4985 matches found
VulnCheck KEV: CVE-2010-3904
Linux Kernel contains an improper input validation vulnerability in the Reliable Datagram Sockets RDS protocol implementation that allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls...
VulnCheck KEV: CVE-2015-5317
Jenkins User Interface UI contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages...
VulnCheck KEV: CVE-2016-8735
Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension JMX ports. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues...
VulnCheck KEV: CVE-2014-0196
Linux Kernel contains a race condition vulnerability within the nttywrite function that allows local users to cause a denial-of-service DoS or gain privileges via read and write operations with long strings...
VulnCheck KEV: CVE-2023-32244
Improper Privilege Management vulnerability in XTemos Woodmart Core allows Privilege Escalation.This issue affects Woodmart Core: from n/a through 1.0.36...
VulnCheck KEV: CVE-2023-30777
Unauth. Reflected Cross-Site Scripting XSS vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins = 6.1.5 versions...
VulnCheck KEV: CVE-2023-32242
Deserialization of Untrusted Data vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme.This issue affects WoodMart - Multipurpose WooCommerce Theme: from n/a through 1.0.36...
VulnCheck KEV: CVE-2022-45354
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60...
VulnCheck KEV: CVE-2023-24932
Secure Boot Security Feature Bypass Vulnerability...
VulnCheck KEV: CVE-2023-29336
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges...
VulnCheck KEV: CVE-2023-25717
Ruckus Wireless Access Point AP software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site request forgery CSRF or remote code execution RCE. This vulnerability impacts Ruckus...
VulnCheck KEV: CVE-2021-27856
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named "cmuser" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002...
VulnCheck KEV: CVE-2023-27372
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1...
VulnCheck KEV: CVE-2021-33035
Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow...
VulnCheck KEV: CVE-2021-31602
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicationContext-spring-security.xml...
VulnCheck KEV: CVE-2022-1118
Connected Components Workbench v13.00.00 and prior, ISaGRAF Workbench v6.0 though v6.6.9, and Safety Instrumented System Workstation v1.2 and prior for Trusted Controllers do not limit the objects that can be deserialized. This allows attackers to craft a malicious serialized object that,...
VulnCheck KEV: CVE-2018-5713
In Malwarefox Anti-Malware 2.72.169, the driver file zam64.sys allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002010...
VulnCheck KEV: CVE-2022-30136
Windows Network File System Remote Code Execution Vulnerability...
VulnCheck KEV: CVE-2021-43287
An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers...
VulnCheck KEV: CVE-2023-30869
Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1...
VulnCheck KEV: CVE-2023-28204
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari...
VulnCheck KEV: CVE-2023-32373
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple...
VulnCheck KEV: CVE-2023-21839
Oracle WebLogic Server contains an unspecified vulnerability that allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server...
VulnCheck KEV: CVE-2023-27351
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 Build 63914. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper...
VulnCheck KEV: CVE-2022-29013
A command injection in the command parameter of Razer Sila Gaming Router v2.0.441api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request...
VulnCheck KEV: CVE-2023-31290
Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild in December 2022 and March 2023. This occurs because the mt19937 Mersenne Twister takes a single 32-bit value as an input...
VulnCheck KEV: CVE-2023-27532
Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This...
VulnCheck KEV: CVE-2023-29552
The Service Location Protocol SLP contains a denial-of-service DoS vulnerability that could allow an unauthenticated, remote attacker to register services and use spoofed UDP traffic to conduct a denial-of-service DoS attack with a significant amplification factor...
VulnCheck KEV: CVE-2023-24055
KeePass through 2.53 in a default installation allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who...
VulnCheck KEV: CVE-2020-8949
Gocloud S2AWL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary OS commands via shell metacharacters in a ping operation, as demonstrated by the...
VulnCheck KEV: CVE-2023-27350
PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system...
VulnCheck KEV: CVE-2017-6742
The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload...
VulnCheck KEV: CVE-2022-4290
The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via the 'ctlsanitizetitle' function in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This potentially...
VulnCheck KEV: CVE-2023-29492
Novi Survey contains an insecure deserialization vulnerability that allows remote attackers to execute code on the server in the context of the service account...
VulnCheck KEV: CVE-2023-2136
Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other...
VulnCheck KEV: CVE-2023-1389
TP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution...
VulnCheck KEV: CVE-2021-22713
A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 see security notifcation for affected versions, which could cause the meter to reboot...
VulnCheck KEV: CVE-2023-28252
Microsoft Windows Common Log File System CLFS driver contains an unspecified vulnerability that allows for privilege escalation...
VulnCheck KEV: CVE-2021-38153
Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...
VulnCheck KEV: CVE-2023-2033
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft...
VulnCheck KEV: CVE-2023-28206
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges...
VulnCheck KEV: CVE-2023-1930
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfcclearcacheofallsitescallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to...
VulnCheck KEV: CVE-2023-28205
Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which...
VulnCheck KEV: CVE-2023-1931
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to perform...
VulnCheck KEV: CVE-2023-1928
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfcpreloadsinglecallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to...
VulnCheck KEV: CVE-2023-1929
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfcpurgecachevarnishcallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access...
VulnCheck KEV: CVE-2022-4940
The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions...
VulnCheck KEV: CVE-2023-29389
Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN bus, which allows physically proximate attackers to drive a vehicle by accessing the control CAN bus after pulling the bumper away and reaching the headlight connector, and then sending forged "Key is validated"...
VulnCheck KEV: CVE-2021-27878
Veritas Backup Exec BE Agent contains a command execution vulnerability that could allow an attacker to use a data management protocol command to execute a command on the BE Agent machine...
VulnCheck KEV: CVE-2023-29218
The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service reduction of reputation score by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as...