VYPR

CVEs

31,781 total · page 427 of 636

  • CVE-2020-24652CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A addvsiinterfaceinfo expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-24651CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-24650CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A legend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-24649CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.04

    A remote bytemessageresource transformentity" input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-24648CriOct 19, 2020
    risk 0.65cvss 9.8epss 0.11

    A accessmgrservlet classname deserialization of untrusted data remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-24647CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.04

    A remote accessmgrservlet classname input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-24646CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.07

    A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-24629CriOct 19, 2020
    risk 0.64cvss 9.8epss 0.03

    A remote urlaccesscontroller authentication bypass vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

  • CVE-2020-16159CriOct 19, 2020
    risk 0.59cvss 9.1epss 0.02

    GoPro gpmf-parser 1.5 has a heap out-of-bounds read and segfault in GPMF_ScaledData(). Parsing malicious input can result in a crash or information disclosure.

  • CVE-2020-27197CriOct 17, 2020
    risk 0.57cvss 9.8epss 0.02

    TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the no_network setting is used for the XML parser. NOTE: the vendor points out that the parse method…

  • CVE-2020-9918CriOct 16, 2020
    risk 0.64cvss 9.8epss 0.03

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.

  • CVE-2020-9895CriOct 16, 2020
    risk 0.64cvss 9.8epss 0.04

    A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause…

  • CVE-2020-9864CriOct 16, 2020
    risk 0.64cvss 9.8epss 0.02

    A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.

  • CVE-2020-26944CriOct 16, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Aptean Product Configurator 4.61.0000 on Windows. A Time based SQL injection affects the nameTxt parameter on the main login page (aka cse?cmd=LOGIN). This can be exploited directly, and remotely.

  • CVE-2019-19885CriOct 16, 2020
    risk 0.59cvss 9.1epss 0.01

    In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system. A user with knowledge about the routes can read and write configuration data without prior authorization. This affects COM465IP, COM465DP, COM465ID, CP700, CP907, and CP915 devices…

  • CVE-2019-19513CriOct 16, 2020
    risk 0.64cvss 9.8epss 0.03

    The BASSMIDI plugin 2.4.12.1 for Un4seen BASS Audio Library on Windows is prone to an out of bounds write vulnerability. An attacker may exploit this to execute code on the target machine. A failure in exploitation leads to a denial of service.

  • CVE-2020-26943CriOct 16, 2020
    risk 0.65cvss 9.9epss 0.03

    An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used).…

  • CVE-2019-17640CriOct 15, 2020
    risk 0.57cvss 9.8epss 0.02

    In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the…

  • CVE-2020-12504CriOct 15, 2020
    risk 0.64cvss 9.8epss 0.03

    Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3…

  • CVE-2020-12501CriOct 15, 2020
    risk 0.64cvss 9.8epss 0.03

    Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.

  • CVE-2020-12500CriOct 15, 2020
    risk 0.64cvss 9.8epss 0.03

    Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) allows unauthenticated device administration.

  • CVE-2020-4499CriOct 15, 2020
    risk 0.64cvss 9.8epss 0.01

    IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216.

  • CVE-2020-27156CriOct 15, 2020
    risk 0.64cvss 9.8epss 0.02

    Veritas APTARE versions prior to 10.5 did not perform adequate authorization checks. This vulnerability could allow for remote code execution by an unauthenticated user.

  • CVE-2020-6364CriOct 15, 2020
    risk 0.66cvss 10.0epss 0.06

    SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise…

  • CVE-2020-8349CriOct 14, 2020
    risk 0.64cvss 9.8epss 0.02

    An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is…

  • CVE-2020-0376CriOct 14, 2020
    risk 0.59cvss 9.1epss 0.01

    There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163003156

  • CVE-2020-0371CriOct 14, 2020
    risk 0.59cvss 9.1epss 0.01

    There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008256

  • CVE-2020-0367CriOct 14, 2020
    risk 0.59cvss 9.1epss 0.00

    There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980455

  • CVE-2020-0339CriOct 14, 2020
    risk 0.59cvss 9.1epss 0.01

    There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980705

  • CVE-2020-0283CriOct 14, 2020
    risk 0.59cvss 9.1epss 0.01

    There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008257

  • CVE-2020-13957CriOct 13, 2020
    risk 0.63cvss 9.8epss 0.79

    Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to…

  • CVE-2020-17407CriOct 13, 2020
    risk 0.64cvss 9.8epss 0.07

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of authentication headers. The…

  • CVE-2019-17444CriOct 12, 2020
    risk 0.62cvss 9.8epss 0.69

    Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions…

  • CVE-2020-26867CriOct 12, 2020
    risk 0.64cvss 9.8epss 0.04

    ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server.

  • CVE-2020-5135CriKEVOct 12, 2020
    risk 0.78cvss 9.8epss 0.27

    A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv…

  • CVE-2020-26948CriOct 10, 2020
    risk 0.74cvss 9.8epss 0.87

    Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter.

  • CVE-2020-26935CriOct 10, 2020
    risk 0.69cvss 9.8epss 0.67

    An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.

  • CVE-2020-26928CriOct 9, 2020
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.

  • CVE-2020-26927CriOct 9, 2020
    risk 0.61cvss 9.4epss 0.01

    Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before…

  • CVE-2020-26926CriOct 9, 2020
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.

  • CVE-2020-26919CriKEVOct 9, 2020
    risk 0.80cvss 9.8epss 0.57

    NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level.

  • CVE-2020-26908CriOct 9, 2020
    risk 0.61cvss 9.4epss 0.02

    Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6050 before 1.0.1.22, JR6150 before 1.0.1.22, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before…

  • CVE-2020-26907CriOct 9, 2020
    risk 0.63cvss 9.6epss 0.02

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.

  • CVE-2020-26906CriOct 9, 2020
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.

  • CVE-2020-26905CriOct 9, 2020
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.

  • CVE-2020-26904CriOct 9, 2020
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.

  • CVE-2020-26903CriOct 9, 2020
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.

  • CVE-2020-26902CriOct 9, 2020
    risk 0.63cvss 9.6epss 0.02

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

  • CVE-2020-26901CriOct 9, 2020
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

  • CVE-2020-26900CriOct 9, 2020
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.