VYPR

CVEs

31,781 total · page 404 of 636

  • CVE-2020-35138CriMar 29, 2021
    risk 0.64cvss 9.8epss 0.01

    The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of username/password details during the authentication process, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in the…

  • CVE-2020-25583CriMar 29, 2021
    risk 0.64cvss 9.8epss 0.01

    In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold(8) decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of…

  • CVE-2020-25577CriMar 29, 2021
    risk 0.64cvss 9.8epss 0.01

    In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold(8) does not verify that the RDNSS option does not extend past the end of the received packet before processing its contents. While…

  • CVE-2020-24636CriMar 29, 2021
    risk 0.64cvss 9.8epss 0.03

    A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x:…

  • CVE-2021-29417CriMar 29, 2021
    risk 0.64cvss 9.8epss 0.04

    gitjacker before 0.1.0 allows remote attackers to execute arbitrary code via a crafted .git directory because of directory traversal.

  • CVE-2021-28670CriMar 29, 2021
    risk 0.59cvss 9.1epss 0.01

    Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk.

  • CVE-2020-25218CriMar 29, 2021
    risk 0.64cvss 9.8epss 0.02

    Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface.

  • CVE-2021-1628CriMar 26, 2021
    risk 0.64cvss 9.8epss 0.01

    MuleSoft is aware of a XML External Entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Affected versions: Mule 4.x runtime released before February 2, 2021.

  • CVE-2021-1627CriMar 26, 2021
    risk 0.64cvss 9.8epss 0.01

    MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. This affects: Mule 3.8.x,3.9.x,4.x runtime released before February 2, 2021.

  • CVE-2021-1626CriMar 26, 2021
    risk 0.64cvss 9.8epss 0.02

    MuleSoft is aware of a Remote Code Execution vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Versions affected: Mule 4.1.x and 4.2.x runtime released before February 2, 2021.

  • CVE-2020-19625CriMar 26, 2021
    risk 0.65cvss 9.8epss 0.13

    Remote Code Execution Vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter.

  • CVE-2021-27372CriMar 25, 2021
    risk 0.64cvss 9.8epss 0.02

    Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly gain access to the device with root permissions via the build-in network monitoring tool and execute arbitrary commands.

  • CVE-2021-27440CriMar 25, 2021
    risk 0.64cvss 9.8epss 0.01

    The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1).

  • CVE-2020-10582CriMar 25, 2021
    risk 0.64cvss 9.8epss 0.02

    A SQL injection on the /admin/display_errors.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to execute arbitrary SQL requests (including data reading and modification) on the database.

  • CVE-2021-3466CriMar 25, 2021
    risk 0.64cvss 9.8epss 0.09

    A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data…

  • CVE-2021-27193CriMar 25, 2021
    risk 0.64cvss 9.8epss 0.01

    Incorrect default permissions vulnerability in the API of Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to read and write files on the remote machine with system privileges resulting in a privilege escalation.

  • CVE-2021-21783CriMar 25, 2021
    risk 0.64cvss 9.8epss 0.05

    A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.

  • CVE-2020-1946CriMar 25, 2021
    risk 0.64cvss 9.8epss 0.06

    In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use…

  • CVE-2021-26715CriMar 25, 2021
    risk 0.59cvss 9.1epss 0.01

    The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability. The vulnerability arises due to unsafe usage of the logo_uri parameter in the Dynamic Client Registration request. An unauthenticated attacker…

  • CVE-2021-21386CriMar 24, 2021
    risk 0.54cvss 9.3epss 0.02

    APKLeaks is an open-source project for scanning APK file for URIs, endpoints & secrets. APKLeaks prior to v2.0.3 allows remote attackers to execute arbitrary OS commands via package name inside application manifest. An attacker could include arguments that allow unintended…

  • CVE-2021-1418CriMar 24, 2021
    risk 0.64cvss 9.9epss 0.01

    Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept…

  • CVE-2021-1417CriMar 24, 2021
    risk 0.64cvss 9.9epss 0.01

    Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept…

  • CVE-2021-1411CriMar 24, 2021
    risk 0.64cvss 9.9epss 0.01

    Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept…

  • CVE-2021-1471CriMar 24, 2021
    risk 0.64cvss 9.9epss 0.01

    Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept…

  • CVE-2021-1469CriMar 24, 2021
    risk 0.64cvss 9.9epss 0.01

    Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept…

  • CVE-2021-22192CriMar 24, 2021
    risk 0.58cvss 9.9epss 0.13

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server.

