Lucene search
K
AttackerkbMost viewed

74784 matches found

ATTACKERKB
ATTACKERKB
added 2015/05/13 12:0 a.m.37 views

CVE-2015-1671

The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5...

9.3CVSS7.6AI score0.54628EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2015/04/14 12:0 a.m.37 views

CVE-2015-0355

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2015-0347,...

10CVSS7.3AI score0.7983EPSS
Exploits7References10
ATTACKERKB
ATTACKERKB
added 2013/11/20 12:0 a.m.37 views

CVE-2013-6282

The 1 getuser and 2 putuser API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against...

8.8CVSS4.6AI score0.39711EPSS
Exploits9References11
ATTACKERKB
ATTACKERKB
added 2013/05/15 12:0 a.m.37 views

CVE-2013-1308

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka “Internet Explorer Use After Free Vulnerability,” a different vulnerability than CVE-2013-1309 and...

9.3CVSS8.2AI score0.74096EPSS
Exploits11References4
ATTACKERKB
ATTACKERKB
added 2010/04/05 12:0 a.m.37 views

CVE-2009-2936

DISPUTED The Command Line Interface aka Server CLI or administration interface in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to 1 execute arbitrary code via a...

7.5CVSS7.4AI score0.63824EPSS
Exploits7References6
ATTACKERKB
ATTACKERKB
added 2008/02/12 12:0 a.m.37 views

CVE-2007-5659

Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655. Recent assessments: Assessed Attacker Value: 0 Assess...

9.8CVSS6.5AI score0.94222EPSS
Exploits10References15
ATTACKERKB
ATTACKERKB
added 2025/05/13 12:0 a.m.36 views

CVE-2025-30397

Access of resource using incompatible type ‘type confusion’ in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.5CVSS7.1AI score0.21228EPSS
Exploits7References2
ATTACKERKB
ATTACKERKB
added 2024/07/01 12:0 a.m.36 views

CVE-2024-20399

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that ar...

6.7CVSS7.2AI score0.04271EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2024/05/14 12:0 a.m.36 views

CVE-2024-3809

The Porto Theme – Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.9 via the ‘slideshowtype’ post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...

8.8CVSS7.6AI score0.01002EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2024/04/05 12:0 a.m.36 views

CVE-2024-29748

there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

7.8CVSS7.5AI score0.0068EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/03/12 12:0 a.m.36 views

CVE-2024-26169

Windows Error Reporting Service Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS6.9AI score0.04014EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/12/21 12:0 a.m.36 views

CVE-2022–26923 aka Certifried

Active Directory Domain Services Elevation of Privilege Vulnerability. Recent assessments: cdelafuente-r7 at January 10, 2023 3:08pm UTC reported: This vulnerability enables a low-privileged user to escalate privileges in a default Active Directory environment with the Active Directory Certificat...

9CVSS7.2AI score0.83277EPSS
Exploits8References9
ATTACKERKB
ATTACKERKB
added 2023/05/24 12:0 a.m.36 views

CVE-2023-33010

A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50W firmware versions 4.25 through 5.36 Patch 1, USG20W-VPN firmware versions 4.25 through 5.36 Patc...

9.8CVSS9.9AI score0.28813EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/05/04 12:0 a.m.36 views

CVE-2023-21492

Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

4.4CVSS6.5AI score0.02554EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/09/15 12:0 a.m.36 views

CVE-2021-38649

Open Management Infrastructure Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.8CVSS8.2AI score0.02EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/08/24 12:0 a.m.36 views

CVE-2021-30983

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.2 and iPadOS 15.2. An application may be able to execute arbitrary code with kernel privileges. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.3CVSS4AI score0.02934EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/08/03 12:0 a.m.36 views

CVE-2021-30563

Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

8.8CVSS2.6AI score0.08928EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/02/11 12:0 a.m.36 views

CVE-2021-22652

Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution. Recent assessments: wvu-r7 at February 11, 2021 11:19pm UTC reported: The patch adds authenticatio...

9.8CVSS0.3AI score0.36845EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2021/01/08 12:0 a.m.36 views

CVE-2020-16013

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Recent assessments: gwillcox-r7 at November 22, 2020 2:37am UTC reported: Reported as exploited in the wild as part of Google’s 2020...

9.6CVSS8.7AI score0.02826EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2020/10/16 12:0 a.m.36 views

CVE-2020-16896

An information disclosure vulnerability exists in Remote Desktop Protocol RDP when an attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Windows Remote Desktop Protocol RDP Information Disclosure Vulnerability’. Recent assessments: 0J3lack0 at November 27,...

7.5CVSS7.2AI score0.10456EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/08/29 12:0 a.m.36 views

CVE-2020-3569 - Denial of service vulnerability in Cisco IOS XR

Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol DVMRP feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol IGMP process or make it consume available memory and eventually cras...

8.6CVSS8.4AI score0.03631EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/07/29 12:0 a.m.36 views

CVE-2020-15588

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM...

9.8CVSS3.2AI score0.278EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/06/21 12:0 a.m.36 views

CVE-2020-14942

Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py. Recent assessments: kevthehermit at June 21, 2020 7:03pm UTC reported: Outline Untrusted data from the client side is used to create a python pickled object. This can lead to full RCE and compromise of the host...

9.8CVSS1.6AI score0.01338EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/05/20 12:0 a.m.36 views

CVE-2020-1143: Win32k Use-After-Free

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...

7.8CVSS1.3AI score0.01284EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/04/21 12:0 a.m.36 views

CVE-2020-4429

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534...

10CVSS7.8AI score0.71363EPSS
Exploits10References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2020/04/21 12:0 a.m.36 views

CVE-2020-4428

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533. Recent assessments: wvu-r7 at May 08, 2020 4:04pm UTC reported: Assessment for the related CVEs here:...

9.1CVSS9.1AI score0.61692EPSS
Exploits8References3
ATTACKERKB
ATTACKERKB
added 2020/02/03 12:0 a.m.36 views

CVE-2020-8597 rhostname buffer overflow in pppd

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions. Recent assessments: wvu-r7 at March 10, 2020 6:33pm UTC reported: AFAIK, it is common to enable full mitigations on the binary, with ASLR enabled on the system. While this doesn’...

9.8CVSS3.4AI score0.19582EPSS
Exploits3References15
ATTACKERKB
ATTACKERKB
added 2019/11/12 12:0 a.m.36 views

CVE-2019-1405

An elevation of privilege vulnerability exists when the Windows Universal Plug and Play UPnP service improperly allows COM object creation, aka ‘Windows UPnP Service Elevation of Privilege Vulnerability’. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...

7.8CVSS8.6AI score0.2995EPSS
Exploits24References3
ATTACKERKB
ATTACKERKB
added 2019/11/12 12:0 a.m.36 views

CVE-2019-1385

An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate...

7.8CVSS8.4AI score0.03595EPSS
Exploits4References4
ATTACKERKB
ATTACKERKB
added 2019/06/18 12:0 a.m.36 views

VLC zlib_decompress_extra Double Free Vulnerability

VLC media player is a free and open-source portable cross-platform media player software developed by the VideoLAN project. VLC is available for desktop operating systems and mobile platforms, such as Android, iOS, iPadOS, Wizen, Windows 10 Mobile, and Windows Phone. It is also available on digit...

9.8CVSS0.3AI score0.02392EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2019/06/12 12:0 a.m.36 views

CVE-2019-1064

An elevation of privilege vulnerability exists when Windows AppX Deployment Service AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To...

7.8CVSS7.7AI score0.06886EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2019/05/16 12:0 a.m.36 views

CVE-2019-0903

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in the memory, aka ‘GDI+ Remote Code Execution Vulnerability’. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.3CVSS8AI score0.21713EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2018/07/11 12:0 a.m.36 views

CVE-2018-8298

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability.” This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288,...

7.6CVSS7AI score0.75339EPSS
Exploits9References5
ATTACKERKB
ATTACKERKB
added 2018/03/28 12:0 a.m.36 views

CVE-2018-0158

A vulnerability in the Internet Key Exchange Version 2 IKEv2 module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service DoS condition. The vulnerability is due to...

8.6CVSS4.3AI score0.07331EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2018/02/14 12:0 a.m.36 views

CVE-2018-2392

Under certain conditions SAP Internet Graphics Server IGS 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server IGS to become unavailable. Recent assessments: gwillcox-r7 at October 06, 2020 4:04pm UTC reported: This...

7.5CVSS0.3AI score0.40591EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2017/10/22 12:0 a.m.36 views

CVE-2017-11292

Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution. Recent...

8.8CVSS5AI score0.12104EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2017/08/09 12:0 a.m.36 views

CVE-2015-2291

1 IQVW32.sys before 1.3.1.0 and 2 IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted a 0x80862013, b 0x8086200B, © 0x8086200F, or d 0x80862007 IOCTL...

7.8CVSS7.8AI score0.09011EPSS
Exploits7References7
ATTACKERKB
ATTACKERKB
added 2017/07/24 12:0 a.m.36 views

CVE-2017-9554

An information exposure vulnerability in forgetpasswd.cgi in Synology DiskStation Manager DSM before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors. Recent assessments: h00die at May 21, 2020 2:01pm UTC reported: Vulnerability is trivial to exploit. Send ...

5.3CVSS3AI score0.75016EPSS
Exploits6References3
ATTACKERKB
ATTACKERKB
added 2017/05/12 12:0 a.m.36 views

CVE-2017-0226

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka “Internet Explorer Memory Corruption Vulnerability.” This CVE ID is unique from CVE-2017-0222. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...

8.8CVSS8.3AI score0.29645EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2015/12/19 12:0 a.m.36 views

CVE-2015-7755

Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows...

10CVSS2.1AI score0.614EPSS
Exploits7References12
ATTACKERKB
ATTACKERKB
added 2015/12/10 12:0 a.m.36 views

Adobe Flash ID3 Decode Integer Overflow

Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute...

10CVSS4.4AI score0.65956EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2015/10/22 12:0 a.m.36 views

CVE-2015-4902

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment. Recent assessments: gwillcox-r7 at November 23, 2020 6:18pm UTC reported: Reported as exploited in the wild as part of Google’s 2020 0day...

5.3CVSS3.4AI score0.13354EPSS
Exploits0References23
ATTACKERKB
ATTACKERKB
added 2015/07/14 12:0 a.m.36 views

CVE-2015-5123

Use-after-free vulnerability in the BitmapData class in the ActionScript 3 AS3 implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installatio...

10CVSS9.7AI score0.18493EPSS
Exploits0References15
ATTACKERKB
ATTACKERKB
added 2014/11/11 12:0 a.m.36 views

CVE-2014-6332

OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as...

9.3CVSS8.7AI score0.94996EPSS
Exploits39References26
ATTACKERKB
ATTACKERKB
added 2014/02/14 12:0 a.m.36 views

Microsoft Internet Explorer Use-After-Free Vulnerability

Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014. Recent...

9.3CVSS0.6AI score0.85239EPSS
Exploits35References12
ATTACKERKB
ATTACKERKB
added 2013/07/18 12:0 a.m.36 views

CVE-2013-4011

Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving 1 arp.ib or 2 ibstat. Recent assessments: timb-machine at March 05, 2021 12:44am UTC reported: Assessed Attacker Value:...

7.2CVSS5.2AI score0.02846EPSS
Exploits8References15
ATTACKERKB
ATTACKERKB
added 2009/06/10 12:0 a.m.36 views

CVE-2009-1123

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka “Windows Kernel Desktop...

7.8CVSS7.3AI score0.04918EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2008/08/05 12:0 a.m.36 views

CVE-2008-3431

The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHODNEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \.\VBoxDrv device and...

8.8CVSS5.8AI score0.06932EPSS
Exploits8References12
ATTACKERKB
ATTACKERKB
added 2025/04/03 12:0 a.m.35 views

CVE-2025-31161

CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account unless a DMZ proxy instance is used, as exploited in the wild in March and April 2025, aka “Unauthenticated HTTPS port access.” A race condition exists in the AWS4-HMAC compatible wi...

9.8CVSS7.8AI score0.99947EPSS
Exploits18References3
ATTACKERKB
ATTACKERKB
added 2025/02/12 12:0 a.m.35 views

CVE-2025-0108

An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PH...

9.8CVSS8.5AI score0.99698EPSS
Exploits26References2
Total number of security vulnerabilities5000