VYPR

CVEs

31,781 total · page 386 of 636

  • CVE-2021-37222CriAug 12, 2021
    risk 0.64cvss 9.8epss 0.02

    Parsers in the open source project RCDCAP before 1.0.5 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via specially crafted packets.

  • CVE-2021-38574CriAug 11, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows SQL Injection via crafted data at the end of a string.

  • CVE-2021-38573CriAug 11, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because a CombineFiles pathname is not validated.

  • CVE-2021-38572CriAug 11, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because the extractPages pathname is not validated.

  • CVE-2021-38570CriAug 11, 2021
    risk 0.59cvss 9.1epss 0.01

    An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to delete arbitrary files (during uninstallation) via a symlink.

  • CVE-2021-38568CriAug 11, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows memory corruption during conversion of a PDF document to a different document format.

  • CVE-2021-38564CriAug 11, 2021
    risk 0.59cvss 9.1epss 0.01

    An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows an out-of-bounds read via util.scand.

  • CVE-2021-38563CriAug 11, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It mishandles situations in which an array size (derived from a /Size entry) is smaller than the maximum indirect object number, and thus there is an attempted incorrect array access (leading…

  • CVE-2020-25566CriAug 11, 2021
    risk 0.64cvss 9.8epss 0.02

    In SapphireIMS 5.0, it is possible to take over an account by sending a request to the Save_Password form as shown in POC. Notice that we do not require a JSESSIONID in this request and can reset any user’s password by changing the username to that user and password to…

  • CVE-2020-25565CriAug 11, 2021
    risk 0.64cvss 9.8epss 0.02

    In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions…

  • CVE-2020-25563CriAug 11, 2021
    risk 0.64cvss 9.8epss 0.02

    In SapphireIMS 5.0, it is possible to create local administrator on any client without requiring any credentials by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature and not having a JSESSIONID.

  • CVE-2020-25560CriAug 11, 2021
    risk 0.64cvss 9.8epss 0.02

    In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions…

  • CVE-2020-21359CriAug 11, 2021
    risk 0.64cvss 9.8epss 0.02

    An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name.

  • CVE-2021-33794CriAug 11, 2021
    risk 0.59cvss 9.1epss 0.01

    Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash after mishandling the Tab key during XFA form interaction.

  • CVE-2021-33793CriAug 11, 2021
    risk 0.64cvss 9.8epss 0.01

    Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Reference table is mishandled during Office document conversion.

  • CVE-2021-20418CriAug 11, 2021
    risk 0.64cvss 9.8epss 0.01

    IBM Security Guardium 11.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196279.

  • CVE-2019-25052CriAug 11, 2021
    risk 0.59cvss 9.1epss 0.01

    In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information.

  • CVE-2021-38530CriAug 11, 2021
    risk 0.63cvss 9.6epss 0.02

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before…

  • CVE-2021-38528CriAug 11, 2021
    risk 0.63cvss 9.6epss 0.02

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D8500 before 1.0.3.58, R6900P before 1.3.2.132, R7000P before 1.3.2.132, R7100LG before 1.0.0.64, WNDR3400v3 before 1.0.1.38, and XR300 before 1.0.3.56.

  • CVE-2021-38516CriAug 11, 2021
    risk 0.65cvss 10.0epss 0.01

    Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D7800 before 1.0.1.44, D8500 before 1.0.3.43, DC112A before 1.0.0.40, DGN2200v4 before 1.0.0.108, RBK50…

  • CVE-2021-38513CriAug 11, 2021
    risk 0.63cvss 9.6epss 0.02

    Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, RBK752 before…

  • CVE-2021-32122CriAug 11, 2021
    risk 0.64cvss 9.8epss 0.00

    Certain NETGEAR devices are affected by CSRF. This affects EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, and EX6130 before 1.0.0.44.

  • CVE-2021-20032CriAug 10, 2021
    risk 0.64cvss 9.8epss 0.02

    SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. This vulnerability impacts Analytics On-Prem 2.5.2518 and earlier.

  • CVE-2021-37425CriAug 10, 2021
    risk 0.67cvss 9.1epss 0.66

    Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key.

  • CVE-2021-38384CriAug 10, 2021
    risk 0.64cvss 9.8epss 0.01

    Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code (i.e., possibly…

  • CVE-2021-38383CriAug 10, 2021
    risk 0.00cvss 9.8epss 0.01

    OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_bind() in misc.c.

  • CVE-2021-38140CriAug 10, 2021
    risk 0.64cvss 9.8epss 0.01

    The set_user extension module before 2.0.1 for PostgreSQL allows a potential privilege escalation using RESET SESSION AUTHORIZATION after set_user().

  • CVE-2021-32943CriAug 10, 2021
    risk 0.64cvss 9.8epss 0.02

    The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).

  • CVE-2020-23151CriAug 9, 2021
    risk 0.64cvss 9.8epss 0.06

    rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped.

  • CVE-2021-32798CriAug 9, 2021
    risk 0.58cvss 10.0epss 0.02

    The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an…

  • CVE-2021-21596CriAug 9, 2021
    risk 0.62cvss 9.6epss 0.01

    Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. A malicious attacker with access to the immediate subnet may potentially exploit this vulnerability…

  • CVE-2021-21585CriAug 9, 2021
    risk 0.59cvss 9.1epss 0.02

    Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools. A remote authenticated malicious user with high privileges may potentially exploit this vulnerability to execute arbitrary OS commands.

  • CVE-2021-21564CriAug 9, 2021
    risk 0.64cvss 9.8epss 0.02

    Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to hijack an elevated session or perform unauthorized actions by sending malformed data.

  • CVE-2014-9320CriAug 9, 2021
    risk 0.64cvss 9.8epss 0.04

    SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905.

  • CVE-2013-6276CriAug 9, 2021
    risk 0.64cvss 9.8epss 0.01

    QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authorization mechanism is no longer adopted in all active models

  • CVE-2021-22910CriAug 9, 2021
    risk 0.64cvss 9.8epss 0.02

    A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE.

  • CVE-2021-24507CriAug 9, 2021
    risk 0.65cvss 9.8epss 0.11

    The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (available to both unauthenticated and authenticated user) before using them in SQL…

  • CVE-2021-24499CriAug 9, 2021
    risk 0.72cvss 9.8epss 0.60

    The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the…

  • CVE-2021-38197CriAug 8, 2021
    risk 0.57cvss 9.8epss 0.02

    unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Directory Traversal via ../ in a pathname within a TAR archive.

  • CVE-2021-38196CriAug 8, 2021
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in the better-macro crate through 2021-07-22 for Rust. It intentionally demonstrates that remote attackers can execute arbitrary code via proc-macros, and otherwise has no legitimate purpose.

  • CVE-2021-38195CriAug 8, 2021
    risk 0.00cvss 9.8epss 0.01

    An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S parameter to be larger than the curve order, aka an overflow.

  • CVE-2021-38194CriAug 8, 2021
    risk 0.57cvss 9.8epss 0.01

    An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mul_by_inverse method. Thus, a prover can produce a proof that is unsound but is nonetheless verified.

  • CVE-2021-38190CriAug 8, 2021
    risk 0.57cvss 9.8epss 0.01

    An issue was discovered in the nalgebra crate before 0.27.1 for Rust. It allows out-of-bounds memory access because it does not ensure that the number of elements is equal to the product of the row count and column count.

  • CVE-2021-38189CriAug 8, 2021
    risk 0.57cvss 9.8epss 0.01

    An issue was discovered in the lettre crate before 0.9.6 for Rust. In an e-mail message body, an attacker can place a . character after two sequences and then inject arbitrary SMTP commands.

  • CVE-2021-38188CriAug 8, 2021
    risk 0.57cvss 9.8epss 0.01

    An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. In Decoder::new(), slice.get_unchecked(slice.length()) is used unsafely.

  • CVE-2021-38187CriAug 8, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the anymap crate through 0.12.1 for Rust. It violates soundness via conversion of a *u8 to a *u64.

  • CVE-2020-36452CriAug 8, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the array-tools crate before 0.3.2 for Rust. FixedCapacityDequeLike::clone() has a drop of uninitialized memory.

  • CVE-2020-36443CriAug 8, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::poll_read(), which is a user-provided trait function.

  • CVE-2020-36434CriAug 8, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the sys-info crate before 0.8.0 for Rust. sys_info::disk_info calls can trigger a double free.

  • CVE-2020-36432CriAug 8, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the alg_ds crate through 2020-08-25 for Rust. There is a drop of uninitialized memory in Matrix::new().