VYPR

Cloud

by SUSE S.A.

CVEs (7)

  • CVE-2024-4301HigApr 29, 2024
    risk 0.57cvss 8.8epss 0.01

    N-Reporter and N-Cloud, products of the N-Partner, have an OS Command Injection vulnerability. Remote attackers with normal user privilege can execute arbitrary system commands by manipulating user inputs on a specific page.

  • CVE-2025-36758MedSep 10, 2025
    risk 0.41cvss epss 0.00

    It is possible to bypass the clipping level of authentication attempts in SolaX Cloud through the use of the 'Forgot Password' functionality as an oracle.

  • CVE-2013-4365Oct 17, 2013
    risk 0.01cvss epss 0.13

    Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.

  • CVE-2020-8996Feb 16, 2020
    risk 0.00cvss epss 0.01

    AnyShare Cloud 6.0.9 allows authenticated directory traversal to read files, as demonstrated by the interface/downloadwithpath/downloadfile/?filepath=/etc/passwd URI.

  • CVE-2019-4427Feb 12, 2020
    risk 0.00cvss epss 0.00

    IBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using SHA1 certificate. An attacker might be able to exploit the weak algorithm to generate a installer with malicious software inside. IBM X-Force ID: 162773.

  • CVE-2019-9945Mar 23, 2019
    risk 0.00cvss epss 0.06

    SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web…

  • CVE-2014-3476Jun 17, 2014
    risk 0.00cvss epss 0.02

    OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create…