VYPR

CVEs

31,781 total · page 415 of 636

  • CVE-2020-26085CriJan 7, 2021
    risk 0.65cvss 9.9epss 0.03

    Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more…

  • CVE-2020-36178CriJan 6, 2021
    risk 0.64cvss 9.8epss 0.10

    oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). NOTE:…

  • CVE-2020-36177CriJan 6, 2021
    risk 0.57cvss 9.8epss 0.04

    RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size.

  • CVE-2020-27285CriJan 6, 2021
    risk 0.59cvss 9.1epss 0.01

    The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication.

  • CVE-2012-10001CriJan 6, 2021
    risk 0.64cvss 9.8epss 0.03

    The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote attackers to conduct brute-force authentication attempts.

  • CVE-2020-10658CriJan 6, 2021
    risk 0.64cvss 9.8epss 0.03

    The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteImage API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges.…

  • CVE-2020-10656CriJan 6, 2021
    risk 0.64cvss 9.8epss 0.03

    The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouseWithChunksV2 API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local…

  • CVE-2020-10655CriJan 6, 2021
    risk 0.64cvss 9.8epss 0.03

    The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouse API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator…

  • CVE-2020-26759CriJan 6, 2021
    risk 0.57cvss 9.8epss 0.03

    clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, due to a buffer overflow.

  • CVE-2020-36169CriJan 6, 2021
    risk 0.60cvss 9.3epss 0.00

    An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create…

  • CVE-2020-36168CriJan 6, 2021
    risk 0.60cvss 9.3epss 0.00

    An issue was discovered in Veritas Resiliency Platform 3.4 and 3.5. It leverages OpenSSL on Windows systems when using the Managed Host addon. On start-up, it loads the OpenSSL library. This library may attempt to load the openssl.cnf configuration file, which does not exist. By…

  • CVE-2020-36167CriJan 6, 2021
    risk 0.60cvss 9.3epss 0.00

    An issue was discovered in the server in Veritas Backup Exec through 16.2, 20.6 before hotfix 298543, and 21.1 before hotfix 657517. On start-up, it loads the OpenSSL library from the Installation folder. This library in turn attempts to load the /usr/local/ssl/openssl.cnf…

  • CVE-2020-36166CriJan 6, 2021
    risk 0.60cvss 9.3epss 0.00

    An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation through 6.1 on Windows, Storage Foundation HA through 6.1 on Windows, and InfoScale Operations Manager (aka VIOM) Windows Management Server 7.x through 7.4.2. On start-up, it loads the…

  • CVE-2020-36165CriJan 6, 2021
    risk 0.60cvss 9.3epss 0.00

    An issue was discovered in Veritas Desktop and Laptop Option (DLO) before 9.4. On start-up, it loads the OpenSSL library from /ReleaseX64/ssl. This library attempts to load the /ReleaseX64/ssl/openssl.cnf configuration file, which does not exist. By default, on Windows systems,…

  • CVE-2020-36164CriJan 6, 2021
    risk 0.60cvss 9.3epss 0.00

    An issue was discovered in Veritas Enterprise Vault through 14.0. On start-up, it loads the OpenSSL library. The OpenSSL library then attempts to load the openssl.cnf configuration file (which does not exist) at the following locations in both the System drive (typically C:\)…

  • CVE-2020-36163CriJan 6, 2021
    risk 0.60cvss 9.3epss 0.00

    An issue was discovered in Veritas NetBackup and OpsCenter through 8.3.0.1. NetBackup processes using Strawberry Perl attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create…

  • CVE-2020-36162CriJan 6, 2021
    risk 0.60cvss 9.3epss 0.00

    An issue was discovered in Veritas CloudPoint before 8.3.0.1+hotfix. The CloudPoint Windows Agent leverages OpenSSL. This OpenSSL library attempts to load the \usr\local\ssl\openssl.cnf configuration file, which does not exist. By default, on Windows systems users can create…

  • CVE-2020-36160CriJan 6, 2021
    risk 0.60cvss 9.3epss 0.00

    An issue was discovered in Veritas System Recovery before 21.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the from \usr\local\ssl\openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can…

  • CVE-2020-36052CriJan 5, 2021
    risk 0.64cvss 9.8epss 0.02

    Directory traversal vulnerability in post-edit.php in MiniCMS V1.10 allows remote attackers to include and execute arbitrary files via the state parameter.

  • CVE-2021-3021CriJan 5, 2021
    risk 0.64cvss 9.8epss 0.02

    ISPConfig before 3.2.2 allows SQL injection.

  • CVE-2020-4899CriJan 5, 2021
    risk 0.59cvss 9.1epss 0.01

    IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. IBM X-Force ID: 190990.

