VYPR

CVEs

31,781 total · page 426 of 636

  • CVE-2020-9868CriOct 22, 2020
    risk 0.59cvss 9.1epss 0.01

    A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An attacker may have been…

  • CVE-2020-15906CriOct 22, 2020
    risk 0.66cvss 9.8epss 0.27

    tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts.

  • CVE-2020-27195CriOct 22, 2020
    risk 0.00cvss 9.1epss 0.01

    HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6

  • CVE-2020-27619CriOct 22, 2020
    risk 0.01cvss 9.8epss 0.08

    In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.

  • CVE-2020-27615CriOct 21, 2020
    risk 0.71cvss 9.8epss 0.54

    The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip.

  • CVE-2020-7750CriOct 21, 2020
    risk 0.59cvss 9.6epss 0.06

    This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the _transformMeasurements function.

  • CVE-2020-27605CriOct 21, 2020
    risk 0.64cvss 9.8epss 0.01

    BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a "schwache Sandbox."

  • CVE-2020-14882CriKEVOct 21, 2020
    risk 0.87cvss 9.8epss 1.00

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with…

  • CVE-2020-14876CriOct 21, 2020
    risk 0.59cvss 9.1epss 0.03

    Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2020-14875CriOct 21, 2020
    risk 0.59cvss 9.1epss 0.02

    Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2020-14871CriKEVOct 21, 2020
    risk 0.86cvss 10.0epss 0.80

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to…

  • CVE-2020-14859CriOct 21, 2020
    risk 0.64cvss 9.8epss 0.04

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with…

  • CVE-2020-14855CriOct 21, 2020
    risk 0.64cvss 9.8epss 0.02

    Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Administration). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to…

  • CVE-2020-14841CriOct 21, 2020
    risk 0.68cvss 9.8epss 0.52

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with…

  • CVE-2020-14825CriOct 21, 2020
    risk 0.66cvss 9.8epss 0.30

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to…

  • CVE-2020-14805CriOct 21, 2020
    risk 0.59cvss 9.1epss 0.02

    Vulnerability in the Oracle E-Business Suite Secure Enterprise Search product of Oracle E-Business Suite (component: Search Integration Engine). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker…

  • CVE-2020-3992CriKEVOct 20, 2020
    risk 0.88cvss 9.8epss 0.83

    OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to…

  • CVE-2020-5640CriOct 20, 2020
    risk 0.64cvss 9.8epss 0.02

    Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors.

  • CVE-2020-7172CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A templateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7171CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A guidatadetail expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7170CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7169CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7168CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A selectusergroup expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7167CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A quicktemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7166CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A operatorgrouptreeselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7165CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A iccselectcommand expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7164CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A operationselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7163CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A navigationto expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7162CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A operatorgroupselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7161CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A reporttaskselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7160CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A iccselectdeviceseries expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7159CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A customtemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7158CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A perfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7157CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A selviewnavcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7156CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A faultinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7155CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7154CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A ifviewselectpage expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7153CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A iccselectdevtype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7152CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A faultparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7151CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A faulttrapgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7150CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A faultstatchoosefaulttype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7149CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7148CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A deployselectsoftware expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7147CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7146CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A devgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7145CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A chooseperfview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7144CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A comparefilesresult expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7143CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A faultdevparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7142CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A eventinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-7141CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).