VYPR

CVEs

101,975 total · page 1456 of 2,040

  • CVE-2020-3351HigJul 16, 2020
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper validation of fields in Cisco SD-WAN peering messages that are encapsulated in UDP packets. An…

  • CVE-2020-3332HigJul 16, 2020
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. The vulnerability is due to…

  • CVE-2020-3180HigJul 16, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password. This account has root privileges. The vulnerability exists because the affected software has a…

  • CVE-2020-3146HigJul 16, 2020
    risk 0.57cvss 8.8epss 0.03

    Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary code on…

  • CVE-2020-3145HigJul 16, 2020
    risk 0.57cvss 8.8epss 0.02

    Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary code on…

  • CVE-2019-20915HigJul 16, 2020
    risk 0.46cvss 8.1epss 0.01

    An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in bit_write_TF in bits.c.

  • CVE-2019-20913HigJul 16, 2020
    risk 0.46cvss 8.1epss 0.01

    An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in dwg_encode_entity in common_entity_data.spec.

  • CVE-2019-20912HigJul 16, 2020
    risk 0.50cvss 8.8epss 0.01

    An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a stack overflow in bits.c, possibly related to bit_read_TF.

  • CVE-2019-20910HigJul 16, 2020
    risk 0.46cvss 8.1epss 0.01

    An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in decode_R13_R2000 in decode.c, a different vulnerability than CVE-2019-20011.

  • CVE-2019-20909HigJul 16, 2020
    risk 0.42cvss 7.5epss 0.02

    An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_LWPOLYLINE in dwg.spec.

  • CVE-2020-4462HigJul 16, 2020
    risk 0.54cvss 8.2epss 0.03

    IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability…

  • CVE-2020-10286HigJul 15, 2020
    risk 0.57cvss 8.8epss 0.01

    the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that disrupt robot operation.

  • CVE-2020-9309HigJul 15, 2020
    risk 0.57cvss 8.8epss 0.02

    Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the…

  • CVE-2020-8958HigJul 15, 2020
    risk 0.51cvss 7.2epss 0.47

    Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804RGW 1.9.1-181203 through 2.9.0-181024 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the boaform/admin/formPing Dest IP Address field.

  • CVE-2020-6164HigJul 15, 2020
    risk 0.42cvss 7.5epss 0.02

    In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL…

  • CVE-2020-15779HigJul 15, 2020
    risk 0.49cvss 7.5epss 0.02

    A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path.

  • CVE-2020-15603HigJul 15, 2020
    risk 0.49cvss 7.5epss 0.01

    An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products' driver could allow an attacker to manipulate the specific driver to do a system call operation with an invalid address, resulting in a potential system crash.

  • CVE-2020-15602HigJul 15, 2020
    risk 0.51cvss 7.8epss 0.01

    An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from…

  • CVE-2020-14066HigJul 15, 2020
    risk 0.57cvss 8.8epss 0.02

    IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access.

  • CVE-2020-12854HigJul 15, 2020
    risk 0.57cvss 8.8epss 0.03

    A remote code execution vulnerability was identified in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can invoke code execution upon uploading a carefully crafted JPEG file as part of the profile avatar.

  • CVE-2020-11439HigJul 15, 2020
    risk 0.57cvss 8.8epss 0.02

    LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application.

  • CVE-2020-11438HigJul 15, 2020
    risk 0.57cvss 8.8epss 0.01

    LibreHealth EMR v2.0.0 is affected by systemic CSRF.

  • CVE-2020-2984HigJul 15, 2020
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the Oracle Configuration Manager product of Oracle Enterprise Manager (component: Discovery and collection script). The supported version that is affected is 12.1.2.0.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP…

  • CVE-2020-2983HigJul 15, 2020
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the Oracle Data Masking and Subsetting product of Oracle Enterprise Manager (component: Data Masking). Supported versions that are affected are 13.3.0.0 and 13.4.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to…

  • CVE-2020-2982HigJul 15, 2020
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 13.3.0.0 and 13.4.0.0. Easily exploitable vulnerability allows low privileged attacker with network…

  • CVE-2020-2981HigJul 15, 2020
    risk 0.46cvss 7.0epss 0.00

    Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 18.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store.…

  • CVE-2020-2968HigJul 15, 2020
    risk 0.52cvss 8.0epss 0.01

    Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network…

  • CVE-2020-2967HigJul 15, 2020
    risk 0.49cvss 7.5epss 0.02

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker…

  • CVE-2020-2228HigJul 15, 2020
    risk 0.57cvss 8.8epss 0.01

    Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability.

  • CVE-2020-14724HigJul 15, 2020
    risk 0.47cvss 7.3epss 0.00

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to…

  • CVE-2020-14723HigJul 15, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle Help Technologies product of Oracle Fusion Middleware (component: Web UIX). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…

  • CVE-2020-14720HigJul 15, 2020
    risk 0.50cvss 7.7epss 0.01

    Vulnerability in the Oracle Internet Expenses product of Oracle E-Business Suite (component: Mobile Expenses Admin Utilities). Supported versions that are affected are 12.2.4-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to…

  • CVE-2020-14719HigJul 15, 2020
    risk 0.50cvss 7.7epss 0.01

    Vulnerability in the Oracle Internet Expenses product of Oracle E-Business Suite (component: Mobile Expenses Admin Utilities). Supported versions that are affected are 12.2.4-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to…

  • CVE-2020-14718HigJul 15, 2020
    risk 0.47cvss 7.2epss 0.01

    Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: JVMCI). Supported versions that are affected are 19.3.2 and 20.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to…

  • CVE-2020-14713HigJul 15, 2020
    risk 0.49cvss 7.5epss 0.00

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the…

  • CVE-2020-14709HigJul 15, 2020
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Card). Supported versions that are affected are 16.0, 17.0 and 18.0. Easily exploitable vulnerability allows low privileged attacker with network access via…

  • CVE-2020-14699HigJul 15, 2020
    risk 0.49cvss 7.5epss 0.01

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the…

  • CVE-2020-14697HigJul 15, 2020
    risk 0.47cvss 7.2epss 0.02

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to…

  • CVE-2020-14696HigJul 15, 2020
    risk 0.47cvss 7.2epss 0.01

    Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Layout Templates). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2020-14691HigJul 15, 2020
    risk 0.46cvss 7.1epss 0.01

    Vulnerability in the Oracle Financial Services Liquidity Risk Management product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.0.6. Easily exploitable vulnerability allows low privileged attacker with network…

  • CVE-2020-14690HigJul 15, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows…

  • CVE-2020-14688HigJul 15, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access…

  • CVE-2020-14686HigJul 15, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…

  • CVE-2020-14682HigJul 15, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to…

  • CVE-2020-14681HigJul 15, 2020
    risk 0.53cvss 8.2epss 0.01

    Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…

  • CVE-2020-14679HigJul 15, 2020
    risk 0.49cvss 7.5epss 0.02

    Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to…

  • CVE-2020-14678HigJul 15, 2020
    risk 0.47cvss 7.2epss 0.02

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to…

  • CVE-2020-14677HigJul 15, 2020
    risk 0.49cvss 7.5epss 0.00

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the…

  • CVE-2020-14676HigJul 15, 2020
    risk 0.49cvss 7.5epss 0.01

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the…

  • CVE-2020-14675HigJul 15, 2020
    risk 0.49cvss 7.5epss 0.00

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the…