VYPR

CVEs

31,781 total · page 400 of 636

  • CVE-2019-25034CriApr 27, 2021
    risk 0.64cvss 9.8epss 0.02

    Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally…

  • CVE-2019-25033CriApr 27, 2021
    risk 0.64cvss 9.8epss 0.02

    Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

  • CVE-2019-25032CriApr 27, 2021
    risk 0.64cvss 9.8epss 0.02

    Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

  • CVE-2021-31646CriApr 26, 2021
    risk 0.64cvss 9.8epss 0.01

    Gestsup before 3.2.10 allows account takeover through the password recovery functionality (remote). The affected component is the file forgot_pwd.php - it uses a weak algorithm for the generation of password recovery tokens (the PHP uniqueid function), allowing a brute force…

  • CVE-2021-29475CriApr 26, 2021
    risk 0.00cvss 10.0epss 0.01

    HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker is able to receive arbitrary files from the file system when exporting a note to PDF. Since the code injection has to take place as note content, there fore this exploit requires the…

  • CVE-2021-21226CriApr 26, 2021
    risk 0.63cvss 9.6epss 0.01

    Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2021-21223CriApr 26, 2021
    risk 0.63cvss 9.6epss 0.01

    Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2021-21201CriApr 26, 2021
    risk 0.63cvss 9.6epss 0.02

    Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2021-25839CriApr 26, 2021
    risk 0.64cvss 9.8epss 0.01

    A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing.

  • CVE-2021-26797CriApr 26, 2021
    risk 0.64cvss 9.8epss 0.01

    An access control vulnerability in Hame SD1 Wi-Fi firmware <=V.20140224154640 allows an attacker to get system administrator through an open Telnet service.

  • CVE-2021-25928CriApr 26, 2021
    risk 0.64cvss 9.8epss 0.03

    Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through 1.0.2 allows an attacker to cause a denial of service and may lead to remote code execution.

  • CVE-2021-25927CriApr 26, 2021
    risk 0.57cvss 9.8epss 0.03

    Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.

  • CVE-2021-20711CriApr 26, 2021
    risk 0.64cvss 9.8epss 0.01

    Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.

  • CVE-2021-20697CriApr 26, 2021
    risk 0.64cvss 9.8epss 0.02

    Missing authentication for critical function in DAP-1880AC firmware version 1.21 and earlier allows a remote attacker to login to the device as an authenticated user without the access privilege via unspecified vectors.

  • CVE-2021-31761CriApr 25, 2021
    risk 0.68cvss 9.6epss 0.34

    Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature.

  • CVE-2021-31726CriApr 25, 2021
    risk 0.64cvss 9.8epss 0.02

    Akuvox C315 115.116.2613 allows remote command Injection via the cfgd_server service. The attack vector is sending a payload to port 189 (default root 0.0.0.0).

  • CVE-2021-30502CriApr 25, 2021
    risk 0.00cvss 9.8epss 0.03

    The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand.

  • CVE-2021-22205CriKEVApr 23, 2021
    risk 0.87cvss 10.0epss 1.00

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.

  • CVE-2021-22893CriKEVApr 23, 2021
    risk 0.87cvss 10.0epss 0.47

    Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code…

  • CVE-2021-26291CriApr 23, 2021
    risk 0.53cvss 9.1epss 0.09

    Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to…

  • CVE-2021-31597CriApr 23, 2021
    risk 0.54cvss 9.4epss 0.02

    The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate…

  • CVE-2021-2320CriApr 22, 2021
    risk 0.59cvss 9.1epss 0.01

    Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 1.4. Easily exploitable vulnerability allows high privileged attacker with network access via…

  • CVE-2021-2319CriApr 22, 2021
    risk 0.59cvss 9.1epss 0.01

    Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 1.4. Easily exploitable vulnerability allows high privileged attacker with network access via…

  • CVE-2021-2318CriApr 22, 2021
    risk 0.59cvss 9.1epss 0.01

    Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 1.4. Easily exploitable vulnerability allows high privileged attacker with network access via…

  • CVE-2021-2317CriApr 22, 2021
    risk 0.65cvss 10.0epss 0.02

    Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 1.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2021-2302CriApr 22, 2021
    risk 0.64cvss 9.8epss 0.06

    Vulnerability in the Oracle Platform Security for Java product of Oracle Fusion Middleware (component: OPSS). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2021-2256CriApr 22, 2021
    risk 0.65cvss 10.0epss 0.02

    Vulnerability in the Oracle Storage Cloud Software Appliance product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 16.3.1.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2021-2253CriApr 22, 2021
    risk 0.59cvss 9.1epss 0.01

    Vulnerability in the Oracle Advanced Supply Chain Planning product of Oracle Supply Chain (component: Core). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle…

  • CVE-2021-2248CriApr 22, 2021
    risk 0.65cvss 10.0epss 0.03

    Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle…

  • CVE-2021-2244CriApr 22, 2021
    risk 0.65cvss 10.0epss 0.02

    Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: JAPI) and Essbase Analytic Provider Services product of Oracle Essbase (component: JAPI). Supported versions that are affected are Hyperion Analytic Provider Services 11.1.2.4 and…

  • CVE-2021-2221CriApr 22, 2021
    risk 0.63cvss 9.6epss 0.02

    Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle…

  • CVE-2021-2205CriApr 22, 2021
    risk 0.59cvss 9.1epss 0.02

    Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.2.7-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…

  • CVE-2021-2200CriApr 22, 2021
    risk 0.59cvss 9.1epss 0.01

    Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Home page). The supported version that is affected is 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle…

  • CVE-2021-2177CriApr 22, 2021
    risk 0.65cvss 10.0epss 0.03

    Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise…

  • CVE-2021-2136CriApr 22, 2021
    risk 0.64cvss 9.8epss 0.02

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2021-2135CriApr 22, 2021
    risk 0.64cvss 9.8epss 0.08

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Coherence Container). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access…

  • CVE-2020-17564CriApr 22, 2021
    risk 0.59cvss 9.1epss 0.03

    Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to the " Admin/DataAction.class.php" component.

  • CVE-2020-17563CriApr 22, 2021
    risk 0.59cvss 9.1epss 0.03

    Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to " /index.php?s=/admin-tpl-del&id=".

  • CVE-2021-27389CriApr 22, 2021
    risk 0.64cvss 9.8epss 0.01

    A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30). A private sign key is shipped with the product without adequate protection.

  • CVE-2021-25669CriApr 22, 2021
    risk 0.64cvss 9.8epss 0.02

    A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All…

  • CVE-2021-25668CriApr 22, 2021
    risk 0.64cvss 9.8epss 0.02

    A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All…

  • CVE-2021-24240CriApr 22, 2021
    risk 0.64cvss 9.8epss 0.03

    The Business Hours Pro WordPress plugin through 5.5.0 allows a remote attacker to upload arbitrary files using its manual update functionality, leading to an unauthenticated remote code execution vulnerability.

  • CVE-2021-0254CriApr 22, 2021
    risk 0.64cvss 9.8epss 0.03

    A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a partial Denial of Service (DoS) condition, or leading to remote code execution…

  • CVE-2021-0248CriApr 22, 2021
    risk 0.65cvss 10.0epss 0.01

    This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials in Juniper Networks Junos OS allows an attacker to take over any instance of an NFX deployment. This issue is only exploitable through administrative interfaces. This…

  • CVE-2021-31572CriApr 22, 2021
    risk 0.00cvss 9.8epss 0.01

    The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in stream_buffer.c for a stream buffer.

  • CVE-2021-31571CriApr 22, 2021
    risk 0.00cvss 9.8epss 0.01

    The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in queue.c for queue creation.

  • CVE-2021-30476CriApr 22, 2021
    risk 0.64cvss 9.8epss 0.02

    HashiCorp Terraform’s Vault Provider (terraform-provider-vault) did not correctly configure GCE-type bound labels for Vault’s GCP auth method. Fixed in 2.19.1.

  • CVE-2021-3287CriApr 22, 2021
    risk 0.71cvss 9.8epss 0.51

    Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.

  • CVE-2021-21427CriApr 21, 2021
    risk 0.59cvss 9.1epss 0.01

    Magento-lts is a long-term support alternative to Magento Community Edition (CE). A vulnerability in magento-lts versions before 19.4.13 and 20.0.9 potentially allows an administrator unauthorized access to restricted resources. This is a backport of CVE-2021-21024. The…

  • CVE-2021-21426CriApr 21, 2021
    risk 0.64cvss 9.8epss 0.01

    Magento-lts is a long-term support alternative to Magento Community Edition (CE). In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4.13 and 20.0.9 was back ported…