  • CVE-2020-36283CriMar 24, 2021
    risk 0.62cvss 9.6epss 0.01

    HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver (Ethernet Emulation Mode). By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to upload a configuration file to the…

  • CVE-2020-35337CriMar 24, 2021
    risk 0.64cvss 9.8epss 0.02

    ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands.

  • CVE-2021-28967CriMar 24, 2021
    risk 0.00cvss 9.8epss 0.02

    The unofficial MATLAB extension before 2.0.1 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace because of lint configuration settings.

  • CVE-2021-23274CriMar 23, 2021
    risk 0.64cvss 9.8epss 0.01

    The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on…

  • CVE-2021-29082CriMar 23, 2021
    risk 0.62cvss 9.6epss 0.00

    Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBW30 before 2.6.1.4, RBS40V before 2.6.1.4, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBK754 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before…

  • CVE-2021-29079CriMar 23, 2021
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

  • CVE-2021-29078CriMar 23, 2021
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12,…

  • CVE-2021-29077CriMar 23, 2021
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBW30 before 2.6.2.2, RBS40V before 2.6.2.4, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752…

  • CVE-2021-29076CriMar 23, 2021
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

  • CVE-2021-29071CriMar 23, 2021
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBR752 before 3.2.17.12, RBR753 before 3.2.17.12, RBR753S…

  • CVE-2021-29068CriMar 23, 2021
    risk 0.64cvss 9.9epss 0.01

    Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 before 1.0.4.98, R6400v2 before 1.0.4.98, R7000 before 1.0.11.106, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.26, R7850 before 1.0.5.60, R8000…

  • CVE-2021-29067CriMar 23, 2021
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by authentication bypass. This affects RBW30 before 2.6.2.2, RBS40V before 2.6.2.4, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753…

  • CVE-2021-29066CriMar 23, 2021
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

  • CVE-2021-29065CriMar 23, 2021
    risk 0.62cvss 9.6epss 0.01

    NETGEAR RBR850 devices before 3.2.10.11 are affected by authentication bypass.

  • CVE-2021-26295CriMar 22, 2021
    risk 0.75cvss 9.8epss 0.98

    Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.

  • CVE-2021-28955CriMar 22, 2021
    risk 0.00cvss 9.8epss 0.02

    git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows).

  • CVE-2020-13963CriMar 21, 2021
    risk 0.64cvss 9.8epss 0.02

    SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp (which is a guest account).

  • CVE-2019-10196CriMar 19, 2021
    risk 0.57cvss 9.8epss 0.01

    A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data…

  • CVE-2021-26990CriMar 19, 2021
    risk 0.59cvss 9.1epss 0.02

    Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote attacker to overwrite arbitrary system files.

  • CVE-2021-28834CriMar 19, 2021
    risk 0.57cvss 9.8epss 0.03

    Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.

  • CVE-2021-25289CriMar 19, 2021
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.

  • CVE-2020-6577CriMar 19, 2021
    risk 0.64cvss 9.8epss 0.02

    The IT-Recht Kanzlei plugin in Zen Cart 1.5.6c (German edition) allows itrk-api.php rechtstext_language SQL Injection.

  • CVE-2021-26275CriMar 19, 2021
    risk 0.64cvss 9.8epss 0.03

    The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The ozum/eslint-fixer GitHub repository has been intentionally…

  • CVE-2020-14516CriMar 18, 2021
    risk 0.65cvss 10.0epss 0.04

    In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly.