VYPR

CVEs

100,082 total · page 681 of 2,002

  • CVE-2024-34060HigMay 23, 2024
    risk 0.50cvss 8.8epss 0.01

    IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The `iris-evtx-module` is a pipeline plugin of `iris-web` that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the…

  • CVE-2024-26139HigMay 23, 2024
    risk 0.54cvss 8.3epss 0.00

    OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges can gain administrative…

  • CVE-2024-4779HigMay 23, 2024
    risk 0.50cvss 8.8epss 0.00

    The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to SQL Injection via the ‘data[post_ids][0]’ parameter in all versions up to, and including, 1.5.107 due to insufficient escaping on the user supplied parameter and lack…

  • CVE-2024-35186HigMay 23, 2024
    risk 0.50cvss 8.8epss 0.01

    gitoxide is a pure Rust implementation of Git. During checkout, `gix-worktree-state` does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads…

  • CVE-2024-30280HigMay 23, 2024
    risk 0.51cvss 7.8epss 0.07

    Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute…

  • CVE-2024-30279HigMay 23, 2024
    risk 0.51cvss 7.8epss 0.06

    Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2024-4835HigMay 23, 2024
    risk 0.52cvss 8.0epss 0.01

    A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information.

  • CVE-2024-36012HigMay 23, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: msft: fix slab-use-after-free in msft_do_close() Tying the msft->data lifetime to hdev by freeing it in hci_release_dev() to fix the following case: [use] msft_do_close() msft = hdev->msft_data; …

  • CVE-2024-2038HigMay 23, 2024
    risk 0.49cvss 7.5epss 0.00

    The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This…

  • CVE-2024-4388HigMay 23, 2024
    risk 0.49cvss 7.5epss 0.01

    This does not validate a path generated with user input when downloading files, allowing unauthenticated user to download arbitrary files from the server

  • CVE-2024-4347HigMay 23, 2024
    risk 0.47cvss 7.2epss 0.01

    The WP Fastest Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.6 via the specificDeleteCache function. This makes it possible for authenticated attackers to delete arbitrary files on the server, which can include…

  • CVE-2024-3594HigMay 23, 2024
    risk 0.57cvss 8.7epss 0.01

    The IDonate WordPress plugin through 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite…

  • CVE-2024-4662HigMay 23, 2024
    risk 0.57cvss 8.8epss 0.01

    The Oxygen Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.8.2 via post metadata. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for lower privileged…

  • CVE-2024-4978HigKEVMay 23, 2024
    risk 0.69cvss 8.4epss 0.27

    Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.

  • CVE-2024-29853HigMay 22, 2024
    risk 0.51cvss 7.8epss 0.00

    An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation.

  • CVE-2024-29851HigMay 22, 2024
    risk 0.47cvss 7.2epss 0.01

    Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account.

  • CVE-2024-29850HigMay 22, 2024
    risk 0.57cvss 8.8epss 0.01

    Veeam Backup Enterprise Manager allows account takeover via NTLM relay.

  • CVE-2024-4454HigMay 22, 2024
    risk 0.51cvss 7.8epss 0.00

    WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. User interaction on the part of an…

  • CVE-2024-4453HigMay 22, 2024
    risk 0.00cvss 7.8epss 0.02

    GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack…

  • CVE-2024-27264HigMay 22, 2024
    risk 0.48cvss 7.4epss 0.00

    IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563.

  • CVE-2023-51636HigMay 22, 2024
    risk 0.51cvss 7.8epss 0.01

    Avira Prime Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. An attacker must first obtain the ability to execute low-privileged code on the target system in order…

  • CVE-2024-20360HigMay 22, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface…

  • CVE-2024-36077HigMay 22, 2024
    risk 0.57cvss 8.8epss 0.01

    Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role, which allows them to execute commands on the server. This affects February 2024…

  • CVE-2024-5160HigMay 22, 2024
    risk 0.57cvss 8.8epss 0.01

    Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-5159HigMay 22, 2024
    risk 0.57cvss 8.8epss 0.01

    Heap buffer overflow in ANGLE in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-5158HigMay 22, 2024
    risk 0.53cvss 8.1epss 0.01

    Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-5157HigMay 22, 2024
    risk 0.57cvss 8.8epss 0.01

    Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-34448HigMay 22, 2024
    risk 0.50cvss 8.8epss 0.01

    Ghost before 5.82.0 allows CSV Injection during a member CSV export.

  • CVE-2024-33228HigMay 22, 2024
    risk 0.55cvss 8.4epss 0.00

    An issue in the component segwindrvx64.sys of Insyde Software Corp SEG Windows Driver v100.00.07.02 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

  • CVE-2024-33227HigMay 22, 2024
    risk 0.57cvss 8.8epss 0.00

    An issue in the component ddcdrv.sys of Nicomsoft WinI2C/DDC v3.7.4.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

  • CVE-2024-33225HigMay 22, 2024
    risk 0.51cvss 7.8epss 0.00

    An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp Realtek(r) High Definition Audio Function Driver v6.0.9549.1 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

  • CVE-2024-33224HigMay 22, 2024
    risk 0.55cvss 8.4epss 0.00

    An issue in the component rtkio64.sys of Realtek Semiconductor Corp Realtek lO Driver v1.008.0823.2017 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

  • CVE-2024-33223HigMay 22, 2024
    risk 0.57cvss 8.8epss 0.00

    An issue in the component IOMap64.sys of ASUSTeK Computer Inc ASUS GPU TweakII v1.4.5.2 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

  • CVE-2024-33222HigMay 22, 2024
    risk 0.55cvss 8.4epss 0.00

    An issue in the component ATSZIO64.sys of ASUSTeK Computer Inc ASUS ATSZIO Driver v0.2.1.7 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

  • CVE-2024-33221HigMay 22, 2024
    risk 0.51cvss 7.8epss 0.00

    An issue in the component AsusBSItf.sys of ASUSTeK Computer Inc ASUS BIOS Flash Driver v3.2.12.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

  • CVE-2024-33220HigMay 22, 2024
    risk 0.57cvss 8.8epss 0.01

    An issue in the component AslO3_64.sys of ASUSTeK Computer Inc AISuite3 v3.03.36 3.03.36 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

  • CVE-2024-33219HigMay 22, 2024
    risk 0.51cvss 7.8epss 0.00

    An issue in the component AsIO64.sys of ASUSTeK Computer Inc ASUS SABERTOOTH X99 Driver v1.0.1.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

  • CVE-2024-33218HigMay 22, 2024
    risk 0.51cvss 7.8epss 0.00

    An issue in the component AsUpIO64.sys of ASUSTeK Computer Inc ASUS USB 3.0 Boost Storage Driver 5.30.20.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

  • CVE-2024-35559HigMay 22, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=rev&nohrefStr=close.

  • CVE-2024-35558HigMay 22, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=rev&nohrefStr=close.

  • CVE-2024-35556HigMay 22, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsSys_deal.php?mudi=infoSet.

  • CVE-2024-35553HigMay 22, 2024
    risk 0.54cvss 8.3epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=add&nohrefStr=close.

  • CVE-2024-35552HigMay 22, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=del&dataType=logo&dataTypeCN.

  • CVE-2024-5031HigMay 22, 2024
    risk 0.55cvss 8.5epss 0.00

    The Memberpress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.11.29 via the 'mepr-user-file' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web…

  • CVE-2021-47497HigMay 22, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells If a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic *p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0); will become undefined…

  • CVE-2021-47496HigMay 22, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix flipped sign in tls_err_abort() calls sk->sk_err appears to expect a positive value, a convention that ktls doesn't always follow and that leads to memory corruption in other code. For instance, …

  • CVE-2021-47489HigMay 22, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix even more out of bound writes from debugfs CVE-2021-42327 was fixed by: commit f23750b5b3d98653b31d4469592935ef6364ad67 Author: Thelford Williams <tdwilliamsiv@gmail.com> Date: Wed Oct 13…

  • CVE-2021-47486HigMay 22, 2024
    risk 0.49cvss 7.5epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: riscv, bpf: Fix potential NULL dereference The bpf_jit_binary_free() function requires a non-NULL argument. When the RISC-V BPF JIT fails to converge in NR_JIT_ITERATIONS steps, jit_data->header will be NULL,…

  • CVE-2021-47485HigMay 22, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields Overflowing either addrlimit or bytes_togo can allow userspace to trigger a buffer overflow of kernel memory. Check for overflows in all…

  • CVE-2021-47483HigMay 22, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: regmap: Fix possible double-free in regcache_rbtree_exit() In regcache_rbtree_insert_to_block(), when 'present' realloc failed, the 'blk' which is supposed to assign to 'rbnode->block' will be freed, so…