VYPR

CVEs

31,781 total · page 401 of 636

  • CVE-2020-23907CriApr 21, 2021
    risk 0.00cvss 9.8epss 0.03

    An issue was discovered in retdec v3.3. In function canSplitFunctionOn() of ir_modifications.cpp, there is a possible out of bounds read due to a heap buffer overflow. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution.

  • CVE-2020-35314CriApr 20, 2021
    risk 0.69cvss 9.8epss 0.27

    A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer.

  • CVE-2020-35313CriApr 20, 2021
    risk 0.70cvss 9.8epss 0.45

    A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer.

  • CVE-2021-29459CriApr 20, 2021
    risk 0.62cvss 9.6epss 0.01

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible to persistently inject scripts in XWiki versions prior to 12.6.3 and 12.8. Unregistred users can fill simple text fields. Registered users can fill in their…

  • CVE-2021-28827CriApr 20, 2021
    risk 0.62cvss 9.6epss 0.01

    The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for…

  • CVE-2021-28793CriApr 20, 2021
    risk 0.00cvss 9.8epss 0.02

    vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.

  • CVE-2020-27241CriApr 19, 2021
    risk 0.64cvss 9.8epss 0.01

    An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this…

  • CVE-2020-27240CriApr 19, 2021
    risk 0.64cvss 9.8epss 0.01

    An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The componentStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this…

  • CVE-2021-20991CriApr 19, 2021
    risk 0.64cvss 9.8epss 0.05

    In Fibaro Home Center 2 and Lite devices with firmware version 4.540 and older an authenticated user can run commands as root user using a command injection vulnerability.

  • CVE-2021-23378CriApr 18, 2021
    risk 0.64cvss 9.8epss 0.02

    This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.

  • CVE-2021-23377CriApr 18, 2021
    risk 0.64cvss 9.8epss 0.03

    This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.

  • CVE-2021-23376CriApr 18, 2021
    risk 0.64cvss 9.8epss 0.02

    This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.

  • CVE-2020-36195CriApr 17, 2021
    risk 0.64cvss 9.8epss 0.02

    An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following…

  • CVE-2020-2509CriKEVApr 17, 2021
    risk 0.78cvss 9.8epss 0.33

    A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build…

  • CVE-2021-29451CriApr 16, 2021
    risk 0.52cvss 9.1epss 0.01

    Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release.

  • CVE-2021-26830CriApr 16, 2021
    risk 0.56cvss 9.1epss 0.05

    SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.

  • CVE-2021-31414CriApr 16, 2021
    risk 0.00cvss 9.8epss 0.02

    The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code allows remote code execution via a crafted workspace configuration.

  • CVE-2021-27692CriApr 16, 2021
    risk 0.64cvss 9.8epss 0.03

    Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request. This occurs because the "formSetUSBPartitionUmount"…

  • CVE-2021-27691CriApr 16, 2021
    risk 0.66cvss 9.8epss 0.25

    Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted…

  • CVE-2021-27112CriApr 15, 2021
    risk 0.64cvss 9.8epss 0.02

    LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images.

  • CVE-2020-28592CriApr 15, 2021
    risk 0.64cvss 9.8epss 0.03

    A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this…

  • CVE-2020-27239CriApr 15, 2021
    risk 0.64cvss 9.8epss 0.01

    An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this…

  • CVE-2020-27238CriApr 15, 2021
    risk 0.64cvss 9.8epss 0.01

    An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

  • CVE-2020-27237CriApr 15, 2021
    risk 0.64cvss 9.8epss 0.01

    An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the The nomenclature parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP…

  • CVE-2021-27850CriApr 15, 2021
    risk 0.74cvss 9.8epss 0.94

    A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of…

  • CVE-2021-30459CriApr 14, 2021
    risk 0.64cvss 9.8epss 0.02

    A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.

  • CVE-2021-27710CriApr 14, 2021
    risk 0.64cvss 9.8epss 0.08

    Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes…

  • CVE-2021-27708CriApr 14, 2021
    risk 0.64cvss 9.8epss 0.08

    Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes…

  • CVE-2021-27258CriApr 14, 2021
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SaveUserSetting endpoint. The issue results…

  • CVE-2021-27707CriApr 14, 2021
    risk 0.64cvss 9.8epss 0.03

    Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"portMappingIndex "request. This occurs because the "formDelPortMapping" function directly passes the parameter "portMappingIndex"…

  • CVE-2021-27706CriApr 14, 2021
    risk 0.64cvss 9.8epss 0.03

    Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"IPMacBindIndex "request. This occurs because the "formIPMacBindDel" function directly passes the parameter…

  • CVE-2021-27705CriApr 14, 2021
    risk 0.64cvss 9.8epss 0.03

    Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"qosIndex "request. This occurs because the "formQOSRuleDel" function directly passes the parameter "qosIndex" to strcpy without…

  • CVE-2021-27130CriApr 14, 2021
    risk 0.64cvss 9.8epss 0.02

    Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload.

  • CVE-2020-29592CriApr 14, 2021
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an attacker to upload dangerous executables that bypass the file types allowed (regardless of the file types allowed list in…

  • CVE-2021-28300CriApr 14, 2021
    risk 0.64cvss 9.8epss 0.02

    NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file.

  • CVE-2021-27114CriApr 14, 2021
    risk 0.66cvss 9.8epss 0.25

    An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long text entry for the"'s_ip" and "s_mac" fields could lead to a Stack-Based Buffer Overflow and overwrite the return address.

  • CVE-2021-27113CriApr 14, 2021
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters.

  • CVE-2020-19778CriApr 14, 2021
    risk 0.64cvss 9.8epss 0.02

    Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in "/index.php" by manipulating the parameter "user_id" in the HTML request.

  • CVE-2021-28797CriApr 14, 2021
    risk 0.64cvss 9.8epss 0.06

    A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance…

  • CVE-2021-31162CriApr 14, 2021
    risk 0.00cvss 9.8epss 0.03

    In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.

  • CVE-2021-24028CriApr 14, 2021
    risk 0.00cvss 9.8epss 0.02

    An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.

  • CVE-2019-10881CriApr 13, 2021
    risk 0.64cvss 9.8epss 0.01

    Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled.

  • CVE-2021-28483CriApr 13, 2021
    risk 0.59cvss 9.0epss 0.01

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2021-28481CriApr 13, 2021
    risk 0.67cvss 9.8epss 0.36

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2021-28480CriApr 13, 2021
    risk 0.69cvss 9.8epss 0.71

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2021-21399CriApr 13, 2021
    risk 0.59cvss 9.1epss 0.01

    Ampache is a web based audio/video streaming application and file manager. Versions prior to 4.4.1 allow unauthenticated access to Ampache using the subsonic API. To successfully make the attack you must use a username that is not part of the site to bypass the auth checks. For…

  • CVE-2021-27602CriApr 13, 2021
    risk 0.65cvss 9.9epss 0.02

    SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules within the application. An attacker with this authorization can inject…

  • CVE-2021-23281CriApr 13, 2021
    risk 0.65cvss 10.0epss 0.02

    Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in meta_driver_srv.js class. Attackers can send a specially crafted packet to…

  • CVE-2021-0430CriApr 13, 2021
    risk 0.64cvss 9.8epss 0.03

    In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution via a malicious NFC packet with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-29999CriApr 13, 2021
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhcp server.