VYPR

CVEs

31,277 total · page 435 of 626

  • CVE-2020-12258CriMay 18, 2020
    risk 0.59cvss 9.1epss 0.02

    rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. The application can reuse a session via PHPSESSID. Also, an attacker can exploit this vulnerability in conjunction with CVE-2020-12256 or CVE-2020-12259.

  • CVE-2020-12856CriMay 18, 2020
    risk 0.64cvss 9.8epss 0.05

    OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote attackers to conduct long-term re-identification attacks and possibly have unspecified other impact, because of how Bluetooth is used.

  • CVE-2019-20800CriMay 18, 2020
    risk 0.64cvss 9.8epss 0.02

    In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair in handler_cgi.c by sending many request headers, as demonstrated by a GET request with many "Host: 127.0.0.1" headers.

  • CVE-2020-13126CriMay 17, 2020
    risk 0.65cvss 9.9epss 0.09

    An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free…

  • CVE-2020-13118CriMay 16, 2020
    risk 0.67cvss 9.8epss 0.04

    An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22. SQL Injection exists in check_community.php via the parameter community.

  • CVE-2020-13109CriMay 16, 2020
    risk 0.64cvss 9.8epss 0.05

    Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remote attackers to execute arbitrary code via crafted packet data to the built-in modem because 0x800b3e94 (aka the IF subcommand to top-level command 7) has a stack-based buffer overflow.

  • CVE-2020-8149CriMay 15, 2020
    risk 0.57cvss 9.8epss 0.02

    Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1.

  • CVE-2020-13092CriMay 15, 2020
    risk 0.64cvss 9.8epss 0.03

    scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the joblib.load() function is documented as…

  • CVE-2020-13091CriMay 15, 2020
    risk 0.64cvss 9.8epss 0.03

    pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the read_pickle() function is documented as unsafe and it is the…

  • CVE-2020-12889CriMay 15, 2020
    risk 0.57cvss 9.8epss 0.01

    MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case.

  • CVE-2020-12651CriMay 15, 2020
    risk 0.64cvss 9.8epss 0.07

    SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INT_MAX.

  • CVE-2019-18666CriMay 15, 2020
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerability, the impact depends on the firmware version. Versions 609EU through…

  • CVE-2020-12834CriMay 15, 2020
    risk 0.65cvss 9.8epss 0.11

    eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during…

  • CVE-2020-8100CriMay 15, 2020
    risk 0.59cvss 9.0epss 0.01

    Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample. This issue affects: Bitdefender Bitdefender Engines versions prior to 7.84063.

  • CVE-2020-10620CriMay 14, 2020
    risk 0.64cvss 9.8epss 0.01

    Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credentials. This allows an attacker with network access to directly communicate with SoftPAC, including, for example, stopping the service remotely.

  • CVE-2020-10612CriMay 14, 2020
    risk 0.59cvss 9.1epss 0.01

    Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC…

  • CVE-2020-0221CriMay 14, 2020
    risk 0.64cvss 9.8epss 0.00

    Airbrush FW's scratch memory allocator is susceptible to numeric overflow. When the overflow occurs, the next allocation could potentially return a pointer within the previous allocation's memory, which could lead to improper memory access.Product: AndroidVersions: Android…

  • CVE-2020-0103CriMay 14, 2020
    risk 0.64cvss 9.8epss 0.02

    In a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc, there is a possible invalid free due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-12874CriMay 14, 2020
    risk 0.64cvss 9.8epss 0.01

    Veritas APTARE versions prior to 10.4 included code that bypassed the normal login process when specific authentication credentials were provided to the server.

  • CVE-2020-11973CriMay 14, 2020
    risk 0.64cvss 9.8epss 0.07

    Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

  • CVE-2020-11972CriMay 14, 2020
    risk 0.64cvss 9.8epss 0.06

    Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

  • CVE-2019-17562CriMay 14, 2020
    risk 0.57cvss 9.8epss 0.03

    A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell…

  • CVE-2019-13022CriMay 14, 2020
    risk 0.64cvss 9.8epss 0.01

    Bond JetSelect (all versions) has an issue in the Java class (ENCtool.jar) and corresponding password generation algorithm (used to set initial passwords upon first installation). It XORs the plaintext into the 'encrypted' password that is then stored within the database. These…

  • CVE-2020-2018CriMay 13, 2020
    risk 0.59cvss 9.0epss 0.01

    An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to gain privileged access to managed firewalls. An attacker requires some knowledge of managed firewalls to exploit this…

  • CVE-2020-12832CriMay 13, 2020
    risk 0.64cvss 9.8epss 0.07

    WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input.

  • CVE-2020-9502CriMay 13, 2020
    risk 0.64cvss 9.8epss 0.02

    Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device.

  • CVE-2020-7454CriMay 13, 2020
    risk 0.64cvss 9.8epss 0.03

    In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-STABLE before r360971, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, libalias does not properly validate packet length resulting in modules causing an out of bounds read/write condition if no checking was…

  • CVE-2019-15880CriMay 13, 2020
    risk 0.64cvss 9.8epss 0.02

    In FreeBSD 12.1-STABLE before r356911, and 12.1-RELEASE before p5, insufficient checking in the cryptodev module allocated the size of a kernel buffer based on a user-supplied length allowing an unprivileged process to trigger a kernel panic.

  • CVE-2020-12763CriMay 13, 2020
    risk 0.64cvss 9.8epss 0.03

    TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable to an unauthenticated stack-based buffer overflow in handling RTSP packets. This may result in remote code execution or denial of service. The issue is in the binary rtspd (in /sbin) when parsing a long…

  • CVE-2020-10654CriMay 13, 2020
    risk 0.64cvss 9.8epss 0.03

    Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint.

  • CVE-2020-11057CriMay 12, 2020
    risk 0.65cvss 9.9epss 0.02

    In XWiki Platform 7.2 through 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards. This has been fixed 11.3.7 , 11.10.3 and 12.0.

  • CVE-2020-6242CriMay 12, 2020
    risk 0.64cvss 9.8epss 0.01

    SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate,…

  • CVE-2020-12823CriMay 12, 2020
    risk 0.64cvss 9.8epss 0.05

    OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.

  • CVE-2020-1939CriMay 12, 2020
    risk 0.64cvss 9.8epss 0.03

    The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components and example programs. One of these, ftpd, had a NULL pointer dereference bug. The NuttX RTOS itself is not affected. Users of the optional apps…

  • CVE-2020-8159CriMay 12, 2020
    risk 0.57cvss 9.8epss 0.05

    There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view.

  • CVE-2020-10022CriMay 11, 2020
    risk 0.52cvss 9.0epss 0.02

    A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr…

  • CVE-2018-1285CriMay 11, 2020
    risk 0.68cvss 9.8epss 0.50

    Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.

  • CVE-2020-12753CriMay 11, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbitrary code execution can occur via the bootloader because of an EL1/EL3 coldboot vulnerability involving raw_resources. The LG ID is LVE-SMP-200006 (May 2020).

  • CVE-2020-12747CriMay 11, 2020
    risk 0.64cvss 9.8epss 0.00

    An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos980 9630 and Exynos990 9830 chipsets) software. The Bootloader has a heap-based buffer overflow because of the mishandling of specific commands. The Samsung IDs are SVE-2020-16981, SVE-2020-16991 (May 2020).

  • CVE-2020-12746CriMay 11, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) (Exynos chipsets) software. Attackers can bypass the Secure Bootloader protection mechanism via a heap-based buffer overflow to execute arbitrary code. The Samsung ID is SVE-2020-16712 (May 2020).

  • CVE-2020-12743CriMay 11, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Gazie 7.32. A successful installation does not remove or block (or in any other way prevent use of) its own file /setup/install/setup.php, meaning that anyone can request it without authentication. This file allows arbitrary PHP file inclusion via a…

  • CVE-2020-12766CriMay 9, 2020
    risk 0.64cvss 9.8epss 0.01

    Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via the exemplaryStatusId parameter.

  • CVE-2020-12761CriMay 9, 2020
    risk 0.59cvss 9.1epss 0.02

    modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map.

  • CVE-2020-12637CriMay 9, 2020
    risk 0.64cvss 9.8epss 0.01

    Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation because all validation was inadvertently disabled during an attempt to recognize the ignoreCerts option.

  • CVE-2020-11532CriMay 8, 2020
    risk 0.73cvss 9.8epss 0.77

    Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user.

  • CVE-2020-11530CriMay 8, 2020
    risk 0.74cvss 9.8epss 0.96

    A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.

  • CVE-2020-11006CriMay 8, 2020
    risk 0.00cvss 9.1epss 0.01

    In Shopizer before version 2.11.0, a script can be injected in various forms and saved in the database, then executed when information is fetched from backend. This has been patched in version 2.11.0.

  • CVE-2020-12740CriMay 8, 2020
    risk 0.59cvss 9.1epss 0.02

    tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c.

  • CVE-2020-12022CriMay 8, 2020
    risk 0.64cvss 9.8epss 0.02

    Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed.

  • CVE-2020-12006CriMay 8, 2020
    risk 0.64cvss 9.8epss 0.04

    Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control.