, 2020
    risk 0.53cvss 8.1epss 0.08

    napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.

  • CVE-2020-15932HigJul 24, 2020
    risk 0.57cvss 8.8epss 0.03

    Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges.

  • CVE-2020-8326HigJul 24, 2020
    risk 0.47cvss 7.3epss 0.00

    An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.

  • CVE-2020-8317HigJul 24, 2020
    risk 0.47cvss 7.3epss 0.00

    A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.

  • CVE-2020-15778HigJul 24, 2020
    risk 0.49cvss 7.4epss 0.13

    scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that…

  • CVE-2020-15924HigJul 24, 2020
    risk 0.49cvss 7.5epss 0.02

    There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No authentication is required. The injection point resides in one of the authentication parameters.

  • CVE-2020-15923HigJul 24, 2020
    risk 0.49cvss 7.5epss 0.03

    Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal.

  • CVE-2020-7519HigJul 23, 2020
    risk 0.49cvss 7.5epss 0.01

    A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account.

  • CVE-2020-7518HigJul 23, 2020
    risk 0.49cvss 7.5epss 0.01

    A CWE-20: Improper input validation vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to modify project configuration files.

  • CVE-2020-7516HigJul 23, 2020
    risk 0.51cvss 7.8epss 0.00

    A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials.

  • CVE-2020-7515HigJul 23, 2020
    risk 0.51cvss 7.8epss 0.00

    A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password.

  • CVE-2020-7514HigJul 23, 2020
    risk 0.51cvss 7.8epss 0.00

    A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to the authorization credentials for a device and gain full access.

  • CVE-2020-7491HigJul 23, 2020
    risk 0.49cvss 7.5epss 0.01

    **VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4.

  • CVE-2020-15633HigJul 23, 2020
    risk 0.57cvss 8.8epss 0.03

    This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the…

  • CVE-2020-15632HigJul 23, 2020
    risk 0.57cvss 8.8epss 0.03

    This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HNAP GetCAPTCHAsetting…

  • CVE-2020-15631HigJul 23, 2020
    risk 0.52cvss 8.0epss 0.03

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 1.04B03_HOTFIX WiFi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.…

  • CVE-2020-10922HigJul 23, 2020
    risk 0.49cvss 7.5epss 0.04

    This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EA-HTTP.exe…

  • CVE-2020-10918HigJul 23, 2020
    risk 0.49cvss 7.5epss 0.03

    This vulnerability allows remote attackers to bypass authentication on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication mechanism.…

  • CVE-2020-15887HigJul 23, 2020
    risk 0.57cvss 8.8epss 0.01

    A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/get_tab_data/ endpoint.

  • CVE-2020-15886HigJul 23, 2020
    risk 0.57cvss 8.8epss 0.01

    A SQL injection vulnerability in reportdata_controller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the /module/reportdata/ip endpoint.

  • CVE-2020-15884HigJul 23, 2020
    risk 0.57cvss 8.8epss 0.01

    A SQL injection vulnerability in TableQuery.php in MunkiReport before 5.6.3 allows attackers to execute arbitrary SQL commands via the order[0][dir] field on POST requests to /datatables/data.

  • CVE-2020-15882HigJul 23, 2020
    risk 0.53cvss 8.1epss 0.01

    A CSRF issue in manager/delete_machine/{id} in MunkiReport before 5.6.3 allows attackers to delete arbitrary machines from the MunkiReport database.

  • CVE-2020-11440HigJul 23, 2020
    risk 0.49cvss 7.5epss 0.01

    httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root.

  • CVE-2020-15688HigJul 23, 2020
    risk 0.58cvss 8.8epss 0.04

    The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel.

  • CVE-2020-15908HigJul 23, 2020
    risk 0.00cvss 7.5epss 0.02

    tar/TarFileReader.cpp in Cauldron cbang (aka C-Bang or C!) before 1.6.0 allows Directory Traversal during extraction from a TAR archive.