VYPR

CVEs

31,781 total · page 405 of 636

  • CVE-2021-28794CriMar 18, 2021
    risk 0.00cvss 9.8epss 0.02

    The unofficial ShellCheck extension before 0.13.4 for Visual Studio Code mishandles shellcheck.executablePath.

  • CVE-2021-24148CriMar 18, 2021
    risk 0.64cvss 9.8epss 0.03

    A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address.

  • CVE-2021-24139CriMar 18, 2021
    risk 0.64cvss 9.8epss 0.05

    Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter.

  • CVE-2019-18235CriMar 17, 2021
    risk 0.64cvss 9.8epss 0.01

    Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack.

  • CVE-2021-22860CriMar 17, 2021
    risk 0.64cvss 9.8epss 0.03

    EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. The vulnerability allows remote attacker to obtain users’ credential information without logging in the system, and further acquire the privileged permissions and…

  • CVE-2021-22859CriMar 17, 2021
    risk 0.64cvss 9.8epss 0.04

    The users’ data querying function of EIC e-document system does not filter the special characters which resulted in remote attackers can inject SQL syntax and execute arbitrary commands without privilege.

  • CVE-2020-11299CriMar 17, 2021
    risk 0.64cvss 9.8epss 0.01

    Buffer overflow can occur in video while playing the non-standard clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

  • CVE-2020-11227CriMar 17, 2021
    risk 0.64cvss 9.8epss 0.01

    Out of bound write while parsing RTT/TTY packet parsing due to lack of check of buffer size before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,…

  • CVE-2020-11222CriMar 17, 2021
    risk 0.59cvss 9.1epss 0.01

    Buffer over read while processing MT SMS with maximum length due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile

  • CVE-2020-11192CriMar 17, 2021
    risk 0.64cvss 9.8epss 0.01

    Out of bound write while parsing SDP string due to missing check on null termination in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon…

  • CVE-2020-11190CriMar 17, 2021
    risk 0.59cvss 9.1epss 0.01

    Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &…

  • CVE-2020-11189CriMar 17, 2021
    risk 0.59cvss 9.1epss 0.01

    Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &…

  • CVE-2020-11188CriMar 17, 2021
    risk 0.59cvss 9.1epss 0.01

    Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &…

  • CVE-2020-11171CriMar 17, 2021
    risk 0.59cvss 9.1epss 0.01

    Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &…

  • CVE-2020-11166CriMar 17, 2021
    risk 0.59cvss 9.1epss 0.01

    Potential out of bound read exception when UE receives unusually large number of padding octets in the beginning of ROHC header in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile,…

  • CVE-2021-28381CriMar 16, 2021
    risk 0.64cvss 9.8epss 0.01

    The vhs (aka VHS: Fluid ViewHelpers) extension before 5.1.1 for TYPO3 allows SQL injection via isLanguageViewHelper.

  • CVE-2021-28294CriMar 16, 2021
    risk 0.64cvss 9.8epss 0.04

    Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST/store/initiateorder.php, which may lead to remote code execution (RCE).

  • CVE-2020-28899CriMar 16, 2021
    risk 0.59cvss 9.1epss 0.02

    The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, which allows remote unauthenticated attackers (via crafted JSON action data to /cgi-bin/gui.cgi) to use all features provided by the router. Examples: change the router password,…

  • CVE-2021-25916CriMar 16, 2021
    risk 0.57cvss 9.8epss 0.04

    Prototype pollution vulnerability in 'patchmerge' versions 1.0.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.

  • CVE-2020-24264CriMar 16, 2021
    risk 0.64cvss 9.8epss 0.04

    Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once…

  • CVE-2021-26987CriMar 15, 2021
    risk 0.64cvss 9.8epss 0.02

    Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server,…

  • CVE-2020-28149CriMar 15, 2021
    risk 0.63cvss 9.6epss 0.02

    myDBR 5.8.3/4262 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary code (remote). The component is: CSRF Token. The attack vector is: CSRF token injection to XSS.

  • CVE-2021-27817CriMar 15, 2021
    risk 0.64cvss 9.8epss 0.03

    A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix.

  • CVE-2020-24877CriMar 15, 2021
    risk 0.64cvss 9.8epss 0.02

    A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a possible access restriction bypass.

  • CVE-2020-35358CriMar 15, 2021
    risk 0.64cvss 9.8epss 0.02

    DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do not expire and remain active. Such flaws frequently give attackers…

  • CVE-2021-20232CriMar 12, 2021
    risk 0.64cvss 9.8epss 0.03

    A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.

  • CVE-2021-20231CriMar 12, 2021
    risk 0.57cvss 9.8epss 0.04

    A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.

  • CVE-2021-28308CriMar 12, 2021
    risk 0.59cvss 9.1epss 0.01

    An issue was discovered in the fltk crate before 0.15.3 for Rust. There is an out-of bounds read because the pixmap constructor lacks pixmap input validation.

  • CVE-2021-28305CriMar 12, 2021
    risk 0.00cvss 9.8epss 0.01

    An issue was discovered in the diesel crate before 1.4.6 for Rust. There is a use-after-free in the SQLite backend because the semantics of sqlite3_column_name are not followed.

  • CVE-2021-27647CriMar 12, 2021
    risk 0.64cvss 9.8epss 0.03

    Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.

  • CVE-2021-27646CriMar 12, 2021
    risk 0.64cvss 9.8epss 0.04

    Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.

  • CVE-2021-26569CriMar 12, 2021
    risk 0.64cvss 9.8epss 0.02

    Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.

  • CVE-2020-36282CriMar 12, 2021
    risk 0.57cvss 9.8epss 0.03

    JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data.

  • CVE-2021-28154CriMar 11, 2021
    risk 0.59cvss 9.1epss 0.01

    Camunda Modeler (aka camunda-modeler) through 4.6.0 allows arbitrary file access. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which manipulates the readFile and writeFile APIs. NOTE: the vendor states "The way we secured…

  • CVE-2016-20009CriMar 11, 2021
    risk 0.64cvss 9.8epss 0.02

    A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

  • CVE-2021-22714CriMar 11, 2021
    risk 0.64cvss 9.8epss 0.02

    A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION7400, PM8000 and ION9000 (All versions prior to V3.0.0), which could cause the meter to reboot or allow for remote code execution.

  • CVE-2020-29045CriMar 11, 2021
    risk 0.66cvss 9.8epss 0.31

    The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the fdm_cart cookie in load_cart_from_cookie in includes/class-cart-manager.php.

  • CVE-2021-28141CriMar 11, 2021
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1.224. It allows unauthorized access to MicrosoftAjax.js through the Telerik.Web.UI.WebResource.axd file. This may allow the attacker to gain unauthorized access to the server and execute code. To exploit, one…

  • CVE-2021-27080CriMar 11, 2021
    risk 0.61cvss 9.3epss 0.01

    Azure Sphere Unsigned Code Execution Vulnerability

  • CVE-2021-26897CriMar 11, 2021
    risk 0.65cvss 9.8epss 0.14

    Windows DNS Server Remote Code Execution Vulnerability

  • CVE-2021-26895CriMar 11, 2021
    risk 0.64cvss 9.8epss 0.07

    Windows DNS Server Remote Code Execution Vulnerability

  • CVE-2021-26894CriMar 11, 2021
    risk 0.64cvss 9.8epss 0.07

    Windows DNS Server Remote Code Execution Vulnerability

  • CVE-2021-26893CriMar 11, 2021
    risk 0.64cvss 9.8epss 0.06

    Windows DNS Server Remote Code Execution Vulnerability

  • CVE-2021-26877CriMar 11, 2021
    risk 0.65cvss 9.8epss 0.19

    Windows DNS Server Remote Code Execution Vulnerability

  • CVE-2021-26867CriMar 11, 2021
    risk 0.65cvss 9.9epss 0.03

    Windows Hyper-V Remote Code Execution Vulnerability

  • CVE-2021-28132CriMar 11, 2021
    risk 0.64cvss 9.8epss 0.03

    LUCY Security Awareness Software through 4.7.x allows unauthenticated remote code execution because the Migration Tool (in the Support section) allows upload of .php files within a system.tar.gz file. The .php file becomes accessible with a public/system/static URI.

  • CVE-2020-1900CriMar 11, 2021
    risk 0.00cvss 9.8epss 0.01

    When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in…

  • CVE-2021-28134CriMar 11, 2021
    risk 0.00cvss 9.8epss 0.05

    Clipper before 1.0.5 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API.

  • CVE-2021-24030CriMar 10, 2021
    risk 0.64cvss 9.8epss 0.02

    The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote arguments passed to the executable. That allows a malicious URL to cause code execution. This issue affects versions prior to v1.26.0.

  • CVE-2021-24025CriMar 10, 2021
    risk 0.00cvss 9.8epss 0.02

    Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all…