VYPR

CVEs

31,782 total · page 375 of 636

  • CVE-2020-18439CriNov 2, 2021
    risk 0.59cvss 9.1epss 0.01

    An issue was discoverered in in function edit_save_f in framework/admin/tpl_control.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell.

  • CVE-2021-38948CriNov 2, 2021
    risk 0.59cvss 9.1epss 0.02

    IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 211402.

  • CVE-2021-36794CriNov 2, 2021
    risk 0.64cvss 9.8epss 0.01

    In Siren Investigate before 11.1.4, when enabling the cluster feature of the Siren Alert application, TLS verifications are disabled globally in the Siren Investigate main process.

  • CVE-2021-36560CriNov 2, 2021
    risk 0.64cvss 9.8epss 0.01

    Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover of the admin.

  • CVE-2021-20136CriNov 1, 2021
    risk 0.65cvss 9.8epss 0.10

    ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted message to Log360 to change its backend database to an attacker-controlled…

  • CVE-2021-26740CriNov 1, 2021
    risk 0.64cvss 9.8epss 0.02

    Arbitrary file upload vulnerability sysupload.php in millken doyocms 2.3 allows attackers to execute arbitrary code.

  • CVE-2021-26739CriNov 1, 2021
    risk 0.64cvss 9.8epss 0.02

    SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows attackers to execute arbitrary code, via the attribute parameter.

  • CVE-2021-3705CriNov 1, 2021
    risk 0.64cvss 9.8epss 0.02

    Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow an unauthorized user to reconfigure, reset the device.

  • CVE-2021-29212CriNov 1, 2021
    risk 0.65cvss 9.8epss 0.13

    A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to…

  • CVE-2020-36381CriOct 31, 2021
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in the singleCrunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.

  • CVE-2020-36380CriOct 31, 2021
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in the crunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.

  • CVE-2020-36379CriOct 31, 2021
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in the remove function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.

  • CVE-2020-36378CriOct 31, 2021
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.

  • CVE-2020-36377CriOct 31, 2021
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.

  • CVE-2020-36376CriOct 31, 2021
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.

  • CVE-2020-26707CriOct 31, 2021
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 which allows attackers to execute arbitrary code via the filePath parameter.

  • CVE-2020-26705CriOct 31, 2021
    risk 0.59cvss 9.1epss 0.01

    The parseXML function in Easy-XML 0.5.0 was discovered to have a XML External Entity (XXE) vulnerability which allows for an attacker to expose sensitive data or perform a denial of service (DOS) via a crafted external entity entered into the XML content as input.

  • CVE-2020-25912CriOct 31, 2021
    risk 0.59cvss 9.1epss 0.01

    A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 which can lead to an information disclosure or denial of service (DOS).

  • CVE-2020-25911CriOct 31, 2021
    risk 0.00cvss 9.1epss 0.02

    A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an information disclosure or denial of service (DOS).

  • CVE-2021-41646CriOct 29, 2021
    risk 0.64cvss 9.8epss 0.07

    Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters..

  • CVE-2021-41644CriOct 29, 2021
    risk 0.64cvss 9.8epss 0.02

    Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters.

  • CVE-2021-41643CriOct 29, 2021
    risk 0.64cvss 9.8epss 0.04

    Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field.

  • CVE-2021-41676CriOct 29, 2021
    risk 0.64cvss 9.8epss 0.01

    An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point of Sale System 1.0 in the login function in actions.php.

  • CVE-2021-41674CriOct 29, 2021
    risk 0.64cvss 9.8epss 0.02

    An SQL Injection vulnerability exists in Sourcecodester E-Negosyo System 1.0 via the user_email parameter in /admin/login.php.

  • CVE-2021-3756CriOct 29, 2021
    risk 0.00cvss 9.8epss 0.01

    libmysofa is vulnerable to Heap-based Buffer Overflow

  • CVE-2020-22079CriOct 29, 2021
    risk 0.64cvss 9.8epss 0.04

    Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg.

