VYPR

CVEs

31,277 total · page 440 of 626

  • CVE-2020-2733CriApr 15, 2020
    risk 0.65cvss 9.8epss 0.19

    Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD…

  • CVE-2020-10511CriApr 15, 2020
    risk 0.64cvss 9.8epss 0.02

    HGiga C&Cmail CCMAILQ before olln-base-6.0-418.i386.rpm and CCMAILN before olln-base-5.0-418.i386.rpm contains insecure configurations. Attackers can exploit these flaws to access unauthorized functionality via a crafted URL.

  • CVE-2020-10507CriApr 15, 2020
    risk 0.64cvss 9.8epss 0.01

    The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload (RCE) , that would allow attackers to gain access in the hosting machine.

  • CVE-2020-10505CriApr 15, 2020
    risk 0.64cvss 9.8epss 0.01

    The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases schema and username/password.

  • CVE-2020-5260CriApr 14, 2020
    risk 0.54cvss 9.3epss 0.10

    Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the…

  • CVE-2020-6195CriApr 14, 2020
    risk 0.64cvss 9.8epss 0.01

    SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. It involves social engineering in order to gain access to system and If password is known, it would give administrative…

  • CVE-2019-10939CriApr 14, 2020
    risk 0.64cvss 9.8epss 0.01

    A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.3), TIM 4R-IE (incl. SIPLUS NET variants) (All…

  • CVE-2020-6238CriApr 14, 2020
    risk 0.61cvss 9.3epss 0.01

    SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. This affects confidentiality and availability (partially) of SAP Commerce.

  • CVE-2020-10383CriApr 14, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated remote code execution in the com_mb24sysapi module.

  • CVE-2019-16879CriApr 14, 2020
    risk 0.64cvss 9.8epss 0.01

    The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has a Missing Authentication for Critical Function (CWE-306) vulnerability. The affected product does not require authentication for TELNET access, which may allow an attacker to…

  • CVE-2020-11673CriApr 13, 2020
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered in the Responsive Poll through 1.3.4 for Wordpress. It allows an unauthenticated user to manipulate polls, e.g., delete, clone, or view a hidden poll. This is due to the usage of the callback wp_ajax_nopriv function in Includes/Total-Soft-Poll-Ajax.php…

  • CVE-2020-11722CriApr 12, 2020
    risk 0.00cvss 9.8epss 0.04

    Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file.

  • CVE-2020-11710CriApr 12, 2020
    risk 0.03cvss 9.8epss 0.34

    An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor argue that this CVE is not a vulnerability because it has an inaccurate bug scope and patch links. “1) Inaccurate Bug…

  • CVE-2020-11708CriApr 12, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in ProVide (formerly zFTPServer) through 13.1. Privilege escalation can occur via the /ajax/SetUserInfo messages parameter because of the EXECUTE() feature, which is for executing programs when certain events are triggered.

  • CVE-2020-11705CriApr 12, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in ProVide (formerly zFTPServer) through 13.1. /ajax/ImportCertificate allows an attacker to load an arbitrary certificate in .pfx format or overwrite arbitrary files via the fileName parameter.

  • CVE-2015-8546CriApr 10, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on Samsung mobile devices with software through 2015-11-12, affecting the Galaxy S6/S6 Edge, Galaxy S6 Edge+, and Galaxy Note5 with the Shannon333 chipset. There is a stack-based buffer overflow in the baseband process that is exploitable for remote code…

  • CVE-2015-5524CriApr 10, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-05-13. There is a buffer overflow in datablock_write because the amount of received data is not validated. The Samsung ID is SVE-2015-4018 (December 2015).

  • CVE-2020-3952CriKEVApr 10, 2020
    risk 0.86cvss 9.8epss 0.90

    Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.

  • CVE-2020-8961CriApr 9, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. The Self-Protection feature does not prohibit a write operation from an external process. Thus, code injection can be used to turn off this feature. After that, one can construct an event that will modify a…

  • CVE-2020-10631CriApr 9, 2020
    risk 0.64cvss 9.8epss 0.01

    An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control.

  • CVE-2020-10625CriApr 9, 2020
    risk 0.64cvss 9.8epss 0.02

    WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account.

  • CVE-2020-10619CriApr 9, 2020
    risk 0.60cvss 9.1epss 0.14

    An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control.

  • CVE-2020-10621CriApr 9, 2020
    risk 0.64cvss 9.8epss 0.02

    Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2).

  • CVE-2020-11656CriApr 9, 2020
    risk 0.64cvss 9.8epss 0.07

    In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

  • CVE-2020-1615CriApr 8, 2020
    risk 0.64cvss 9.8epss 0.02

    The factory configuration for vMX installations, as shipped, includes default credentials for the root account. Without proper modification of these default credentials by the administrator, an attacker could exploit these credentials and access the vMX instance without…

  • CVE-2020-1614CriApr 8, 2020
    risk 0.65cvss 10.0epss 0.01

    A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service (e.g. SSH) on the VNF,…

  • CVE-2020-10980CriApr 8, 2020
    risk 0.64cvss 9.8epss 0.02

    GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration.

  • CVE-2018-21075CriApr 8, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. The Call+ application can load classes from an unintended path, leading to Code Execution. The Samsung ID is SVE-2017-10886 (April 2018).

  • CVE-2018-21072CriApr 8, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) (Exynos chipsets) software. A kernel driver allows out-of-bounds Read/Write operations and possibly arbitrary code execution. The Samsung ID is SVE-2018-11358 (May 2018).

  • CVE-2018-21066CriApr 8, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on Samsung mobile devices with M(6.0) (Exynos or MediaTek chipsets) software. There is a buffer overflow in a Trustlet that can cause memory corruption. The Samsung ID is SVE-2018-11599 (July 2018).

  • CVE-2018-21065CriApr 8, 2020
    risk 0.64cvss 9.8epss 0.00

    An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is an integer underflow in eCryptFS because of a missing size check. The Samsung ID is SVE-2017-11855 (August 2018).

  • CVE-2018-21064CriApr 8, 2020
    risk 0.64cvss 9.8epss 0.00

    An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is an array overflow in a driver's input booster. The Samsung ID is SVE-2017-11816 (August 2018).

  • CVE-2018-21063CriApr 8, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) (Exynos chipsets) software. Keymaster has an architectural problem because tlApi in TEE is not properly protected. The Samsung ID is SVE-2018-11792 (August 2018).

  • CVE-2018-21058CriApr 8, 2020
    risk 0.64cvss 9.8epss 0.00

    An issue was discovered on Samsung mobile devices with N(7.0), O(8.0) (exynos7420 or Exynos 8890/8996 chipsets) software. Cache attacks can occur against the Keymaster AES-GCM implementation because T-Tables are used; the Cryptography Extension (CE) is not used. The Samsung ID…

  • CVE-2018-21057CriApr 8, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on Samsung mobile devices with N(7.x) O(8.x, and P(9.0) (Exynos chipsets) software. There is a stack-based buffer overflow in the Shannon Baseband. The Samsung ID is SVE-2018-12757 (September 2018).

  • CVE-2018-21055CriApr 8, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on Samsung mobile devices with N(7.0) (Qualcomm models using MSM8996 chipsets) software. A device can be rooted with a custom image to execute arbitrary scripts in the INIT context. The Samsung ID is SVE-2018-11940 (September 2018).

  • CVE-2018-21054CriApr 8, 2020
    risk 0.64cvss 9.8epss 0.00

    An issue was discovered on Samsung mobile devices with M(6.0), N(7.x) and O(8.x) except exynos9610/9820 in all Platforms, M(6.0) except MSM8909 SC77xx/9830 exynos3470/5420, N(7.0) except MSM8939, N(7.1) except MSM8996 SDM6xx/M6737T software. There is an integer underflow with a…

  • CVE-2018-21052CriApr 8, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is incorrect usage of shared memory in the vaultkeeper Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12855 (October 2018).

  • CVE-2018-21051CriApr 8, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is an invalid free in the fingerprint Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12853 (October 2018).

  • CVE-2018-21050CriApr 8, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is a Buffer overflow in the esecomm Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12852 (October 2018).

  • CVE-2018-21049CriApr 8, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is an arbitrary memory write in a Trustlet because a secure driver allows access to sensitive APIs. The Samsung ID is SVE-2018-12881 (November 2018).

  • CVE-2018-21044CriApr 8, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) software. The sem Trustlet has a buffer overflow that leads to arbitrary TEE code execution. The Samsung IDs are SVE-2018-13230, SVE-2018-13231, SVE-2018-13232, SVE-2018-13233 (December 2018).

  • CVE-2018-21042CriApr 8, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Dual Messenger allows installation of an arbitrary APK with resultant privileged code execution. The Samsung ID is SVE-2018-13299 (December 2018).

  • CVE-2018-21038CriApr 8, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on Samsung mobile devices with N(7.x) software. The Secure Folder app's startup logic allows authentication bypass. The Samsung ID is SVE-2018-11628 (December 2018).

  • CVE-2020-11604CriApr 8, 2020
    risk 0.59cvss 9.1epss 0.00

    An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (incorporating TEEGRIS) software. There is an Out-of-bounds read in the MLDAP Trustlet. The Samsung ID is SVE-2019-16565 (April 2020).

  • CVE-2020-11603CriApr 8, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (incorporating TEEGRIS) software. Type confusion in the MLDAP Trustlet allows arbitrary code execution. The Samsung ID is SVE-2020-16599 (April 2020).

  • CVE-2020-11600CriApr 8, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on Samsung mobile devices with Q(10.0) software. There is arbitrary code execution in the Fingerprint Trustlet via a memory overwrite. The Samsung IDs are SVE-2019-16587, SVE-2019-16588, SVE-2019-16589 (April 2020).

  • CVE-2018-21087CriApr 8, 2020
    risk 0.64cvss 9.8epss 0.00

    An issue was discovered on Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software. There is a vnswap heap-based buffer overflow via the store function, with resultant privilege escalation. The Samsung ID is SVE-2017-10599 (January 2018).

  • CVE-2018-21081CriApr 8, 2020
    risk 0.59cvss 9.1epss 0.00

    An issue was discovered on Samsung mobile devices with N(7.x) software. In Dual Messenger, the second app can use the runtime permissions of the first app without a user's consent. The Samsung ID is SVE-2017-11018 (March 2018).

  • CVE-2018-21090CriApr 8, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on Samsung mobile devices with software through 2017-11-03 (S.LSI modem chipsets). The Exynos modem chipset has a baseband buffer overflow. The Samsung ID is SVE-2017-10745 (January 2018).