VYPR

CVEs

31,782 total · page 377 of 636

  • CVE-2021-3878CriOct 15, 2021
    risk 0.57cvss 9.8epss 0.02

    corenlp is vulnerable to Improper Restriction of XML External Entity Reference

  • CVE-2021-37736CriOct 15, 2021
    risk 0.64cvss 9.8epss 0.02

    A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has…

  • CVE-2021-42369CriOct 14, 2021
    risk 0.64cvss 9.9epss 0.01

    Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI.

  • CVE-2021-41132CriOct 14, 2021
    risk 0.57cvss 9.8epss 0.01

    OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of ``jQuery.html()``, there are a whole host of cross-site…

  • CVE-2021-20599CriOct 14, 2021
    risk 0.59cvss 9.1epss 0.01

    Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions "11"…

  • CVE-2020-22724CriOct 14, 2021
    risk 0.64cvss 9.8epss 0.05

    A remote command execution vulnerability exists in add_server_service of PPTP_SERVER in Mercury Router MER1200 v1.0.1 and Mercury Router MER1200G v1.0.1.

  • CVE-2021-42342CriOct 14, 2021
    risk 0.68cvss 9.8epss 0.59

    An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts.

  • CVE-2021-41075CriOct 13, 2021
    risk 0.64cvss 9.8epss 0.03

    The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.

  • CVE-2021-40493CriOct 13, 2021
    risk 0.68cvss 9.8epss 0.50

    Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.

  • CVE-2021-42224CriOct 13, 2021
    risk 0.64cvss 9.8epss 0.02

    SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php.

  • CVE-2021-40842CriOct 13, 2021
    risk 0.64cvss 9.8epss 0.01

    Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with…

  • CVE-2021-35498CriOct 13, 2021
    risk 0.64cvss 9.8epss 0.01

    The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and TIBCO Product and Service Catalog powered by TIBCO EBX contains a vulnerability that under certain specific conditions allows an attacker to enter a password other than the…

  • CVE-2021-20125CriOct 13, 2021
    risk 0.64cvss 9.8epss 0.04

    An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could leverage this vulnerability to upload files to any location on the target operating…

  • CVE-2021-26427CriOct 13, 2021
    risk 0.59cvss 9.0epss 0.01

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2021-42325CriOct 12, 2021
    risk 0.61cvss 9.8epss 0.12

    Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name.

  • CVE-2021-40618CriOct 12, 2021
    risk 0.64cvss 9.8epss 0.01

    An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_USRN or 4) SECN_CONT_PSWD parameters in HoldAddressFields.php.

  • CVE-2021-35495CriOct 12, 2021
    risk 0.59cvss 9.0epss 0.01

    The Scheduler Connection component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO…

  • CVE-2021-40499CriOct 12, 2021
    risk 0.64cvss 9.8epss 0.01

    Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the…

  • CVE-2021-38180CriOct 12, 2021
    risk 0.64cvss 9.8epss 0.02

    SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to…

  • CVE-2021-37726CriOct 12, 2021
    risk 0.64cvss 9.8epss 0.02

    A remote buffer overflow vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 8.7.x.x: 8.7.0.0 through 8.7.1.2. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.

  • CVE-2021-38458CriOct 12, 2021
    risk 0.64cvss 9.8epss 0.02

    A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.

  • CVE-2021-38456CriOct 12, 2021
    risk 0.64cvss 9.8epss 0.01

    A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to gain access through accounts using default passwords

  • CVE-2021-38454CriOct 12, 2021
    risk 0.66cvss 10.0epss 0.16

    A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.

  • CVE-2021-21941CriOct 12, 2021
    risk 0.59cvss 9.0epss 0.02

    A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to remote code execution.

  • CVE-2021-21940CriOct 12, 2021
    risk 0.65cvss 10.0epss 0.01

    A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted network packet can lead to a heap buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.