  • CVE-2021-41194CriOct 28, 2021
    risk 0.52cvss 9.1epss 0.01

    FirstUseAuthenticator is a JupyterHub authenticator that helps new users set their password on their first login to JupyterHub. When JupyterHub is used with FirstUseAuthenticator, a vulnerability in versions prior to 1.0.0 allows unauthorized access to any user's account if…

  • CVE-2021-36548CriOct 28, 2021
    risk 0.64cvss 9.8epss 0.03

    A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a crafted PHP file.

  • CVE-2021-36547CriOct 28, 2021
    risk 0.64cvss 9.8epss 0.03

    A remote code execution (RCE) vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file.

  • CVE-2021-37002CriOct 28, 2021
    risk 0.64cvss 9.8epss 0.01

    There is a Memory out-of-bounds access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause malicious code to be executed.

  • CVE-2021-36990CriOct 28, 2021
    risk 0.64cvss 9.8epss 0.01

    There is a vulnerability of tampering with the kernel in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions.

  • CVE-2021-36989CriOct 28, 2021
    risk 0.64cvss 9.8epss 0.01

    There is a Kernel crash vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions.

  • CVE-2021-36986CriOct 28, 2021
    risk 0.64cvss 9.8epss 0.01

    There is a vulnerability of tampering with the kernel in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions.

  • CVE-2021-22474CriOct 28, 2021
    risk 0.64cvss 9.8epss 0.01

    There is an Out-of-bounds memory access in Huawei Smartphone.Successful exploitation of this vulnerability may cause process exceptions.

  • CVE-2021-22436CriOct 28, 2021
    risk 0.59cvss 9.1epss 0.01

    There is a Logic Bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service integrity and availability.

  • CVE-2021-22403CriOct 28, 2021
    risk 0.64cvss 9.8epss 0.01

    There is a vulnerability of hijacking unverified providers in Huawei Smartphone.Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands.

  • CVE-2019-19810CriOct 28, 2021
    risk 0.65cvss 10.0epss 0.05

    Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending crafted RMI requests to execute arbitrary code on the target host.

  • CVE-2020-21250CriOct 27, 2021
    risk 0.64cvss 9.8epss 0.01

    CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vulnerability in the component /core/MY_Security.php.

  • CVE-2021-41589CriOct 27, 2021
    risk 0.64cvss 9.8epss 0.02

    In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous access to the configuration user…

  • CVE-2020-24932CriOct 27, 2021
    risk 0.64cvss 9.8epss 0.02

    An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php.

  • CVE-2021-38450CriOct 27, 2021
    risk 0.64cvss 9.9epss 0.01

    The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.

  • CVE-2011-4574CriOct 27, 2021
    risk 0.64cvss 9.8epss 0.01

    PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high resolution timer (the RDTSC instruction). This instruction can be virtualized, and some virtual machine hosts have chosen…

  • CVE-2011-4125CriOct 27, 2021
    risk 0.64cvss 9.8epss 0.02

    A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.

  • CVE-2011-4124CriOct 27, 2021
    risk 0.64cvss 9.8epss 0.02

    Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges.

  • CVE-2021-37371CriOct 26, 2021
    risk 0.64cvss 9.8epss 0.02

    Online Student Admission System 1.0 is affected by an unauthenticated SQL injection bypass vulnerability in /admin/login.php.

  • CVE-2011-4119CriOct 26, 2021
    risk 0.64cvss 9.8epss 0.02

    caml-light <= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install.

  • CVE-2011-2195CriOct 26, 2021
    risk 0.64cvss 9.8epss 0.03

    A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed 'path' argument to execute arbitrary commands against the underlying operating system.

  • CVE-2021-41873CriOct 26, 2021
    risk 0.65cvss 10.0epss 0.01

    Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and Skyworth Digital. An unauthorized access vulnerability exists in the Penguin Aurora Box. An attacker can use the vulnerability to gain unauthorized access to a specific link to…

  • CVE-2021-42343CriOct 26, 2021
    risk 0.57cvss 9.8epss 0.03

    An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults to using LocalCluster) would mistakenly configure their respective Dask workers…

  • CVE-2021-34584CriOct 26, 2021
    risk 0.59cvss 9.1epss 0.01

    Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.