VYPR

CVEs

31,781 total · page 390 of 636

  • CVE-2021-34458CriJul 16, 2021
    risk 0.65cvss 9.9epss 0.03

    Windows Kernel Remote Code Execution Vulnerability

  • CVE-2020-4821CriJul 16, 2021
    risk 0.64cvss 9.8epss 0.02

    IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834

  • CVE-2021-35961CriJul 16, 2021
    risk 0.64cvss 9.8epss 0.02

    Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission.

  • CVE-2021-21820CriJul 16, 2021
    risk 0.64cvss 9.8epss 0.03

    A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability.

  • CVE-2021-21804CriJul 16, 2021
    risk 0.64cvss 9.8epss 0.04

    A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this…

  • CVE-2021-0276CriJul 15, 2021
    risk 0.64cvss 9.8epss 0.02

    A stack-based Buffer Overflow vulnerability in Juniper Networks SBR Carrier with EAP (Extensible Authentication Protocol) authentication configured, allows an attacker sending specific packets causing the radius daemon to crash resulting with a Denial of Service (DoS) or leading…

  • CVE-2020-11633CriJul 15, 2021
    risk 0.64cvss 9.8epss 0.02

    The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. An adversary would potentially have been able to execute arbitrary code with system privileges.

  • CVE-2021-34690CriJul 15, 2021
    risk 0.64cvss 9.8epss 0.01

    iDrive RemotePC before 7.6.48 on Windows allows authentication bypass. A remote and unauthenticated attacker can bypass cloud authentication to connect and control a system via TCP port 5970 and 5980.

  • CVE-2021-25320CriJul 15, 2021
    risk 0.64cvss 9.9epss 0.01

    A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach the requested credentials without further checks This issue affects: Rancher…

  • CVE-2020-24133CriJul 14, 2021
    risk 0.00cvss 9.8epss 0.03

    A heap buffer overflow vulnerability in the r_asm_swf_disass function of Radare2-extras before commit e74a93c allows attackers to execute arbitrary code or carry out denial of service (DOS) attacks.

  • CVE-2021-35211CriKEVJul 14, 2021
    risk 0.84cvss 9.0epss 0.91

    Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File…

  • CVE-2020-18155CriJul 14, 2021
    risk 0.57cvss 9.8epss 0.01

    SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection.

  • CVE-2021-34523CriKEVJul 14, 2021
    risk 0.87cvss 9.0epss 1.00

    Microsoft Exchange Server Elevation of Privilege Vulnerability

  • CVE-2021-34473CriKEVJul 14, 2021
    risk 0.88cvss 9.1epss 1.00

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2020-18144CriJul 14, 2021
    risk 0.64cvss 9.8epss 0.01

    SQL Injection Vulnerability in ECTouch v2 via the integral_min parameter in index.php.

  • CVE-2021-22779CriJul 14, 2021
    risk 0.59cvss 9.1epss 0.01

    Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure…

  • CVE-2021-0515CriJul 14, 2021
    risk 0.64cvss 9.8epss 0.01

    In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-25953CriJul 14, 2021
    risk 0.64cvss 9.8epss 0.03

    Prototype pollution vulnerability in 'putil-merge' versions1.0.0 through 3.6.6 allows attacker to cause a denial of service and may lead to remote code execution.

  • CVE-2021-21994CriJul 13, 2021
    risk 0.64cvss 9.8epss 0.01

    SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.

  • CVE-2021-31217CriJul 13, 2021
    risk 0.59cvss 9.1epss 0.04

    In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM.

  • CVE-2021-34552CriJul 13, 2021
    risk 0.57cvss 9.8epss 0.03

    Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.

  • CVE-2020-22884CriJul 13, 2021
    risk 0.64cvss 9.8epss 0.03

    Buffer overflow vulnerability in function jsvGetStringChars in Espruino before RELEASE_2V09, allows remote attackers to execute arbitrary code.

  • CVE-2020-22875CriJul 13, 2021
    risk 0.00cvss 9.8epss 0.03

    Integer overflow vulnerability in function Jsi_ObjSetLength in jsish before 3.0.6, allows remote attackers to execute arbitrary code.

  • CVE-2020-22874CriJul 13, 2021
    risk 0.00cvss 9.8epss 0.03

    Integer overflow vulnerability in function Jsi_ObjArraySizer in jsish before 3.0.8, allows remote attackers to execute arbitrary code.

  • CVE-2020-22873CriJul 13, 2021
    risk 0.00cvss 9.8epss 0.02

    Buffer overflow vulnerability in function NumberToPrecisionCmd in jsish before 3.0.7, allows remote attackers to execute arbitrary code.

  • CVE-2021-36124CriJul 13, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Echo ShareCare 8.15.5. It does not perform authentication or authorization checks when accessing a subset of sensitive resources, leading to the ability for unauthenticated users to access pages that are vulnerable to attacks such as SQL injection.

  • CVE-2021-33578CriJul 13, 2021
    risk 0.64cvss 9.8epss 0.01

    Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities when processing remote input from both authenticated and unauthenticated users, leading to the ability to bypass authentication, exfiltrate Structured Query Language (SQL) records, and manipulate data.

  • CVE-2021-1965CriJul 13, 2021
    risk 0.64cvss 9.8epss 0.03

    Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

  • CVE-2020-11307CriJul 13, 2021
    risk 0.64cvss 9.8epss 0.01

    Buffer overflow in modem due to improper array index check before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables

  • CVE-2021-24442CriJul 12, 2021
    risk 0.67cvss 9.8epss 0.47

    The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the date_answers[] POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks

  • CVE-2021-24385CriJul 12, 2021
    risk 0.64cvss 9.8epss 0.03

    The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the get_col function and it allows SQL…

  • CVE-2020-18544CriJul 12, 2021
    risk 0.64cvss 9.8epss 0.02

    SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the "username" parameter in the component "chkuser.php".

  • CVE-2020-19038CriJul 12, 2021
    risk 0.59cvss 9.1epss 0.01

    File Deletion vulnerability in Halo 0.4.3 via delBackup.

  • CVE-2021-23390CriJul 12, 2021
    risk 0.57cvss 9.8epss 0.03

    The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.

  • CVE-2021-23389CriJul 12, 2021
    risk 0.57cvss 9.8epss 0.04

    The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.

  • CVE-2020-18980CriJul 12, 2021
    risk 0.64cvss 9.8epss 0.01

    Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters.

  • CVE-2020-21133CriJul 12, 2021
    risk 0.64cvss 9.8epss 0.02

    SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpassword.php?lang=cn&a=dovalid.

  • CVE-2020-21132CriJul 12, 2021
    risk 0.64cvss 9.8epss 0.02

    SQL Injection vulnerability in Metinfo 7.0.0beta in index.php.

  • CVE-2021-35064CriJul 12, 2021
    risk 0.72cvss 9.8epss 0.71

    KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg.

  • CVE-2021-29102CriJul 11, 2021
    risk 0.59cvss 9.1epss 0.02

    A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote, unauthenticated attacker to forge GET requests to arbitrary URLs from the system, potentially leading to network enumeration or facilitating other attacks.

  • CVE-2021-24007CriJul 9, 2021
    risk 0.64cvss 9.8epss 0.01

    Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

  • CVE-2021-30120CriJul 9, 2021
    risk 0.65cvss 9.9epss 0.06

    Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. The need to use 2FA for authentication in enforce client-side instead of server-side and can be bypassed using a local proxy. Thus rendering 2FA useless. Detailed description --- During the login process,…

  • CVE-2021-30118CriJul 9, 2021
    risk 0.69cvss 9.8epss 0.60

    An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management (RMM) 9.5.4.2149 and subsequently use these files to execute asp commands The api /SystemTab/uploader.aspx is vulnerable to an unauthenticated…

  • CVE-2021-30117CriJul 9, 2021
    risk 0.69cvss 9.8epss 0.72

    The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authenticated boolean-based blind SQL injection in the parameter fldrId. Detailed description --- Given the following request: ``` GET /InstallTab/exportFldr.asp?fldrId=1’ HTTP/1.1 Host: 192.168.1.194 User-Agent:…

  • CVE-2021-30116CriKEVJul 9, 2021
    risk 0.90cvss 10.0epss 0.86

    Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker…

  • CVE-2012-2666CriJul 9, 2021
    risk 0.57cvss 9.8epss 0.02

    golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.

  • CVE-2020-23580CriJul 8, 2021
    risk 0.64cvss 9.8epss 0.02

    Remote Code Execution vulnerability in PbootCMS 2.0.8 in the message board.

  • CVE-2021-25437CriJul 8, 2021
    risk 0.64cvss 9.8epss 0.02

    Improper access control vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows attackers to arbitrary code execution by replacing FOTA update file.

  • CVE-2021-25436CriJul 8, 2021
    risk 0.64cvss 9.8epss 0.02

    Improper input validation vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows arbitrary code execution via Samsung Accessory Protocol.

  • CVE-2021-25435CriJul 8, 2021
    risk 0.64cvss 9.8epss 0.02

    Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using recovery partition in wireless firmware download mode.