  • CVE-2021-33725CriOct 12, 2021
    risk 0.59cvss 9.1epss 0.01

    A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to delete arbitrary files or directories under a user controlled path and does not correctly check if the relative path is still within the intended target directory.

  • CVE-2021-33724CriOct 12, 2021
    risk 0.59cvss 9.1epss 0.01

    A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system contains an Arbitrary File Deletion vulnerability that possibly allows to delete an arbitrary file or directory under a user controlled path.

  • CVE-2021-40617CriOct 11, 2021
    risk 0.67cvss 9.8epss 0.05

    An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.

  • CVE-2021-40239CriOct 11, 2021
    risk 0.64cvss 9.8epss 0.01

    A Buffer Overflow vulnerability exists in the latest version of Miniftpd in the do_retr function in ftpproto.c

  • CVE-2020-27372CriOct 11, 2021
    risk 0.64cvss 9.8epss 0.01

    A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter function.

  • CVE-2021-26588CriOct 11, 2021
    risk 0.64cvss 9.8epss 0.02

    A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An unauthenticated user could remotely exploit the low complexity issue to execute code as administrator. This vulnerability impacts…

  • CVE-2021-37123CriOct 11, 2021
    risk 0.64cvss 9.8epss 0.01

    There is an improper authentication vulnerability in Hero-CT060 before 1.0.0.200. The vulnerability is due to that when an user wants to do certain operation, the software does not insufficiently validate the user's identity. Successful exploit could allow the attacker to do…

  • CVE-2021-27664CriOct 11, 2021
    risk 0.64cvss 9.8epss 0.01

    Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server.

  • CVE-2021-40543CriOct 11, 2021
    risk 0.64cvss 9.8epss 0.01

    Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $_GET['usrid'] and $_GET['prof_id'] in the PasswordCheck.php file.

  • CVE-2021-40887CriOct 11, 2021
    risk 0.64cvss 9.8epss 0.02

    Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files[] parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder.

  • CVE-2021-40889CriOct 11, 2021
    risk 0.64cvss 9.8epss 0.02

    CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in {webroot}/uno/central.php file calls to file_put_contents() function to write username in password.php file when a user successfully changed their password. The attacker can inject…

  • CVE-2021-42139CriOct 11, 2021
    risk 0.00cvss 9.8epss 0.02

    Deno Standard Modules before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations.

  • CVE-2021-37973CriKEVOct 8, 2021
    risk 0.75cvss 9.6epss 0.12

    Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2021-30633CriKEVOct 8, 2021
    risk 0.77cvss 9.6epss 0.33

    Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2020-22617CriOct 8, 2021
    risk 0.00cvss 9.8epss 0.01

    Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext.

  • CVE-2021-42109CriOct 8, 2021
    risk 0.64cvss 9.8epss 0.02

    VITEC Exterity IPTV products through 2021-04-30 allow privilege escalation to root.

  • CVE-2021-41974CriOct 8, 2021
    risk 0.59cvss 9.1epss 0.01

    Tad Book3 editing book page does not perform identity verification. Remote attackers can use the vulnerability to view and modify arbitrary content of books without permission.

  • CVE-2021-41566CriOct 8, 2021
    risk 0.64cvss 9.8epss 0.02

    The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in.

  • CVE-2021-36767CriOct 8, 2021
    risk 0.64cvss 9.8epss 0.01

    In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed…

  • CVE-2021-35977CriOct 8, 2021
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution.

  • CVE-2021-38298CriOct 7, 2021
    risk 0.64cvss 9.8epss 0.03

    Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE.

  • CVE-2020-21726CriOct 7, 2021
    risk 0.64cvss 9.8epss 0.01

    OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the cid parameter.

  • CVE-2020-21725CriOct 7, 2021
    risk 0.64cvss 9.8epss 0.01

    OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter.

  • CVE-2021-42091CriOct 7, 2021
    risk 0.59cvss 9.1epss 0.01

    An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration.

  • CVE-2021-42090CriOct 7, 2021
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled.