VYPR

CVEs

31,781 total · page 392 of 636

  • CVE-2021-22354CriJun 30, 2021
    risk 0.59cvss 9.1epss 0.01

    There is an Information Disclosure Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause out-of-bounds read.

  • CVE-2021-35973CriJun 30, 2021
    risk 0.64cvss 9.8epss 0.03

    NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the &currentsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866. This…

  • CVE-2021-35971CriJun 30, 2021
    risk 0.64cvss 9.8epss 0.01

    Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mishandles deserialization during Microsoft .NET remoting.

  • CVE-2021-22373CriJun 30, 2021
    risk 0.59cvss 9.1epss 0.01

    There is a Defects Introduced in the Design Process Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service integrity and availability.

  • CVE-2021-22323CriJun 30, 2021
    risk 0.64cvss 9.8epss 0.01

    There is an Integer Overflow Vulnerability in Huawei Smartphone. Successful exploitation of these vulnerabilities may escalate the permission to that of the root user.

  • CVE-2021-22380CriJun 30, 2021
    risk 0.59cvss 9.1epss 0.01

    There is a Cleartext Transmission of Sensitive Information Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality and availability.

  • CVE-2021-22375CriJun 30, 2021
    risk 0.64cvss 9.8epss 0.01

    There is a Key Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality,availability and integrity.

  • CVE-2021-27903CriJun 30, 2021
    risk 0.57cvss 9.8epss 0.03

    An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session).

  • CVE-2021-30648CriJun 30, 2021
    risk 0.64cvss 9.8epss 0.01

    The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the…

  • CVE-2019-18906CriJun 30, 2021
    risk 0.64cvss 9.8epss 0.01

    A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5…

  • CVE-2021-35474CriJun 30, 2021
    risk 0.64cvss 9.8epss 0.03

    Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

  • CVE-2021-35958CriJun 30, 2021
    risk 0.59cvss 9.1epss 0.02

    TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives

  • CVE-2021-29485CriJun 29, 2021
    risk 0.65cvss 9.9epss 0.02

    Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a malicious attacker can achieve Remote Code Execution (RCE) via a maliciously crafted Java deserialization gadget chain leveraged against the Ratpack session store. If one's application does not use…

  • CVE-2021-32992CriJun 29, 2021
    risk 0.64cvss 9.8epss 0.02

    FATEK Automation WinProladder Versions 3.30 and prior do not properly restrict operations within the bounds of a memory buffer, which may allow an attacker to execute arbitrary code.

  • CVE-2021-32990CriJun 29, 2021
    risk 0.64cvss 9.8epss 0.02

    FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.

  • CVE-2021-32988CriJun 29, 2021
    risk 0.64cvss 9.8epss 0.02

    FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.

  • CVE-2021-31531CriJun 29, 2021
    risk 0.64cvss 9.8epss 0.02

    Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF).

  • CVE-2020-7869CriJun 29, 2021
    risk 0.59cvss 9.0epss 0.02

    An improper input validation vulnerability of ZOOK software (remote administration tool) could allow a remote attacker to create arbitrary file. The ZOOK viewer has the "Tight file CMD" function to create file. An attacker could create and execute arbitrary file in the ZOOK…

  • CVE-2020-7868CriJun 29, 2021
    risk 0.63cvss 9.6epss 0.03

    A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login.

  • CVE-2020-23711CriJun 28, 2021
    risk 0.64cvss 9.8epss 0.01

    SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php.

  • CVE-2021-34187CriJun 28, 2021
    risk 0.01cvss 9.8epss 0.16

    main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter.

  • CVE-2021-35456CriJun 28, 2021
    risk 0.64cvss 9.8epss 0.02

    Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and shell upload

  • CVE-2021-31337CriJun 28, 2021
    risk 0.64cvss 9.8epss 0.02

    The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authentication, which may allow a remote attacker to gain access to the device if the service is enabled. Telnet is disabled by default on the SINAMICS Medium Voltage…

  • CVE-2021-35514CriJun 28, 2021
    risk 0.57cvss 9.8epss 0.01

    Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel.

  • CVE-2021-35502CriJun 25, 2021
    risk 0.64cvss 9.8epss 0.01

    app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-template:index.

  • CVE-2021-34427CriJun 25, 2021
    risk 0.68cvss 9.8epss 0.58

    In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance.

  • CVE-2021-34074CriJun 25, 2021
    risk 0.64cvss 9.8epss 0.07

    PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests.

  • CVE-2021-34184CriJun 25, 2021
    risk 0.64cvss 9.8epss 0.01

    Miniaudio 0.10.35 has a Double free vulnerability that could cause a buffer overflow in ma_default_vfs_close__stdio in miniaudio.h.

  • CVE-2021-35049CriJun 25, 2021
    risk 0.65cvss 9.9epss 0.05

    Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response in an…

  • CVE-2021-35048CriJun 25, 2021
    risk 0.64cvss 9.8epss 0.01

    Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. The vulnerability could lead to exposure of authentication tokens in some versions of Fidelis software. The vulnerability is present in Fidelis Network and…

  • CVE-2021-35047CriJun 25, 2021
    risk 0.64cvss 9.9epss 0.02

    Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components. The vulnerability is present in Fidelis…

  • CVE-2021-28958CriJun 25, 2021
    risk 0.70cvss 9.8epss 0.73

    Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password.

  • CVE-2021-32711CriJun 24, 2021
    risk 0.52cvss 9.1epss 0.01

    Shopware is an open source eCommerce platform. Versions prior to 6.3.5.1 may leak of information via Store-API. The vulnerability could only be fixed by changing the API system, which involves a non-backward-compatible change. Only consumers of the Store-API should be affected…

  • CVE-2020-17752CriJun 24, 2021
    risk 0.64cvss 9.8epss 0.02

    Integer overflow vulnerability in payable function of a smart contract implementation for an Ethereum token, as demonstrated by the smart contract implemented at address 0xB49E984A83d7A638E7F2889fc8328952BA951AbE, an implementation for MillionCoin (MON).

  • CVE-2021-32708CriJun 24, 2021
    risk 0.57cvss 9.8epss 0.03

    Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is…

  • CVE-2020-18667CriJun 24, 2021
    risk 0.64cvss 9.8epss 0.01

    SQL Injection vulnerability in WebPort <=1.19.1 via the new connection, parameter name in type-conn.

  • CVE-2021-33346CriJun 24, 2021
    risk 0.64cvss 9.8epss 0.01

    There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product. An attacker can use this vulnerability to modify the password of the admin user without authorization.

  • CVE-2021-31649CriJun 24, 2021
    risk 0.64cvss 9.8epss 0.02

    In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute

  • CVE-2020-21786CriJun 24, 2021
    risk 0.64cvss 9.8epss 0.01

    In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /system/modules/dashboard/controllers/CronController.php.

  • CVE-2020-21784CriJun 24, 2021
    risk 0.64cvss 9.8epss 0.01

    phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php.

  • CVE-2020-18662CriJun 24, 2021
    risk 0.67cvss 9.8epss 0.05

    SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_prefix parameter in install_db.php.

  • CVE-2020-21787CriJun 24, 2021
    risk 0.64cvss 9.8epss 0.02

    CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.

  • CVE-2021-29954CriJun 24, 2021
    risk 0.64cvss 9.8epss 0.01

    Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, including the metadata service. This vulnerability affects Hubs Cloud < mozillareality/reticulum/1.0.1/20210428201255.

  • CVE-2021-21809CriJun 23, 2021
    risk 0.64cvss 9.1epss 0.24

    A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.

  • CVE-2020-20392CriJun 23, 2021
    risk 0.64cvss 9.8epss 0.01

    SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php.

  • CVE-2021-21998CriJun 23, 2021
    risk 0.65cvss 9.8epss 0.11

    VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass. A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without…

  • CVE-2021-27649CriJun 23, 2021
    risk 0.64cvss 9.8epss 0.02

    Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2021-32700CriJun 22, 2021
    risk 0.00cvss 9.1epss 0.01

    Ballerina is an open source programming language and platform for cloud application programmers. Ballerina versions 1.2.x and SL releases up to alpha 3 have a potential for a supply chain attack via MiTM against users. Http connections did not make use of TLS and certificate…

  • CVE-2021-3044CriJun 22, 2021
    risk 0.64cvss 9.8epss 0.01

    An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than…

  • CVE-2021-20736CriJun 22, 2021
    risk 0.59cvss 9.1epss 0.01

    NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors.