VYPR

CVEs

31,277 total · page 434 of 626

  • CVE-2020-8606CriMay 27, 2020
    risk 0.73cvss 9.8epss 0.73

    A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance.

  • CVE-2020-11059CriMay 27, 2020
    risk 0.55cvss 9.6epss 0.01

    In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1.

  • CVE-2020-6774CriMay 27, 2020
    risk 0.60cvss 9.3epss 0.00

    Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system.

  • CVE-2020-6831CriMay 26, 2020
    risk 0.64cvss 9.8epss 0.06

    A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

  • CVE-2020-12390CriMay 26, 2020
    risk 0.64cvss 9.8epss 0.02

    Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox < 76.

  • CVE-2020-12389CriMay 26, 2020
    risk 0.65cvss 10.0epss 0.02

    The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76.

  • CVE-2020-12388CriMay 26, 2020
    risk 0.65cvss 10.0epss 0.03

    The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76.

  • CVE-2020-12396CriMay 26, 2020
    risk 0.64cvss 9.8epss 0.02

    Mozilla developers and community members reported memory safety bugs present in Firefox 75. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects…

  • CVE-2020-12395CriMay 26, 2020
    risk 0.64cvss 9.8epss 0.02

    Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This…

  • CVE-2020-8171CriMay 26, 2020
    risk 0.64cvss 9.8epss 0.04

    We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:There are certain end-points containing functionalities that…

  • CVE-2020-13485CriMay 25, 2020
    risk 0.59cvss 9.1epss 0.01

    The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.

  • CVE-2020-13442CriMay 25, 2020
    risk 0.64cvss 9.8epss 0.03

    A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. An attacker can upload a PHP file via dext5handler.jsp handler because the uploaded file is stored under dext5uploadeddata/.

  • CVE-2020-5537CriMay 25, 2020
    risk 0.64cvss 9.8epss 0.03

    Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors.

  • CVE-2020-13433CriMay 24, 2020
    risk 0.00cvss 9.8epss 0.01

    Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php hidden parameter.

  • CVE-2020-13417CriMay 22, 2020
    risk 0.64cvss 9.8epss 0.02

    An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters.

  • CVE-2020-13394CriMay 22, 2020
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server --…

  • CVE-2020-13393CriMay 22, 2020
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server --…

  • CVE-2020-13392CriMay 22, 2020
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server --…

  • CVE-2020-13391CriMay 22, 2020
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server --…

  • CVE-2020-13390CriMay 22, 2020
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server --…

  • CVE-2020-13389CriMay 22, 2020
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server --…

  • CVE-2020-13388CriMay 22, 2020
    risk 0.64cvss 9.8epss 0.04

    An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because…

  • CVE-2020-6091CriMay 22, 2020
    risk 0.59cvss 9.1epss 0.02

    An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An…

  • CVE-2020-3280CriMay 22, 2020
    risk 0.64cvss 9.8epss 0.07

    A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to insecure deserialization of user-supplied…

  • CVE-2020-1112CriMay 21, 2020
    risk 0.65cvss 9.9epss 0.04

    An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.

  • CVE-2020-0901CriMay 21, 2020
    risk 0.65cvss 9.8epss 0.12

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.

  • CVE-2018-21234CriMay 21, 2020
    risk 0.57cvss 9.8epss 0.08

    Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set.

  • CVE-2020-12828CriMay 21, 2020
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VPN SDK service takes certain executable locations over a socket bound to localhost. Binding to the socket and providing a path where a malicious executable file resides leads to executing the malicious…

  • CVE-2020-13112CriMay 21, 2020
    risk 0.00cvss 9.1epss 0.03

    An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.

  • CVE-2020-9045CriMay 21, 2020
    risk 0.64cvss 9.9epss 0.01

    During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation.

  • CVE-2020-6471CriMay 21, 2020
    risk 0.63cvss 9.6epss 0.01

    Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

  • CVE-2020-6469CriMay 21, 2020
    risk 0.62cvss 9.6epss 0.01

    Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

  • CVE-2020-6466CriMay 21, 2020
    risk 0.63cvss 9.6epss 0.02

    Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2020-6465CriMay 21, 2020
    risk 0.63cvss 9.6epss 0.02

    Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2020-6462CriMay 21, 2020
    risk 0.63cvss 9.6epss 0.01

    Use after free in task scheduling in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2020-6461CriMay 21, 2020
    risk 0.62cvss 9.6epss 0.01

    Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2020-6457CriMay 21, 2020
    risk 0.62cvss 9.6epss 0.01

    Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

  • CVE-2020-1955CriMay 20, 2020
    risk 0.64cvss 9.8epss 0.02

    CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. It was meant as an extension to the long standing setting `require_valid_user`, which in turn requires that any and…

  • CVE-2020-11716CriMay 20, 2020
    risk 0.64cvss 9.8epss 0.01

    Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices through 2020-04-10 have Insecure Permissions. NOTE: the vendor states that all affected products are at "End-of-software-support."

  • CVE-2020-9409CriMay 20, 2020
    risk 0.64cvss 9.8epss 0.03

    The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the…

  • CVE-2020-12835CriMay 20, 2020
    risk 0.65cvss 9.8epss 0.12

    An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to unsafe use of an Java RMI based protocol in an unsafe configuration, an attacker can inject malicious serialized objects into the communication, resulting in remote code execution in the context of a…

  • CVE-2020-13226CriMay 20, 2020
    risk 0.64cvss 9.8epss 0.02

    WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet.

  • CVE-2019-5997CriMay 20, 2020
    risk 0.64cvss 9.8epss 0.02

    Video Insight VMS versions prior to 7.6.1 allow remote attackers to conduct code injection attacks via unspecified vectors.

  • CVE-2020-9753CriMay 20, 2020
    risk 0.59cvss 9.1epss 0.01

    Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer.

  • CVE-2020-13167CriMay 19, 2020
    risk 0.74cvss 9.8epss 0.95

    Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters.

  • CVE-2020-13166CriMay 19, 2020
    risk 0.73cvss 9.8epss 0.78

    The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code.

  • CVE-2020-11715CriMay 19, 2020
    risk 0.64cvss 9.8epss 0.01

    Panasonic P99 devices through 2020-04-10 have Incorrect Access Control. NOTE: the vendor states that all affected products are at "End-of-software-support."

  • CVE-2020-8434CriMay 19, 2020
    risk 0.64cvss 9.8epss 0.01

    Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. There is a hard-coded password to supply a PBKDF feeding into AES to encrypt a…

  • CVE-2020-1897CriMay 18, 2020
    risk 0.64cvss 9.8epss 0.01

    A use-after-free is possible due to an error in lifetime management in the request adaptor when a malicious client invokes request error handling in a specific sequence. This issue affects versions of proxygen prior to v2020.05.18.00.

  • CVE-2019-7247CriMay 18, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in AODDriver2.sys in AMD OverDrive. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x81112ee0 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of…