VYPR

CVEs

101,975 total · page 1463 of 2,040

  • CVE-2020-9483HigJun 30, 2020
    risk 0.03cvss 7.5epss 0.35

    **Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use…

  • CVE-2020-14957HigJun 30, 2020
    risk 0.51cvss 7.8epss 0.00

    In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x223CCD.

  • CVE-2020-14956HigJun 30, 2020
    risk 0.51cvss 7.8epss 0.00

    In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x223CCA.

  • CVE-2020-7816HigJun 30, 2020
    risk 0.46cvss 7.0epss 0.01

    A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+, DaOffice softwares could allow an unauthenticated, remote attacker to cause an arbitrary code execution on an affected device.nThe vulnerability is due to a stack overflow read. An attacker could exploit…

  • CVE-2019-19163HigJun 30, 2020
    risk 0.49cvss 7.5epss 0.01

    A Vulnerability in the firmware of COMMAX WallPad(CDP-1020MB) allow an unauthenticated adjacent attacker to execute arbitrary code, because of a using the old version of MySQL.

  • CVE-2019-19161HigJun 30, 2020
    risk 0.47cvss 7.2epss 0.01

    CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient…

  • CVE-2020-15397HigJun 30, 2020
    risk 0.51cvss 7.8epss 0.01

    HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user…

  • CVE-2020-15396HigJun 30, 2020
    risk 0.51cvss 7.8epss 0.00

    In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.

  • CVE-2020-5603HigJun 30, 2020
    risk 0.49cvss 7.5epss 0.01

    Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT…

  • CVE-2020-5602HigJun 30, 2020
    risk 0.49cvss 7.5epss 0.01

    Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX…

  • CVE-2020-5601HigJun 30, 2020
    risk 0.57cvss 8.8epss 0.02

    Chrome Extension for e-Tax Reception System Ver1.0.0.0 allows remote attackers to execute an arbitrary command via unspecified vectors.

  • CVE-2020-5584HigJun 30, 2020
    risk 0.49cvss 7.5epss 0.01

    Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors.

  • CVE-2020-5580HigJun 30, 2020
    risk 0.53cvss 8.1epss 0.01

    Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors.

  • CVE-2020-15395HigJun 30, 2020
    risk 0.51cvss 7.8epss 0.01

    In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing).

  • CVE-2020-4067HigJun 29, 2020
    risk 0.39cvss 7.0epss 0.02

    In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get…

  • CVE-2020-14414HigJun 29, 2020
    risk 0.57cvss 8.8epss 0.04

    NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a pw…

  • CVE-2020-14412HigJun 29, 2020
    risk 0.57cvss 8.8epss 0.04

    NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a…

  • CVE-2020-4452HigJun 29, 2020
    risk 0.49cvss 7.5epss 0.01

    IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 181324.

  • CVE-2020-12048HigJun 29, 2020
    risk 0.49cvss 7.5epss 0.00

    Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not support data-in-transit encryption (e.g., TLS/SSL) when transmitting treatment and prescription data on the network between the Phoenix system and the Exalis dialysis data management…

  • CVE-2020-12037HigJun 29, 2020
    risk 0.49cvss 7.5epss 0.00

    Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An…

  • CVE-2020-12036HigJun 29, 2020
    risk 0.49cvss 7.5epss 0.01

    Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An…

  • CVE-2020-12008HigJun 29, 2020
    risk 0.49cvss 7.5epss 0.01

    Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access to view sensitive data including PHI.

  • CVE-2020-8019HigJun 29, 2020
    risk 0.50cvss 7.7epss 0.01

    A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux…

  • CVE-2020-8014HigJun 29, 2020
    risk 0.50cvss 7.7epss 0.01

    A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to escalate to root. This issue affects: openSUSE Leap 15.1 kopano-spamd versions…

  • CVE-2019-3681HigJun 29, 2020
    risk 0.49cvss 7.5epss 0.01

    A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed…

  • CVE-2020-8022HigJun 29, 2020
    risk 0.50cvss 7.7epss 0.01

    A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux…

  • CVE-2019-20413HigJun 29, 2020
    risk 0.49cvss 7.5epss 0.02

    Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability on the UserPickerBrowser.jspa page. The affected versions are before version 7.13.9, and from version 8.0.0…

  • CVE-2020-15360HigJun 27, 2020
    risk 0.51cvss 7.8epss 0.01

    com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification.

  • CVE-2020-9628HigJun 26, 2020
    risk 0.49cvss 7.5epss 0.03

    Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2020-9627HigJun 26, 2020
    risk 0.49cvss 7.5epss 0.03

    Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2020-9625HigJun 26, 2020
    risk 0.49cvss 7.5epss 0.03

    Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2020-9591HigJun 26, 2020
    risk 0.49cvss 7.5epss 0.03

    Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to unauthorized access to admin panel.

  • CVE-2020-9588HigJun 26, 2020
    risk 0.47cvss 7.2epss 0.03

    Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.

  • CVE-2020-9587HigJun 26, 2020
    risk 0.49cvss 7.5epss 0.05

    Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts.

  • CVE-2020-9574HigJun 26, 2020
    risk 0.51cvss 7.8epss 0.03

    Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-9573HigJun 26, 2020
    risk 0.51cvss 7.8epss 0.03

    Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-9572HigJun 26, 2020
    risk 0.51cvss 7.8epss 0.03

    Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-9571HigJun 26, 2020
    risk 0.51cvss 7.8epss 0.03

    Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-9570HigJun 26, 2020
    risk 0.51cvss 7.8epss 0.03

    Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-9569HigJun 26, 2020
    risk 0.51cvss 7.8epss 0.03

    Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-9568HigJun 26, 2020
    risk 0.51cvss 7.8epss 0.03

    Adobe Bridge versions 10.0.1 and earlier version have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-9567HigJun 26, 2020
    risk 0.51cvss 7.8epss 0.04

    Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-9566HigJun 26, 2020
    risk 0.51cvss 7.8epss 0.03

    Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-9565HigJun 26, 2020
    risk 0.51cvss 7.8epss 0.03

    Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-9564HigJun 26, 2020
    risk 0.51cvss 7.8epss 0.03

    Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-9563HigJun 26, 2020
    risk 0.51cvss 7.8epss 0.05

    Adobe Bridge versions 10.0.1 and earlier version have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-9562HigJun 26, 2020
    risk 0.51cvss 7.8epss 0.05

    Adobe Bridge versions 10.0.1 and earlier version have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-9561HigJun 26, 2020
    risk 0.51cvss 7.8epss 0.03

    Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-9560HigJun 26, 2020
    risk 0.51cvss 7.8epss 0.03

    Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-9559HigJun 26, 2020
    risk 0.51cvss 7.8epss 0.03

    Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .