VYPR

CVEs

31,782 total · page 366 of 636

  • CVE-2021-45621CriDec 26, 2021
    risk 0.63cvss 9.6epss 0.02

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, EX6120 before 1.0.0.64, EX6130…

  • CVE-2021-45620CriDec 26, 2021
    risk 0.63cvss 9.6epss 0.02

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MR80 before 1.1.2.20, MS60 before…

  • CVE-2021-45619CriDec 26, 2021
    risk 0.63cvss 9.6epss 0.02

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR1020 before 2.6.3.58, LBR20 before 2.6.3.50, R7800 before 1.0.2.80,…

  • CVE-2021-45618CriDec 26, 2021
    risk 0.63cvss 9.6epss 0.02

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.64, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900…

  • CVE-2021-45617CriDec 26, 2021
    risk 0.64cvss 9.8epss 0.02

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX7500 before 1.0.0.72, R6400 before 1.0.1.68, R6900P before 1.3.2.132, R7000 before 1.0.11.116, R7000P…

  • CVE-2021-45616CriDec 26, 2021
    risk 0.63cvss 9.6epss 0.02

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 3.2.18.2, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P…

  • CVE-2021-45615CriDec 26, 2021
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000P before 1.4.2.84, R8300 before 1.0.2.154, R8500 before 1.0.2.154, RBK752…

  • CVE-2021-45614CriDec 26, 2021
    risk 0.63cvss 9.6epss 0.02

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before…

  • CVE-2021-45613CriDec 26, 2021
    risk 0.63cvss 9.6epss 0.02

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, MR80 before…

  • CVE-2021-45612CriDec 26, 2021
    risk 0.63cvss 9.6epss 0.02

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before…

  • CVE-2021-45611CriDec 26, 2021
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects DC112A before 1.0.0.52, R6400 before 1.0.1.68, RAX200 before 1.0.3.106, WNDR3400v3 before 1.0.1.38, XR300 before 1.0.3.68, R8500 before 1.0.2.144, RAX75 before 1.0.3.106, R8300…

  • CVE-2021-45610CriDec 26, 2021
    risk 0.63cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.66, D6400 before 1.0.0.100, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, DC112A before 1.0.0.52, DGN2200v4 before 1.0.0.118, EAX80 before 1.0.1.64, R6250…

  • CVE-2021-45609CriDec 26, 2021
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D8500 before 1.0.3.58, R6250 before 1.0.4.48, R7000 before 1.0.11.116, R7100LG before 1.0.0.64, R7900 before 1.0.4.38, R8300 before 1.0.2.144, R8500 before 1.0.2.144, XR300…

  • CVE-2021-45527CriDec 26, 2021
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.68, D6400 before 1.0.0.102, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, DC112A before 1.0.0.54, EX7000 before 1.0.1.94, EX7500 before 1.0.0.72, R6250 before…

  • CVE-2021-45520CriDec 26, 2021
    risk 0.62cvss 9.6epss 0.00

    Certain NETGEAR devices are affected by a hardcoded password. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10.

  • CVE-2021-45514CriDec 26, 2021
    risk 0.62cvss 9.6epss 0.01

    NETGEAR XR1000 devices before 1.0.0.58 are affected by command injection by an unauthenticated attacker.

  • CVE-2021-45513CriDec 26, 2021
    risk 0.62cvss 9.6epss 0.01

    NETGEAR XR1000 devices before 1.0.0.58 are affected by command injection by an unauthenticated attacker.

  • CVE-2021-45509CriDec 26, 2021
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

  • CVE-2021-45508CriDec 26, 2021
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, and RBR850 before 3.2.17.12.

  • CVE-2021-45507CriDec 26, 2021
    risk 0.63cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBW30 before 2.6.2.2, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850…

  • CVE-2021-45506CriDec 26, 2021
    risk 0.62cvss 9.6epss 0.00

    Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

  • CVE-2021-45505CriDec 26, 2021
    risk 0.62cvss 9.6epss 0.00

    Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

  • CVE-2021-45504CriDec 26, 2021
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBR852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

  • CVE-2021-45503CriDec 26, 2021
    risk 0.62cvss 9.6epss 0.00

    Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

  • CVE-2021-45502CriDec 26, 2021
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

  • CVE-2021-45501CriDec 26, 2021
    risk 0.61cvss 9.4epss 0.02

    Certain NETGEAR devices are affected by authentication bypass. This affects AC2400 before 1.1.0.84, AC2600 before 1.1.0.84, D7000 before 1.0.1.82, R6020 before 1.0.0.52, R6080 before 1.0.0.52, R6120 before 1.0.0.80, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before…

  • CVE-2021-45500CriDec 26, 2021
    risk 0.62cvss 9.6epss 0.00

    Certain NETGEAR devices are affected by authentication bypass. This affects R7000P before 1.3.3.140 and R8000 before 1.0.4.68.

  • CVE-2021-45497CriDec 26, 2021
    risk 0.61cvss 9.4epss 0.02

    NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass.

  • CVE-2021-45496CriDec 26, 2021
    risk 0.59cvss 9.1epss 0.02

    NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass.

  • CVE-2021-44453CriDec 23, 2021
    risk 0.65cvss 10.0epss 0.01

    mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands.

  • CVE-2021-43987CriDec 23, 2021
    risk 0.64cvss 9.8epss 0.01

    An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface.

  • CVE-2021-43985CriDec 23, 2021
    risk 0.59cvss 9.1epss 0.02

    An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization.

  • CVE-2021-43984CriDec 23, 2021
    risk 0.65cvss 10.0epss 0.01

    mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.

  • CVE-2021-43981CriDec 23, 2021
    risk 0.65cvss 10.0epss 0.01

    mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.

  • CVE-2021-27007CriDec 23, 2021
    risk 0.64cvss 9.8epss 0.01

    NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway is susceptible to a vulnerability which when successfully exploited could allow an unauthenticated attacker to takeover a Remote Desktop Session.

  • CVE-2021-23198CriDec 23, 2021
    risk 0.65cvss 10.0epss 0.01

    mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.

  • CVE-2021-22657CriDec 23, 2021
    risk 0.65cvss 10.0epss 0.01

    mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.

  • CVE-2019-8703CriDec 23, 2021
    risk 0.64cvss 9.8epss 0.01

    This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An application may be able to gain elevated privileges.

  • CVE-2019-8643CriDec 23, 2021
    risk 0.64cvss 9.8epss 0.01

    CVE-2019-8643: Arun Sharma of VMWare This issue is fixed in macOS Mojave 10.14. Description: A logic issue was addressed with improved state management..

  • CVE-2021-44526CriDec 23, 2021
    risk 0.64cvss 9.8epss 0.03

    Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.

  • CVE-2021-44548CriDec 23, 2021
    risk 0.64cvss 9.8epss 0.05

    An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this…

  • CVE-2021-38013CriDec 23, 2021
    risk 0.62cvss 9.6epss 0.01

    Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2020-20601CriDec 22, 2021
    risk 0.64cvss 9.8epss 0.08

    An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet.

  • CVE-2021-45461CriDec 22, 2021
    risk 0.65cvss 9.8epss 0.22

    FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19.

  • CVE-2021-40418CriDec 22, 2021
    risk 0.65cvss 9.8epss 0.18

    When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns…

  • CVE-2021-40417CriDec 22, 2021
    risk 0.65cvss 9.8epss 0.16

    When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with the job along with fields that were parsed for the submitted video by the R3D SDK to calculate the size of a heap buffer.…

  • CVE-2021-40394CriDec 22, 2021
    risk 0.64cvss 9.8epss 0.03

    An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can…

  • CVE-2021-40393CriDec 22, 2021
    risk 0.64cvss 9.8epss 0.03

    An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can…

  • CVE-2021-39306CriDec 22, 2021
    risk 0.64cvss 9.8epss 0.01

    A stack buffer overflow was discovered on Realtek RTL8195AM device before 2.0.10, it exists in the client code when an attacker sends a big size Authentication challenge text in WEP security.

  • CVE-2021-21952CriDec 22, 2021
    risk 0.64cvss 9.8epss 0.01

    An authentication bypass vulnerability exists in the CMD_DEVICE_GET_RSA_KEY_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to increased privileges.