  • CVE-2020-26045CriJan 5, 2021
    risk 0.64cvss 9.8epss 0.02

    FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

  • CVE-2021-3018CriJan 5, 2021
    risk 0.68cvss 9.8epss 0.20

    ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an unauthenticated Boolean-based SQL injection via the id parameter on the /cms/print.php page.

  • CVE-2020-29492CriJan 4, 2021
    risk 0.65cvss 10.0epss 0.02

    Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to access the writable file and manipulate the configuration of any target specific station.

  • CVE-2020-29491CriJan 4, 2021
    risk 0.65cvss 10.0epss 0.02

    Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the sensitive information on the local network, leading to the potential compromise…

  • CVE-2020-36157CriJan 4, 2021
    risk 0.58cvss 10.0epss 0.03

    An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that could be supplied during the registration process, an attacker could supply the…

  • CVE-2020-36156CriJan 4, 2021
    risk 0.58cvss 9.9epss 0.02

    An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page could supply the parameter um-role with a value set to any role (e.g.,…

  • CVE-2020-36155CriJan 4, 2021
    risk 0.59cvss 10.0epss 0.09

    An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wp_capabilities user meta that defines a user's role. During…

  • CVE-2020-35219CriJan 4, 2021
    risk 0.64cvss 9.8epss 0.02

    The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to access the admin interface by changing the admin password without authentication via a POST request to Advanced_System_Content.asp with the uiViewTools_username=admin&uiViewTools_Password= and…

  • CVE-2020-36112CriJan 4, 2021
    risk 0.65cvss 9.8epss 0.16

    CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which…

  • CVE-2020-28464CriJan 4, 2021
    risk 0.00cvss 9.8epss 0.03

    This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine.

  • CVE-2021-3007CriJan 4, 2021
    risk 0.06cvss 9.8epss 0.75

    Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend…

  • CVE-2020-35717CriJan 1, 2021
    risk 0.59cvss 9.0epss 0.04

    zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because nodeIntegration in webPreferences is true).

  • CVE-2020-35391CriJan 1, 2021
    risk 0.68cvss 9.6epss 0.35

    Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either…

  • CVE-2020-35951CriJan 1, 2021
    risk 0.70cvss 9.9epss 0.76

    An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their…

  • CVE-2020-35950CriJan 1, 2021
    risk 0.57cvss 9.8epss 0.01

    An issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress. It allows CSRF (via almost any endpoint).

  • CVE-2020-35949CriJan 1, 2021
    risk 0.65cvss 10.0epss 0.05

    An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. If a quiz question could be answered by uploading a file, only the Content-Type…

  • CVE-2020-35948CriJan 1, 2021
    risk 0.62cvss 9.9epss 0.25

    An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xcloner_restore.php…

  • CVE-2020-35945CriJan 1, 2021
    risk 0.65cvss 9.9epss 0.02

    An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file…

  • CVE-2016-20005CriJan 1, 2021
    risk 0.64cvss 9.8epss 0.01

    The REST/JSON project 7.x-1.x for Drupal allows user registration bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.

  • CVE-2016-20004CriJan 1, 2021
    risk 0.64cvss 9.8epss 0.01

    The REST/JSON project 7.x-1.x for Drupal allows field access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.

  • CVE-2016-20002CriJan 1, 2021
    risk 0.64cvss 9.8epss 0.01

    The REST/JSON project 7.x-1.x for Drupal allows comment access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.

  • CVE-2016-20001CriJan 1, 2021
    risk 0.64cvss 9.8epss 0.01

    The REST/JSON project 7.x-1.x for Drupal allows node access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.

  • CVE-2018-19945CriDec 31, 2020
    risk 0.59cvss 9.1epss 0.01

    A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed…

  • CVE-2020-35895CriDec 31, 2020
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in the stack crate before 0.3.1 for Rust. ArrayVec has an out-of-bounds write via element insertion.

  • CVE-2020-35892CriDec 31, 2020
    risk 0.52cvss 9.1epss 0.02

    An issue was discovered in the simple-slab crate before 0.3.3 for Rust. index() allows an out-of-bounds read.

  • CVE-2020-35888CriDec 31, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in the arr crate through 2020-08-25 for Rust. Uninitialized memory is dropped by Array::new_from_template.

  • CVE-2020-35887CriDec 31, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the arr crate through 2020-08-25 for Rust. There is a buffer overflow in Index and IndexMut.

  • CVE-2020-35885CriDec 31, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. StrcCtx performs improper memory deallocation.

  • CVE-2020-35883CriDec 31, 2020
    risk 0.00cvss 9.1epss 0.02

    An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename.