VYPR

CVEs

31,781 total · page 406 of 636

  • CVE-2021-0397CriMar 10, 2021
    risk 0.64cvss 9.8epss 0.06

    In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11…

  • CVE-2021-0396CriMar 10, 2021
    risk 0.64cvss 9.8epss 0.02

    In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc and related files, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed.…

  • CVE-2020-1917CriMar 10, 2021
    risk 0.00cvss 9.8epss 0.01

    xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM…

  • CVE-2020-1916CriMar 10, 2021
    risk 0.00cvss 9.8epss 0.01

    An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0.

  • CVE-2021-28122CriMar 10, 2021
    risk 0.00cvss 9.8epss 0.04

    A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative…

  • CVE-2020-24791CriMar 10, 2021
    risk 0.64cvss 9.8epss 0.03

    FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

  • CVE-2021-28119CriMar 9, 2021
    risk 0.64cvss 9.8epss 0.04

    Twinkle Tray (aka twinkle-tray) through 1.13.3 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API.

  • CVE-2021-25915CriMar 9, 2021
    risk 0.57cvss 9.8epss 0.04

    Prototype pollution vulnerability in 'changeset' versions 0.0.1 through 0.2.5 allows an attacker to cause a denial of service and may lead to remote code execution.

  • CVE-2021-21484CriMar 9, 2021
    risk 0.64cvss 9.8epss 0.01

    LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind.

  • CVE-2021-27581CriMar 5, 2021
    risk 0.64cvss 9.8epss 0.02

    The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.

  • CVE-2021-3420CriMar 5, 2021
    risk 0.64cvss 9.8epss 0.02

    A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based…

  • CVE-2020-29020CriMar 5, 2021
    risk 0.59cvss 9.1epss 0.02

    Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware.

  • CVE-2021-26705CriMar 5, 2021
    risk 0.59cvss 9.1epss 0.02

    An issue was discovered in SquareBox CatDV Server through 9.2. An attacker can invoke sensitive RMI methods such as getConnections without authentication, the results of which can be used to generate valid authentication tokens. These tokens can then be used to invoke…

  • CVE-2020-28050CriMar 5, 2021
    risk 0.60cvss 9.1epss 0.05

    Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the server.

  • CVE-2021-28037CriMar 5, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the internment crate before 0.4.2 for Rust. There is a data race that can cause memory corruption because of the unconditional implementation of Sync for Intern.

  • CVE-2021-28035CriMar 5, 2021
    risk 0.57cvss 9.8epss 0.01

    An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a drop of uninitialized memory can occur upon a val.clone() panic.

  • CVE-2021-28034CriMar 5, 2021
    risk 0.57cvss 9.8epss 0.01

    An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a double free can occur upon a val.clone() panic.

  • CVE-2021-28033CriMar 5, 2021
    risk 0.57cvss 9.8epss 0.01

    An issue was discovered in the byte_struct crate before 0.6.1 for Rust. There can be a drop of uninitialized memory if a certain deserialization method panics.

  • CVE-2021-28032CriMar 5, 2021
    risk 0.57cvss 9.8epss 0.01

    An issue was discovered in the nano_arena crate before 0.5.2 for Rust. There is an aliasing violation in split_at because two mutable references can exist for the same element, if Borrow behaves in certain ways. This can have a resultant out-of-bounds write or…

  • CVE-2021-28031CriMar 5, 2021
    risk 0.57cvss 9.8epss 0.01

    An issue was discovered in the scratchpad crate before 1.3.1 for Rust. The move_elements function can have a double-free upon a panic in a user-provided f function.

  • CVE-2021-28028CriMar 5, 2021
    risk 0.57cvss 9.8epss 0.01

    An issue was discovered in the toodee crate before 0.3.0 for Rust. Row insertion can cause a double free upon an iterator panic.

  • CVE-2021-28027CriMar 5, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the bam crate before 0.1.3 for Rust. There is an integer underflow and out-of-bounds write during the loading of a bgzip block.

  • CVE-2020-29658CriMar 5, 2021
    risk 0.64cvss 9.8epss 0.04

    Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration setting for Nginx, leading to Privilege Escalation.

  • CVE-2021-27965CriMar 5, 2021
    risk 0.65cvss 9.8epss 0.12

    The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054 IOCTL request.

  • CVE-2021-27964CriMar 5, 2021
    risk 0.70cvss 9.8epss 0.46

    SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file.

  • CVE-2021-27314CriMar 5, 2021
    risk 0.65cvss 9.8epss 0.12

    SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page.

  • CVE-2021-26293CriMar 4, 2021
    risk 0.64cvss 9.8epss 0.07

    An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files (such as an executable file under the web root). This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x.

  • CVE-2020-8298CriMar 4, 2021
    risk 0.58cvss 9.8epss 0.11

    fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the `copy`, `copySync`, `remove`, and `removeSync` methods.

  • CVE-2020-35636CriMar 4, 2021
    risk 0.64cvss 9.8epss 0.03

    A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume() OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which…

  • CVE-2020-35628CriMar 4, 2021
    risk 0.64cvss 9.8epss 0.03

    A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this…

  • CVE-2020-28636CriMar 4, 2021
    risk 0.64cvss 9.8epss 0.03

    A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker can provide malicious input to trigger this vulnerability.

  • CVE-2020-28601CriMar 4, 2021
    risk 0.64cvss 9.8epss 0.03

    A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this…

  • CVE-2021-23128CriMar 4, 2021
    risk 0.59cvss 9.1epss 0.02

    An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to 'random_bytes()' and its backport that is shipped within…

  • CVE-2021-23127CriMar 4, 2021
    risk 0.59cvss 9.1epss 0.02

    An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes.

  • CVE-2021-23344CriMar 4, 2021
    risk 0.57cvss 9.8epss 0.05

    The package total.js before 3.4.8 are vulnerable to Remote Code Execution (RCE) via set.

  • CVE-2020-24914CriMar 4, 2021
    risk 0.64cvss 9.8epss 0.05

    A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request.

  • CVE-2020-24913CriMar 4, 2021
    risk 0.67cvss 9.8epss 0.41

    A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.

  • CVE-2021-27931CriMar 3, 2021
    risk 0.61cvss 9.1epss 0.19

    LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.

  • CVE-2021-22681CriKEVMar 3, 2021
    risk 0.78cvss 9.8epss 0.25

    Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580;…

  • CVE-2021-21978CriMar 3, 2021
    risk 0.75cvss 9.8epss 0.99

    VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner…

  • CVE-2020-29047CriMar 3, 2021
    risk 0.65cvss 9.8epss 0.16

    The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpress_hotel_booking_1 cookie in load in includes/class-wphb-sessions.php.

  • CVE-2021-27215CriMar 3, 2021
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces (Admin, Userweb, Sidechannel) can use different methods to perform the authentication of a user. A specific authentication method during…

  • CVE-2021-25315CriMar 3, 2021
    risk 0.64cvss 9.8epss 0.02

    CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3…

  • CVE-2021-27078CriMar 3, 2021
    risk 0.61cvss 9.1epss 0.18

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2021-26855CriKEVMar 3, 2021
    risk 0.88cvss 9.1epss 1.00

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2021-26412CriMar 3, 2021
    risk 0.62cvss 9.1epss 0.30

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2020-28657CriMar 2, 2021
    risk 0.64cvss 9.8epss 0.02

    In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authentication and allow SQL injections, which could lead to platform compromise.

  • CVE-2021-21322CriMar 2, 2021
    risk 0.58cvss 10.0epss 0.02

    fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is `/pub/`, a user…

  • CVE-2021-21321CriMar 2, 2021
    risk 0.58cvss 10.0epss 0.02

    fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of…

  • CVE-2021-27730CriMar 2, 2021
    risk 0.64cvss 9.8epss 0.01

    Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later.