VYPR

CVEs

31,277 total · page 443 of 626

  • CVE-2020-10827CriMar 26, 2020
    risk 0.65cvss 9.8epss 0.21

    A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request.

  • CVE-2020-10826CriMar 26, 2020
    risk 0.67cvss 9.8epss 0.39

    /cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode.

  • CVE-2020-10825CriMar 26, 2020
    risk 0.64cvss 9.8epss 0.04

    A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3).

  • CVE-2020-10824CriMar 26, 2020
    risk 0.64cvss 9.8epss 0.04

    A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3).

  • CVE-2020-10823CriMar 26, 2020
    risk 0.64cvss 9.8epss 0.04

    A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3).

  • CVE-2020-10245CriMar 26, 2020
    risk 0.64cvss 9.8epss 0.02

    CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.

  • CVE-2020-6815CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.01

    Mozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruption or escalation of privilege and we presume that with enough effort some of these could have been exploited to run arbitrary code. This…

  • CVE-2020-6814CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.02

    Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects…

  • CVE-2020-10964CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.03

    Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.

  • CVE-2020-3789CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.04

    Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-3788CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.04

    Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-3787CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.04

    Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-3786CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.04

    Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-3785CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.04

    Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-3784CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.04

    Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-3783CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.05

    Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a heap corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-3775CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.05

    Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2020-10888CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.02

    This vulnerability allows remote attackers to bypass authentication on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSH port…

  • CVE-2020-10887CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.04

    This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from…

  • CVE-2020-10886CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.06

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tmpServer service, which…

  • CVE-2020-10885CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.07

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses.…

  • CVE-2020-10881CriMar 25, 2020
    risk 0.65cvss 9.8epss 0.11

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A…

  • CVE-2020-3794CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.07

    ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. Successful exploitation could lead to arbitrary code execution of files located in the webroot or its subdirectory.

  • CVE-2020-3807CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.06

    Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-3805CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.08

    Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-3801CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-3799CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.06

    Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code…

  • CVE-2020-3797CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution…

  • CVE-2020-3795CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.04

    Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code…

  • CVE-2020-3793CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-3792CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.05

    Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .

  • CVE-2020-1957CriMar 25, 2020
    risk 0.66cvss 9.8epss 0.24

    Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.

  • CVE-2020-10788CriMar 25, 2020
    risk 0.00cvss 9.1epss 0.02

    openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections.

  • CVE-2020-10789CriMar 25, 2020
    risk 0.00cvss 9.8epss 0.02

    openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php.

  • CVE-2020-5561CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.02

    Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS commands via unspecified vectors.

  • CVE-2020-5560CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.02

    WL-Enq 1.11 and 1.12 allows remote attackers to execute arbitrary OS commands with the administrative privilege via unspecified vectors.

  • CVE-2020-5556CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.02

    Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to execute arbitrary OS commands via unspecified vectors.

  • CVE-2020-5555CriMar 25, 2020
    risk 0.59cvss 9.1epss 0.01

    Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write data of the files placed in the same directory where it is placed via unspecified vector due to the improper input validation issue.

  • CVE-2020-5554CriMar 25, 2020
    risk 0.59cvss 9.1epss 0.02

    Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write arbitrary files via unspecified vectors.

  • CVE-2020-5553CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.02

    mailform version 1.04 allows remote attackers to execute arbitrary PHP code via unspecified vectors.

  • CVE-2020-8986CriMar 24, 2020
    risk 0.64cvss 9.8epss 0.02

    lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of requests.

  • CVE-2020-7007CriMar 24, 2020
    risk 0.64cvss 9.8epss 0.03

    In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service.

  • CVE-2020-6991CriMar 24, 2020
    risk 0.64cvss 9.8epss 0.01

    In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force.

  • CVE-2020-6981CriMar 24, 2020
    risk 0.64cvss 9.8epss 0.02

    In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system without proper authentication.

  • CVE-2020-6072CriMar 24, 2020
    risk 0.64cvss 9.8epss 0.04

    An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to…

  • CVE-2020-6995CriMar 24, 2020
    risk 0.64cvss 9.8epss 0.01

    In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the application utilizes weak password requirements, which may allow an attacker to gain unauthorized access.

  • CVE-2020-6985CriMar 24, 2020
    risk 0.64cvss 9.8epss 0.02

    In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console.

  • CVE-2019-20622CriMar 24, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a baseband stack overflow. The Samsung ID is SVE-2018-13188 (February 2019).

  • CVE-2019-20621CriMar 24, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a baseband heap overflow. The Samsung ID is SVE-2018-13187 (February 2019).

  • CVE-2019-20611CriMar 24, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), Go(8.1), P(9.0), and Go(9.0) (Exynos chipsets) software. A baseband stack overflow leads to arbitrary code execution. The Samsung ID is SVE-2019-13963 (April 2019).