4985 matches found
VulnCheck KEV: CVE-2022-4135
Google Chromium GPU contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but...
VulnCheck KEV: CVE-2022-45349
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1...
VulnCheck KEV: CVE-2022-45351
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1...
VulnCheck KEV: CVE-2021-25094
The Tatsu WordPress plugin before 3.3.12 addcustomfont action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control...
VulnCheck KEV: CVE-2022-45077
Auth. subscriber+ PHP Object Injection vulnerability in Betheme theme = 26.5.1.4 on WordPress...
VulnCheck KEV: CVE-2020-1599
Windows Spoofing Vulnerability...
VulnCheck KEV: CVE-2022-41049
Microsoft Windows Mark of the Web MOTW contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features...
VulnCheck KEV: CVE-2019-9810
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox 66.0.1, Firefox ESR 60.6.1, and Thunderbird 60.6.1...
VulnCheck KEV: CVE-2022-41073
Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges...
VulnCheck KEV: CVE-2022-41128
Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution...
VulnCheck KEV: CVE-2022-41125
Microsoft Windows Cryptographic Next Generation CNG Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges...
VulnCheck KEV: CVE-2022-41091
Microsoft Windows Mark of the Web MOTW contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features...
VulnCheck KEV: CVE-2022-30170
Windows Credential Roaming Service Elevation of Privilege Vulnerability...
VulnCheck KEV: CVE-2016-0095
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of...
VulnCheck KEV: CVE-2017-7199
Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue...
VulnCheck KEV: CVE-2013-1300
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain...
VulnCheck KEV: CVE-2013-3881
win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a crafted application, aka "Win32k NULL Page Vulnerability."...
VulnCheck KEV: CVE-2016-5680
Stack-based buffer overflow in cgi-bin/cgimain in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transferlicense command...
VulnCheck KEV: CVE-2022-3723
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft...
VulnCheck KEV: CVE-2022-3477
The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address...
VulnCheck KEV: CVE-2018-19321
The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges...
VulnCheck KEV: CVE-2021-26606
A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A...
VulnCheck KEV: CVE-2022-26500
The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code...
VulnCheck KEV: CVE-2018-19323
The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges...
VulnCheck KEV: CVE-2018-19322
The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges...
VulnCheck KEV: CVE-2022-26504
Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager SCVMM allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe...
VulnCheck KEV: CVE-2022-26501
The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code...
VulnCheck KEV: CVE-2022-42827
Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges...
VulnCheck KEV: CVE-2020-16875
A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an...
VulnCheck KEV: CVE-2022-41352
Synacor Zimbra Collaboration Suite ZCS allows an attacker to upload arbitrary files using cpio package to gain incorrect access to any other user accounts...
VulnCheck KEV: CVE-2020-3153
Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and...
VulnCheck KEV: CVE-2020-3433
Cisco AnyConnect Secure Mobility Client for Windows interprocess communication IPC channel allows for insufficient validation of resources that are loaded by the application at run time. An attacker with valid credentials on Windows could execute code on the affected machine with SYSTEM...
VulnCheck KEV: CVE-2021-3493
The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation...
VulnCheck KEV: CVE-2022-41033
Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation...
VulnCheck KEV: CVE-2022-42458
Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered...
VulnCheck KEV: CVE-2022-40684
Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests...
VulnCheck KEV: CVE-2022-35914
Teclib GLPI contains a remote code execution vulnerability in the third-party library, htmlawed...
VulnCheck KEV: CVE-2019-16098
The driver in Micro-Star MSI Afterburner 4.6.2.15658 aka RTCore64.sys and RTCore32.sys allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure...
VulnCheck KEV: CVE-2022-36804
Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions to a private one, can execute code by sending a malicious HTTP request...
VulnCheck KEV: CVE-2022-41082
Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution...
VulnCheck KEV: CVE-2022-41040
Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution...
VulnCheck KEV: CVE-2012-4867
Directory traversal vulnerability in modules/comvtigerworkflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. dot dot in the modulename parameter...
VulnCheck KEV: CVE-2022-35405
Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability that allows for remote code execution...
VulnCheck KEV: CVE-2022-40769
profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022...
VulnCheck KEV: CVE-2022-3236
A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution...
VulnCheck KEV: CVE-2013-2597
The Code Aurora audio calibration database acdb audio driver contains a stack-based buffer overflow vulnerability that allows for privilege escalation. Code Aurora is used in third-party products such as Qualcomm and Android...
VulnCheck KEV: CVE-2013-2596
Linux kernel fbmmap function in drivers/video/fbmem.c contains an integer overflow vulnerability that allows for privilege escalation...
VulnCheck KEV: CVE-2021-31196
Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution...
VulnCheck KEV: CVE-2021-33768
Microsoft Exchange Server Elevation of Privilege Vulnerability...
VulnCheck KEV: CVE-2022-40734
UniSharp laravel-filemanager aka Laravel Filemanager before 2.6.4 allows download?workingdir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0...