Lucene search
K
AttackerkbMost viewed

74760 matches found

ATTACKERKB
ATTACKERKB
added 2020/08/29 12:0 a.m.41 views

CVE-2020-3566 - Denial of service vulnerability in Cisco IOS XR

A vulnerability in the Distance Vector Multicast Routing Protocol DVMRP feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet Group Management Protoco...

8.6CVSS2.4AI score0.03631EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/07/14 12:0 a.m.41 views

CVE-2020-1043

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka ‘Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1032, CVE-2020-103...

9CVSS9.4AI score0.06903EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2020/01/14 12:0 a.m.41 views

CVE-2020-0609

A remote code execution vulnerability exists in Windows Remote Desktop Gateway RD Gateway when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Windows Remote Desktop Gateway RD Gateway Remote Code Execution Vulnerability’. This CVE ID...

10CVSS9.8AI score0.74897EPSS
Exploits10References2
ATTACKERKB
ATTACKERKB
added 2019/12/05 12:0 a.m.42 views

CVE-2019-7193

This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

10CVSS6AI score0.14367EPSS
Exploits6References3
ATTACKERKB
ATTACKERKB
added 2019/10/14 12:0 a.m.41 views

CVE-2019-16278

Directory Traversal in the function httpverify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS9.2AI score0.99057EPSS
Exploits24References7
ATTACKERKB
ATTACKERKB
added 2019/09/12 12:0 a.m.41 views

CVE-2019-16256

Some Samsung devices include the SIMalliance Toolbox Browser aka S@T Browser on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit STK instructions in an SMS message, aka Simjacker. Recent...

9.8CVSS4.7AI score0.04949EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2019/08/16 12:0 a.m.41 views

CVE-2019-15107

An issue was discovered in Webmin =1.920. The parameter old in passwordchange.cgi contains a command injection vulnerability. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

10CVSS9.6AI score0.99766EPSS
Exploits38References9
ATTACKERKB
ATTACKERKB
added 2019/04/30 12:0 a.m.41 views

CVE-2019-3929

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pr...

10CVSS9.8AI score0.98952EPSS
Exploits10References6
ATTACKERKB
ATTACKERKB
added 2019/02/21 12:0 a.m.41 views

Drupal core - Highly critical - Remote Code Execution

Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core...

8.1CVSS2.7AI score0.92017EPSS
Exploits22References10
ATTACKERKB
ATTACKERKB
added 2018/11/14 12:0 a.m.41 views

CVE-2018-6065

Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Recent assessments: Assessed Attacker Value: 0 Assessed...

8.8CVSS2.6AI score0.60304EPSS
Exploits2References10
ATTACKERKB
ATTACKERKB
added 2018/04/19 12:0 a.m.41 views

CVE-2018-2628

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS Core Components. Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to...

9.8CVSS3.3AI score0.99448EPSS
Exploits69References11
ATTACKERKB
ATTACKERKB
added 2018/03/19 12:0 a.m.41 views

CVE-2018-7445

A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is...

10CVSS10.1AI score0.61018EPSS
Exploits7References6
ATTACKERKB
ATTACKERKB
added 2017/11/09 12:0 a.m.41 views

CVE-2017-16651

Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host’s filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid...

7.8CVSS7.3AI score0.36919EPSS
Exploits5References10
ATTACKERKB
ATTACKERKB
added 2015/06/10 12:0 a.m.41 views

CVE-2015-2360

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial...

8.8CVSS6.1AI score0.14958EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2013/01/31 12:0 a.m.41 views

CVE-2013-0431

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka “Issue 52,” a different vulnerability than...

5.3CVSS8.7AI score0.89987EPSS
Exploits8References23
ATTACKERKB
ATTACKERKB
added 2024/08/13 12:0 a.m.40 views

CVE-2024-38106

Windows Kernel Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7CVSS7AI score0.06337EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/04/24 4:15 p.m.40 views

CVE-2023-27524

Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRETKEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset...

9.8CVSS7.2AI score0.97405EPSS
Exploits20References11
ATTACKERKB
ATTACKERKB
added 2023/03/22 12:0 a.m.40 views

CVE-2023-28432

Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIOSECRETKEY and MINIOROOTPASSWORD, resulting in information disclosure. All users of...

7.5CVSS7.4AI score0.83957EPSS
Exploits13References6
ATTACKERKB
ATTACKERKB
added 2023/01/10 12:0 a.m.40 views

CVE-2023-21608

Adobe Acrobat Reader versions 22.003.20282 and earlier, 22.003.20281 and earlier and 20.005.30418 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in th...

7.8CVSS7.5AI score0.61475EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2022/05/20 12:0 a.m.40 views

CVE-2022-20821

A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attack...

6.5CVSS2.1AI score0.1176EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/02/16 12:0 a.m.40 views

CVE-2021-3560

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this...

7.8CVSS7.4AI score0.22193EPSS
Exploits37References6
ATTACKERKB
ATTACKERKB
added 2022/02/14 12:15 p.m.40 views

CVE-2022-24976

Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence...

9.1CVSS5.6AI score0.0182EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/01/01 12:15 a.m.40 views

CVE-2021-45947

Wasm3 0.5.0 has an out-of-bounds write in RuntimeRelease called from EvaluateExpression and InitDataSegments...

5.5CVSS5.9AI score0.00667EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2021/10/13 12:0 a.m.40 views

CVE-2021-41357

Win32k Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS7.5AI score0.01968EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/09/23 12:0 a.m.40 views

CVE-2021-22941

Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

10CVSS4.2AI score0.53585EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2021/02/25 12:0 a.m.40 views

CVE-2021-24088

Windows Local Spooler Remote Code Execution Vulnerability Recent assessments: bwatters-r7 at August 10, 2021 9:35pm UTC reported: This entry is based off the blackhat talk by Zhiniang Peng, Xuefeng Li, and Lewis Lee on August 4, 2021. They said CVE-2021-24088, 24077, and 1722 were all similar, bu...

8.8CVSS1.8AI score0.02276EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/08/13 12:0 a.m.40 views

CVE-2020-17463

FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS4AI score0.90044EPSS
Exploits4References6
ATTACKERKB
ATTACKERKB
added 2020/06/29 12:0 a.m.40 views

CVE-2020-2021 PAN-OS: Authentication Bypass in SAML Authentication

When Security Assertion Markup Language SAML authentication is enabled and the ‘Validate Identity Provider Certificate’ option is disabled unchecked, improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources...

10CVSS9.4AI score0.04362EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2020/05/19 12:0 a.m.40 views

CVE-2020-13166

The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded the same for all customers’ installations in web.config, and can be used to send serialized ASP code. Recent assessments: wvu-r7 at May 21, 2020 5:50am UTC reported: Metasplo...

9.8CVSS6.5AI score0.77635EPSS
Exploits5References3
ATTACKERKB
ATTACKERKB
added 2020/05/19 12:0 a.m.40 views

CVE-2020-8616: NXNSAttack: Recursive DNS Inefficiencies and Vulnerabilities

A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral...

8.6CVSS2.2AI score0.93422EPSS
Exploits6References19
ATTACKERKB
ATTACKERKB
added 2020/04/01 12:0 a.m.40 views

CVE-2020-10199

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2. Recent assessments: wvu-r7 at April 04, 2020 5:05am UTC reported: WIP exploit module: https://github.com/rapid7/metasploit-framework/pull/13195. Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...

9CVSS8.7AI score0.99064EPSS
Exploits10References6
ATTACKERKB
ATTACKERKB
added 2020/03/17 12:0 a.m.40 views

Installing a malicious gem may lead to arbitrary code execution

An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensureloadablespec during the preinstall check. Recent...

8.8CVSS4.3AI score0.03219EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2020/02/10 12:0 a.m.40 views

CVE-2019-19193

The Bluetooth Low Energy peripheral implementation on Texas Instruments SIMPLELINK-CC2640R2-SDK through 3.30.00.20 and BLE-STACK through 1.5.0 before Q4 2019 for CC2640R2 and CC2540/1 devices does not properly restrict the advertisement connection request packet on reception, allowing attackers i...

6.5CVSS6.4AI score0.00703EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2019/11/07 12:0 a.m.40 views

CVE-2019-15271

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session token. The vulnerability ...

9CVSS3.3AI score0.05979EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2019/11/06 12:0 a.m.40 views

C4G BLIS Improper Access Control

Computing For Good’s Basic Laboratory Information System also known as C4G BLIS version 3.5 and earlier suffers from an instance of CWE-284, “Improper Access Control.” As a result, an unauthenticated user may alter several facets of a user account, including promoting any user to an administrator...

10CVSS1.2AI score0.0132EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2019/07/15 12:0 a.m.40 views

CVE-2019-0880

A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka ‘Microsoft splwow64 Elevation of Privilege Vulnerability’. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS7.7AI score0.02404EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2019/07/15 12:0 a.m.40 views

CVE-2019-1129

An elevation of privilege vulnerability exists when Windows AppX Deployment Service AppXSVC improperly handles hard links, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1130. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assesse...

7.8CVSS7.8AI score0.02284EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2018/08/15 12:0 a.m.40 views

CVE-2018-8302

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka “Microsoft Exchange Memory Corruption Vulnerability.” This affects Microsoft Exchange Server. Recent assessments: zeroSteiner at March 20, 2020 1:04pm UTC...

10CVSS1.8AI score0.25519EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2018/07/09 12:0 a.m.40 views

GIGABYTE BRIX UEFI firmware fails to securely implement BIOS write protection

GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 version F6 and GB-BXi7-5775 version F2 platforms does not securely implement BIOSWE, BLE, SMMBWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash. Recent assessment...

10CVSS3.9AI score0.05641EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2017/04/02 12:0 a.m.40 views

Remote code execution triggered by malformed GIF in ImageIO framework, affecting most iOS/macOS apps

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “ImageIO” component. It allows remote attackers to execute arbitrary code or cause a denial of...

7.8CVSS9AI score0.01784EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2017/03/17 12:0 a.m.40 views

CVE-2017-0145

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka...

9.3CVSS8.8AI score0.99373EPSS
Exploits93References11
ATTACKERKB
ATTACKERKB
added 2016/11/10 12:0 a.m.40 views

CVE-2016-7201

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-7200, CVE-2016-7202,...

8.8CVSS8AI score0.8249EPSS
Exploits13References10
ATTACKERKB
ATTACKERKB
added 2016/06/16 12:0 a.m.40 views

CVE-2016-4171

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016. Recent assessments: gwillcox-r7 at November 22, 2020 3:16am UTC reported: Reported as exploited in the wild as part ...

10CVSS3.5AI score0.19903EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2016/02/16 12:0 a.m.40 views

CVE-2016-2386

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS7.6AI score0.7106EPSS
Exploits8References12
ATTACKERKB
ATTACKERKB
added 2015/01/13 12:0 a.m.40 views

CVE-2015-0016

Directory traversal vulnerability in the TS WebProxy aka TSWbPrxy component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted...

9.3CVSS3.9AI score0.7594EPSS
Exploits5References10
ATTACKERKB
ATTACKERKB
added 2014/03/19 12:0 a.m.40 views

CVE-2014-2120

Cross-site scripting XSS vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance ASA Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker...

6.1CVSS6AI score0.14029EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2012/03/13 12:0 a.m.40 views

CVE-2012-0002

The Remote Desktop Protocol RDP implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code ...

9.3CVSS9.4AI score0.74102EPSS
Exploits11References6
ATTACKERKB
ATTACKERKB
added 2010/01/21 12:0 a.m.40 views

CVE-2010-0232

The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly...

7.8CVSS7.4AI score0.29253EPSS
Exploits13References16
ATTACKERKB
ATTACKERKB
added 2009/02/20 12:0 a.m.40 views

CVE-2009-0658

Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by...

9.3CVSS5.2AI score0.87719EPSS
Exploits7References27
ATTACKERKB
ATTACKERKB
added 2026/05/20 9:17 a.m.39 views

CVE-2026-32792

NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support '--enable-dnscrypt'. A bad DNSCrypt query could underflow Unbound's DNSCrypt packet reading procedure that may lead to heap overflow. A malicious actor can exploit...

8.2CVSS6AI score0.00337EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000