VYPR

CVEs

31,781 total · page 429 of 636

  • CVE-2020-21524CriSep 30, 2020
    risk 0.59cvss 9.1epss 0.02

    There is a XML external entity (XXE) vulnerability in halo v1.1.3, The function of importing other blogs in the background(/api/admin/migrations/wordpress) needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read…

  • CVE-2020-21523CriSep 30, 2020
    risk 0.64cvss 9.8epss 0.03

    A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be edited. This is the Freemarker template file. This file can cause arbitrary code execution when it is rendered in the background. exp: <#assign…

  • CVE-2020-21522CriSep 30, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system.

  • CVE-2020-20800CriSep 30, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the install/index.php?action=adminsetup&cndata=yes&endata=yes&showdata=yes URI.

  • CVE-2020-19672CriSep 30, 2020
    risk 0.64cvss 9.8epss 0.01

    Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file, getshell.

  • CVE-2020-15487CriSep 30, 2020
    risk 0.64cvss 9.8epss 0.04

    Re:Desk 2.3 contains a blind unauthenticated SQL injection vulnerability in the getBaseCriteria() function in the protected/models/Ticket.php file. By modifying the folder GET parameter, it is possible to execute arbitrary SQL statements via a crafted URL. Unauthenticated remote…

  • CVE-2018-5353CriSep 30, 2020
    risk 0.65cvss 9.8epss 0.11

    The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable…

  • CVE-2020-12506CriSep 30, 2020
    risk 0.59cvss 9.1epss 0.01

    Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO…

  • CVE-2020-15206CriSep 25, 2020
    risk 0.52cvss 9.0epss 0.01

    In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products…

  • CVE-2020-15205CriSep 25, 2020
    risk 0.52cvss 9.0epss 0.01

    In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all…

  • CVE-2020-15202CriSep 25, 2020
    risk 0.52cvss 9.0epss 0.01

    In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. However, there are several places in TensorFlow where a lambda taking `int` or `int32`…

  • CVE-2020-25147CriSep 25, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via username[0] to the default URI, because…

  • CVE-2020-25132CriSep 25, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending the improper variable type Array allows a bypass…

  • CVE-2020-15374CriSep 25, 2020
    risk 0.64cvss 9.8epss 0.01

    Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input.

  • CVE-2020-15373CriSep 25, 2020
    risk 0.64cvss 9.8epss 0.02

    Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks.

  • CVE-2020-15371CriSep 25, 2020
    risk 0.64cvss 9.8epss 0.01

    Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability.

  • CVE-2019-16211CriSep 25, 2020
    risk 0.64cvss 9.8epss 0.01

    Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability.

  • CVE-2020-13995CriSep 25, 2020
    risk 0.64cvss 9.8epss 0.03

    U.S. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution. An overflow in a global variable (sBuffer) leads to a Write-What-Where outcome. Writing beyond sBuffer will clobber most global variables until reaching a pointer such as…

  • CVE-2020-15394CriSep 25, 2020
    risk 0.64cvss 9.8epss 0.08

    The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution.

  • CVE-2020-26108CriSep 25, 2020
    risk 0.64cvss 9.8epss 0.02

    cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488).

  • CVE-2020-26105CriSep 25, 2020
    risk 0.64cvss 9.8epss 0.01

    In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554).

  • CVE-2020-26101CriSep 25, 2020
    risk 0.64cvss 9.8epss 0.01

    In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549).

  • CVE-2020-26100CriSep 25, 2020
    risk 0.64cvss 9.8epss 0.02

    chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497).

  • CVE-2020-26098CriSep 25, 2020
    risk 0.64cvss 9.8epss 0.03

    cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485).

  • CVE-2020-25749CriSep 25, 2020
    risk 0.64cvss 9.8epss 0.03

    The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static…

  • CVE-2020-25747CriSep 25, 2020
    risk 0.61cvss 9.4epss 0.02

    The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus, the attacker can watch live streams from the camera, rotate the camera, change…

  • CVE-2020-25223CriKEVSep 25, 2020
    risk 0.86cvss 9.8epss 0.97

    A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11

  • CVE-2020-24594CriSep 25, 2020
    risk 0.63cvss 9.6epss 0.02

    Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session.

  • CVE-2020-11805CriSep 25, 2020
    risk 0.64cvss 9.8epss 0.01

    Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN.

  • CVE-2020-15160CriSep 24, 2020
    risk 0.61cvss 9.8epss 0.11

    PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. The problem is fixed in 1.7.6.8

  • CVE-2020-15851CriSep 24, 2020
    risk 0.64cvss 9.8epss 0.02

    Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows remote users to access unencrypted backup repositories and the Nakivo Controller configuration via a network accessible transporter service. It is also possible to create or delete…

  • CVE-2020-12843CriSep 24, 2020
    risk 0.64cvss 9.8epss 0.01

    ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. The magic bytes for WAV must be used.

  • CVE-2020-12842CriSep 24, 2020
    risk 0.64cvss 9.8epss 0.02

    ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php.

  • CVE-2020-12839CriSep 24, 2020
    risk 0.64cvss 9.8epss 0.02

    ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php.

  • CVE-2020-12838CriSep 24, 2020
    risk 0.64cvss 9.8epss 0.02

    ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.php.

  • CVE-2020-13505CriSep 24, 2020
    risk 0.64cvss 9.8epss 0.01

    Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.

  • CVE-2020-13504CriSep 24, 2020
    risk 0.64cvss 9.8epss 0.01

    Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.

  • CVE-2020-13501CriSep 24, 2020
    risk 0.64cvss 9.8epss 0.03

    An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstanceName in CHaD.asmx is vulnerable…

  • CVE-2020-13500CriSep 24, 2020
    risk 0.64cvss 9.8epss 0.03

    SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter ClassName in CHaD.asmx is vulnerable to…

  • CVE-2020-13499CriSep 24, 2020
    risk 0.64cvss 9.8epss 0.03

    An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstancePath in CHaD.asmx is vulnerable…

  • CVE-2020-16147CriSep 24, 2020
    risk 0.64cvss 9.8epss 0.02

    The login page in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via Unauthenticated code injection over the network.

  • CVE-2015-4719CriSep 24, 2020
    risk 0.64cvss 9.8epss 0.01

    The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request.

  • CVE-2020-2279CriSep 23, 2020
    risk 0.58cvss 9.9epss 0.02

    A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.

  • CVE-2020-24626CriSep 23, 2020
    risk 0.64cvss 9.8epss 0.03

    Unathenticated directory traversal in the ReceiverServlet class doPost() method can lead to arbitrary remote code execution in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.

  • CVE-2019-16028CriSep 23, 2020
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due…

  • CVE-2020-11856CriSep 22, 2020
    risk 0.64cvss 9.8epss 0.05

    Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of OBR.

  • CVE-2020-11857CriSep 22, 2020
    risk 0.68cvss 9.8epss 0.16

    An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user

  • CVE-2020-6573CriSep 21, 2020
    risk 0.63cvss 9.6epss 0.02

    Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2020-15963CriSep 21, 2020
    risk 0.63cvss 9.6epss 0.01

    Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

  • CVE-2020-15961CriSep 21, 2020
    risk 0.63cvss 9.6epss 0.01

    Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.