VYPR

CVEs

31,781 total · page 413 of 636

  • CVE-2020-11136CriJan 21, 2021
    risk 0.64cvss 9.8epss 0.01

    Buffer Over-read in audio driver while using malloc management function due to not returning NULL for zero sized memory requirement in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon…

  • CVE-2020-27221CriJan 21, 2021
    risk 0.64cvss 9.8epss 0.02

    In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding.

  • CVE-2021-1225CriJan 20, 2021
    risk 0.59cvss 9.1epss 0.01

    Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities exist because the web-based management interface…

  • CVE-2021-1142CriJan 20, 2021
    risk 0.64cvss 9.8epss 0.04

    Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this…

  • CVE-2021-1141CriJan 20, 2021
    risk 0.64cvss 9.8epss 0.04

    Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this…

  • CVE-2021-1140CriJan 20, 2021
    risk 0.64cvss 9.8epss 0.04

    Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this…

  • CVE-2021-1139CriJan 20, 2021
    risk 0.64cvss 9.8epss 0.04

    Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this…

  • CVE-2021-1138CriJan 20, 2021
    risk 0.64cvss 9.8epss 0.04

    Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this…

  • CVE-2021-1301CriJan 20, 2021
    risk 0.64cvss 9.8epss 0.02

    Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

  • CVE-2021-1300CriJan 20, 2021
    risk 0.64cvss 9.8epss 0.02

    Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

  • CVE-2021-1264CriJan 20, 2021
    risk 0.63cvss 9.6epss 0.04

    A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation by the Command Runner tool. An attacker could exploit this vulnerability…

  • CVE-2021-2108CriJan 20, 2021
    risk 0.64cvss 9.8epss 0.04

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise…

  • CVE-2021-2101CriJan 20, 2021
    risk 0.59cvss 9.1epss 0.02

    Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2021-2100CriJan 20, 2021
    risk 0.59cvss 9.1epss 0.02

    Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2021-2075CriJan 20, 2021
    risk 0.64cvss 9.8epss 0.04

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with…

  • CVE-2021-2064CriJan 20, 2021
    risk 0.64cvss 9.8epss 0.04

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise…

  • CVE-2021-2047CriJan 20, 2021
    risk 0.64cvss 9.8epss 0.04

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2021-2029CriJan 20, 2021
    risk 0.64cvss 9.8epss 0.02

    Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to…

  • CVE-2021-1994CriJan 20, 2021
    risk 0.64cvss 9.8epss 0.05

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to…

  • CVE-2020-14756CriJan 20, 2021
    risk 0.70cvss 9.8epss 0.75

    Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with…

  • CVE-2021-3110CriJan 20, 2021
    risk 0.65cvss 9.8epss 0.21

    The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.

  • CVE-2020-35929CriJan 19, 2021
    risk 0.64cvss 9.8epss 0.01

    In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data.

  • CVE-2021-25323CriJan 19, 2021
    risk 0.59cvss 9.1epss 0.01

    The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password.

  • CVE-2020-35129CriJan 19, 2021
    risk 0.59cvss 9.0epss 0.01

    Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could load an externally drafted JavaScript file that would allow them to eventually…

  • CVE-2020-35128CriJan 19, 2021
    risk 0.59cvss 9.0epss 0.02

    Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions…

  • CVE-2021-22851CriJan 19, 2021
    risk 0.64cvss 9.8epss 0.01

    HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (document management page) to obtain database schema and data.

