VYPR

CVEs

100,472 total · page 651 of 2,010

  • CVE-2024-40642HigJul 18, 2024
    risk 0.46cvss 8.1epss 0.01

    The netty incubator codec.bhttp is a java language binary http parser. In affected versions the `BinaryHttpParser` class does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can…

  • CVE-2023-50304HigJul 18, 2024
    risk 0.46cvss 7.1epss 0.01

    IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force…

  • CVE-2024-34013HigJul 18, 2024
    risk 0.51cvss 7.8epss 0.01

    Local privilege escalation due to OS command injection vulnerability. The following products are affected: Acronis True Image (macOS) before build 41396, Acronis True Image OEM (macOS) before build 42571.

  • CVE-2024-31143HigJul 18, 2024
    risk 0.49cvss 7.5epss 0.01

    An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X, the setting up of these consecutive vectors needs to happen all in one go. In this handling an error path could be taken in different…

  • CVE-2024-29178HigJul 18, 2024
    risk 0.57cvss 8.8epss 0.01

    On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users…

  • CVE-2024-40898HigJul 18, 2024
    risk 0.42cvss 7.5epss 0.02

    SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue. 

  • CVE-2024-3242HigJul 18, 2024
    risk 0.50cvss 8.8epss 0.01

    The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent function called via storeImages in all versions up to, and including, 2.4.43. This makes it possible for authenticated…

  • CVE-2024-40764HigJul 18, 2024
    risk 0.49cvss 7.5epss 0.01

    Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).

  • CVE-2024-29014HigJul 18, 2024
    risk 0.57cvss 8.8epss 0.02

    Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update.

  • CVE-2024-41011HigJul 18, 2024
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: don't allow mapping the MMIO HDP page with large pages We don't get the right offset in that case. The GPU has an unused 4K area of the register BAR space into which you can remap registers. We…

  • CVE-2024-5726HigJul 18, 2024
    risk 0.50cvss 8.8epss 0.01

    The Timeline Event History plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1 via deserialization of untrusted input 'timelines-data' parameter. This makes it possible for authenticated attackers, with Contributor-level access…

  • CVE-2024-40492HigJul 17, 2024
    risk 0.46cvss 7.1epss 0.01

    Cross Site Scripting vulnerability in Heartbeat Chat v.15.2.1 allows a remote attacker to execute arbitrary code via the setname function.

  • CVE-2024-40119HigJul 17, 2024
    risk 0.57cvss 8.8epss 0.01

    Nepstech Wifi Router xpon (terminal) model NTPL-Xpon1GFEVN v.1.0 Firmware V2.0.1 contains a Cross-Site Request Forgery (CSRF) vulnerability in the password change function, which allows remote attackers to change the admin password without the user's consent, leading to a…

  • CVE-2024-40641HigJul 17, 2024
    risk 0.41cvss 7.4epss 0.00

    Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. In affected versions it a way to execute code template without -code option and signature has been discovered. Some web applications inherit from Nuclei and allow users to edit and execute…

  • CVE-2024-38447HigJul 17, 2024
    risk 0.53cvss 8.1epss 0.00

    NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request for a private draft report (that belongs to an arbitrary user).

  • CVE-2024-20435HigJul 17, 2024
    risk 0.57cvss 8.8epss 0.00

    A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker…

  • CVE-2024-20323HigJul 17, 2024
    risk 0.49cvss 7.5epss 0.00

    A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauthenticated, remote attacker to hijack the TLS connection between Cisco iNode Manager and associated intelligent nodes and send arbitrary traffic to an affected device. This vulnerability is due to…

  • CVE-2024-28993HigJul 17, 2024
    risk 0.49cvss 7.6epss 0.01

    The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.

  • CVE-2024-28992HigJul 17, 2024
    risk 0.50cvss 7.6epss 0.02

    The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.

  • CVE-2024-23474HigJul 17, 2024
    risk 0.50cvss 7.6epss 0.02

    The SolarWinds Access Rights Manager was found to be susceptible to an Arbitrary File Deletion and Information Disclosure vulnerability.

  • CVE-2024-23468HigJul 17, 2024
    risk 0.50cvss 7.6epss 0.03

    The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.

  • CVE-2024-23465HigJul 17, 2024
    risk 0.54cvss 8.3epss 0.02

    The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass vulnerability. This vulnerability allows an unauthenticated user to gain domain admin access within the Active Directory environment.  

  • CVE-2023-7272HigJul 17, 2024
    risk 0.49cvss 8.6epss 0.01

    In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing (e.g. parse, generate, transform and query) JSON documents.

  • CVE-2024-5471HigJul 17, 2024
    risk 0.57cvss 8.8epss 0.02

    Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive keys.

  • CVE-2024-31411HigJul 17, 2024
    risk 0.50cvss 8.8epss 0.01

    Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution (RCE). The unrestricted upload is only possible for authenticated and authorized users. This issue…

  • CVE-2024-36475HigJul 17, 2024
    risk 0.57cvss 8.8epss 0.01

    FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.

  • CVE-2024-39877HigJul 17, 2024
    risk 0.50cvss 8.8epss 0.02

    Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users…

  • CVE-2024-6660HigJul 17, 2024
    risk 0.50cvss 8.8epss 0.01

    The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpress_import_data_continue_process_f…

  • CVE-2024-6467HigJul 17, 2024
    risk 0.50cvss 8.8epss 0.01

    The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpress_save_lite_wizard_settings_func' function.…

  • CVE-2024-6808HigJul 17, 2024
    risk 0.48cvss 7.3epss 0.01

    A vulnerability was found in itsourcecode Simple Task List 1.0. It has been classified as critical. This affects the function insertUserRecord of the file signUp.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack…

  • CVE-2024-3176HigJul 16, 2024
    risk 0.57cvss 8.8epss 0.00

    Out of bounds write in SwiftShader in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-3174HigJul 16, 2024
    risk 0.57cvss 8.8epss 0.00

    Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-3173HigJul 16, 2024
    risk 0.57cvss 8.8epss 0.00

    Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)

  • CVE-2024-3172HigJul 16, 2024
    risk 0.57cvss 8.8epss 0.00

    Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-3171HigJul 16, 2024
    risk 0.57cvss 8.8epss 0.00

    Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

  • CVE-2024-3170HigJul 16, 2024
    risk 0.57cvss 8.8epss 0.00

    Use after free in WebRTC in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-3169HigJul 16, 2024
    risk 0.57cvss 8.8epss 0.00

    Use after free in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-3168HigJul 16, 2024
    risk 0.57cvss 8.8epss 0.00

    Use after free in DevTools in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-21184HigJul 16, 2024
    risk 0.47cvss 7.2epss 0.01

    Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. Supported versions that are affected are 19.3-19.23. Easily exploitable vulnerability allows high privileged attacker having Execute on SYS.XS_DIAG privilege with network access via Oracle…

  • CVE-2024-21183HigJul 16, 2024
    risk 0.49cvss 7.5epss 0.00

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to…

  • CVE-2024-21182HigKEVJul 16, 2024
    risk 0.65cvss 7.5epss 0.50

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to…

  • CVE-2024-21175HigJul 16, 2024
    risk 0.49cvss 7.5epss 0.00

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…

  • CVE-2024-21167HigJul 16, 2024
    risk 0.53cvss 8.1epss 0.00

    Vulnerability in the Oracle Trading Community product of Oracle E-Business Suite (component: Party Search UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise…

  • CVE-2024-21153HigJul 16, 2024
    risk 0.53cvss 8.1epss 0.00

    Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite (component: Quality Management Specs). The supported version that is affected is 12.2.13. Easily exploitable vulnerability allows low privileged attacker with network…

  • CVE-2024-21152HigJul 16, 2024
    risk 0.53cvss 8.1epss 0.00

    Vulnerability in the Oracle Process Manufacturing Financials product of Oracle E-Business Suite (component: Allocation Rules). Supported versions that are affected are 12.2.12-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP…

  • CVE-2024-21149HigJul 16, 2024
    risk 0.53cvss 8.1epss 0.00

    Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite (component: Work Definition Issues). Supported versions that are affected are 12.2.11-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP…

  • CVE-2024-21147HigJul 16, 2024
    risk 0.48cvss 7.4epss 0.01

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK:…

  • CVE-2024-21146HigJul 16, 2024
    risk 0.53cvss 8.1epss 0.00

    Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: GL Accounts). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle…

  • CVE-2024-21141HigJul 16, 2024
    risk 0.53cvss 8.2epss 0.00

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox…

  • CVE-2024-21136HigJul 16, 2024
    risk 0.56cvss 8.6epss 0.02

    Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications (component: Security). Supported versions that are affected are 19.0.5, 20.0.3, 20.0.4, 22.0.0 and 23.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network…