VYPR

CVEs

101,975 total · page 1454 of 2,040

  • CVE-2020-15904HigJul 22, 2020
    risk 0.44cvss 7.8epss 0.01

    A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file.

  • CVE-2020-15901HigJul 22, 2020
    risk 0.59cvss 8.8epss 0.22

    In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys.

  • CVE-2020-4400HigJul 22, 2020
    risk 0.49cvss 7.5epss 0.02

    IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 179478.

  • CVE-2020-4372HigJul 22, 2020
    risk 0.51cvss 7.8epss 0.00

    IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009

  • CVE-2020-9687HigJul 22, 2020
    risk 0.57cvss 8.8epss 0.03

    Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-9685HigJul 22, 2020
    risk 0.57cvss 8.8epss 0.03

    Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-9684HigJul 22, 2020
    risk 0.57cvss 8.8epss 0.03

    Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-9683HigJul 22, 2020
    risk 0.58cvss 8.8epss 0.04

    Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-9680HigJul 22, 2020
    risk 0.58cvss 8.8epss 0.04

    Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-9678HigJul 22, 2020
    risk 0.58cvss 8.8epss 0.04

    Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-9677HigJul 22, 2020
    risk 0.58cvss 8.8epss 0.05

    Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-9676HigJul 22, 2020
    risk 0.51cvss 7.8epss 0.04

    Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-9675HigJul 22, 2020
    risk 0.51cvss 7.8epss 0.04

    Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-9674HigJul 22, 2020
    risk 0.51cvss 7.8epss 0.04

    Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-3452HigKEVJul 22, 2020
    risk 0.72cvss 7.5epss 1.00

    A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted…

  • CVE-2020-15896HigJul 22, 2020
    risk 0.49cvss 7.5epss 0.02

    An authentication-bypass issue was discovered on D-Link DAP-1522 devices 1.4x before 1.10b04Beta02. There exist a few pages that are directly accessible by any unauthorized user, e.g., logout.php and login.php. This occurs because of checking the value of NO_NEED_AUTH. If the…

  • CVE-2020-15894HigJul 22, 2020
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin…

  • CVE-2020-15806HigJul 22, 2020
    risk 0.49cvss 7.5epss 0.02

    CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.

  • CVE-2020-6534HigJul 22, 2020
    risk 0.57cvss 8.8epss 0.02

    Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6533HigJul 22, 2020
    risk 0.57cvss 8.8epss 0.02

    Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6530HigJul 22, 2020
    risk 0.57cvss 8.8epss 0.01

    Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

  • CVE-2020-6525HigJul 22, 2020
    risk 0.57cvss 8.8epss 0.02

    Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6524HigJul 22, 2020
    risk 0.57cvss 8.8epss 0.03

    Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6523HigJul 22, 2020
    risk 0.57cvss 8.8epss 0.03

    Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6520HigJul 22, 2020
    risk 0.57cvss 8.8epss 0.03

    Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6518HigJul 22, 2020
    risk 0.57cvss 8.8epss 0.03

    Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6517HigJul 22, 2020
    risk 0.57cvss 8.8epss 0.03

    Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6515HigJul 22, 2020
    risk 0.57cvss 8.8epss 0.03

    Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6513HigJul 22, 2020
    risk 0.57cvss 8.8epss 0.03

    Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2020-6512HigJul 22, 2020
    risk 0.57cvss 8.8epss 0.03

    Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6510HigJul 22, 2020
    risk 0.51cvss 7.8epss 0.02

    Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2020-6507HigJul 22, 2020
    risk 0.62cvss 8.8epss 0.19

    Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-18619HigJul 22, 2020
    risk 0.51cvss 7.8epss 0.00

    Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept…

  • CVE-2020-12774HigJul 22, 2020
    risk 0.53cvss 8.2epss 0.00

    D-Link DSL-7740C does not properly validate user input, which allows an authenticated LAN user to inject arbitrary command.

  • CVE-2020-15890HigJul 21, 2020
    risk 0.49cvss 7.5epss 0.03

    LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled.

  • CVE-2020-15888HigJul 21, 2020
    risk 0.00cvss 8.8epss 0.02

    Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.

  • CVE-2020-15724HigJul 21, 2020
    risk 0.51cvss 7.8epss 0.01

    In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system.

  • CVE-2020-15723HigJul 21, 2020
    risk 0.51cvss 7.8epss 0.00

    In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on…

  • CVE-2020-15722HigJul 21, 2020
    risk 0.51cvss 7.8epss 0.00

    In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system.

  • CVE-2020-15879HigJul 21, 2020
    risk 0.00cvss 7.5epss 0.03

    Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8, and 169.254.0.0/16).

  • CVE-2020-15877HigJul 21, 2020
    risk 0.50cvss 8.8epss 0.02

    An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php.

  • CVE-2016-7064HigJul 21, 2020
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in pritunl-client before version 1.0.1116.6. A lack of signature verification leads to sensitive information leakage

  • CVE-2020-12499HigJul 21, 2020
    risk 0.53cvss 8.2epss 0.00

    In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.

  • CVE-2018-21036HigJul 21, 2020
    risk 0.42cvss 7.5epss 0.02

    Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request.

  • CVE-2020-4125HigJul 20, 2020
    risk 0.53cvss 8.1epss 0.00

    Using HCL Marketing Operations 9.1.2.4, 10.1.x, 11.1.0.x, a malicious attacker could download files from the RHEL environment by doing some modification in the link, giving the attacker access to confidential information.

  • CVE-2020-15852HigJul 20, 2020
    risk 0.00cvss 7.8epss 0.00

    An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization…

  • CVE-2020-3481HigJul 20, 2020
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference.…

  • CVE-2020-15121HigJul 20, 2020
    risk 0.00cvss 7.4epss 0.02

    In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned…

  • CVE-2020-15052HigJul 20, 2020
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL Injection exists via the Netmask, Hostname, and Alias fields.

  • CVE-2020-8214HigJul 20, 2020
    risk 0.49cvss 7.5epss 0.02

    A path traversal vulnerability in servey version < 3 allows an attacker to read content of any arbitrary file.