  • CVE-2021-3177CriJan 19, 2021
    risk 0.02cvss 9.8epss 0.23

    Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This…

  • CVE-2021-25294CriJan 18, 2021
    risk 0.65cvss 9.8epss 0.11

    OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. This occurs because lib/DataGrid.php calls unserialize for the parametersactivity:ActivityDataGrid parameter. The PHP object injection exploit chain can leverage an…

  • CVE-2021-21249CriJan 15, 2021
    risk 0.00cvss 9.6epss 0.03

    OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is an issue involving YAML parsing which can lead to post-auth remote code execution. In order to parse and process YAML files, OneDev uses SnakeYaml which by default (when not using…

  • CVE-2021-21248CriJan 15, 2021
    risk 0.00cvss 9.6epss 0.01

    OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability involving the build endpoint parameters. InputSpec is used to define parameters of a Build spec. It does so by using dynamically generated Groovy classes. A user able to…

  • CVE-2021-21247CriJan 15, 2021
    risk 0.63cvss 9.6epss 0.01

    OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the application's BasePage registers an AJAX event listener (`AbstractPostAjaxBehavior`) in all pages other than the login page. This listener decodes and deserializes the `data` query parameter. We can…

  • CVE-2021-21245CriJan 15, 2021
    risk 0.00cvss 10.0epss 0.01

    OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can…

  • CVE-2021-21242CriJan 15, 2021
    risk 0.06cvss 10.0epss 0.74

    OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce…

  • CVE-2021-21244CriJan 15, 2021
    risk 0.00cvss 10.0epss 0.01

    OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server side template injection via Bean validation message tampering. Full details in the reference GHSA. This issue was fixed in 4.0.3 by disabling validation…

  • CVE-2021-21243CriJan 15, 2021
    risk 0.04cvss 10.0epss 0.54

    OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deserialize untrusted data from the request body. These endpoints do not enforce any authentication or authorization checks. This issue may lead to…

  • CVE-2020-24640CriJan 15, 2021
    risk 0.64cvss 9.8epss 0.03

    There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.

  • CVE-2020-24639CriJan 15, 2021
    risk 0.64cvss 9.8epss 0.07

    There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.

  • CVE-2021-0211CriJan 15, 2021
    risk 0.65cvss 10.0epss 0.01

    An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (RPD) service allows an attacker to send a valid BGP FlowSpec message thereby causing an unexpected change in the route advertisements within the BGP…

  • CVE-2020-29495CriJan 14, 2021
    risk 0.65cvss 10.0epss 0.06

    DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying…

  • CVE-2020-29493CriJan 14, 2021
    risk 0.65cvss 10.0epss 0.03

    DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database,…

  • CVE-2020-16045CriJan 14, 2021
    risk 0.62cvss 9.6epss 0.01

    Use after Free in Payments in Google Chrome on Android prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2020-29016CriJan 14, 2021
    risk 0.64cvss 9.8epss 0.03

    A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname.

  • CVE-2020-29015CriJan 14, 2021
    risk 0.64cvss 9.8epss 0.03

    A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL…

  • CVE-2021-23926CriJan 14, 2021
    risk 0.60cvss 9.1epss 0.06

    The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.

  • CVE-2021-20618CriJan 14, 2021
    risk 0.64cvss 9.8epss 0.03

    Privilege chaining vulnerability in acmailer ver. 4.0.2 and earlier, and acmailer DB ver. 1.1.4 and earlier allows remote attackers to bypass authentication and to gain an administrative privilege which may result in obtaining the sensitive information on the server via…

  • CVE-2021-20617CriJan 14, 2021
    risk 0.64cvss 9.8epss 0.08

    Improper access control vulnerability in acmailer ver. 4.0.1 and earlier, and acmailer DB ver. 1.1.3 and earlier allows remote attackers to execute an arbitrary OS command, or gain an administrative privilege which may result in obtaining the sensitive information on the server…

  • CVE-2020-27267CriJan 14, 2021
    risk 0.60cvss 9.1epss 0.05

    KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server…

  • CVE-2020-27265CriJan 14, 2021
    risk 0.65cvss 9.8epss 0.10

    KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server:…

  • CVE-2020-27263CriJan 14, 2021
    risk 0.60cvss 9.1epss 0.05

    KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server:…

  • CVE-2020-9142CriJan 13, 2021
    risk 0.59cvss 9.1epss 0.01

    There is a heap base buffer overflow vulnerability in some Huawei smartphone.Successful exploitation of this vulnerability can cause heap overflow and memory overwriting when the system incorrectly processes the update file.