4985 matches found
VulnCheck KEV: CVE-2022-25082
TOTOLink A950RG V5.9c.4050B20190424 and V4.1.2cu.5204B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
VulnCheck KEV: CVE-2022-25076
TOTOLink A800R V4.1.2cu.5137B20200730 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
VulnCheck KEV: CVE-2016-5674
debuggingcenterutils.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter...
VulnCheck KEV: CVE-2022-25081
TOTOLink T10 V5.9c.5061B20200511 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
VulnCheck KEV: CVE-2022-25078
TOTOLink A3600R V4.1.2cu.5182B20201102 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
VulnCheck KEV: CVE-2022-26210
Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the...
VulnCheck KEV: CVE-2021-45382
A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file...
VulnCheck KEV: CVE-2022-25077
TOTOLink A3100R V4.1.2cu.5050B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
VulnCheck KEV: CVE-2022-25084
TOTOLink T6 V5.9c.4085B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
VulnCheck KEV: CVE-2022-22674
macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory...
VulnCheck KEV: CVE-2021-21551
Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service DoS, or information disclosure...
VulnCheck KEV: CVE-2022-26871
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution...
VulnCheck KEV: CVE-2022-22675
macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges...
VulnCheck KEV: CVE-2016-0040
The kernel in Microsoft Windows allows local users to gain privileges via a crafted application...
VulnCheck KEV: CVE-2021-34484
Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation...
VulnCheck KEV: CVE-2021-26085
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint...
VulnCheck KEV: CVE-2021-38646
Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution...
VulnCheck KEV: CVE-2019-7483
In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server...
VulnCheck KEV: CVE-2021-34486
Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation...
VulnCheck KEV: CVE-2016-0151
The Client-Server Run-time Subsystem CSRSS in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application...
VulnCheck KEV: CVE-2012-2034
Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service DoS...
VulnCheck KEV: CVE-2020-7247
smtpmailaddr in smtpsession.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session...
VulnCheck KEV: CVE-2010-3035
Cisco IOS XR, when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service DoS...
VulnCheck KEV: CVE-2016-10174
The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution...
VulnCheck KEV: CVE-2014-3120
Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code...
VulnCheck KEV: CVE-2019-2616
Oracle BI Publisher, formerly XML Publisher, contains an unspecified vulnerability that allows for various unauthorized actions. Open-source reporting attributes this vulnerability to allowing for authentication bypass...
VulnCheck KEV: CVE-2018-14839
LG N1A1 NAS 3718.510 is affected by a remote code execution vulnerability...
VulnCheck KEV: CVE-2009-2055
Cisco IOS XR,when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service DoS...
VulnCheck KEV: CVE-2020-25223
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM...
VulnCheck KEV: CVE-2022-21999
Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation...
VulnCheck KEV: CVE-2021-42237
Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution...
VulnCheck KEV: CVE-2019-10068
Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code execution...
VulnCheck KEV: CVE-2015-3035
Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. dot dot in the PATHINFO to login/...
VulnCheck KEV: CVE-2018-0125
A vulnerability in the web interface of the Cisco VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as root and gain full control of an affected system...
VulnCheck KEV: CVE-2022-0543
Redis is prone to a Debian-specific Lua sandbox escape, which could result in remote code execution...
VulnCheck KEV: CVE-2019-1385
A privilege escalation vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files...
VulnCheck KEV: CVE-2019-1130
A privilege escalation vulnerability exists when Windows AppX Deployment Service AppXSVC improperly handles hard links...
VulnCheck KEV: CVE-2020-36198
A command injection vulnerability has been reported to affect certain versions of Malware Remover. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Malware Remover versions prior to 4.6.1.0. This issue does not affect:...
VulnCheck KEV: CVE-2019-1388
Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context...
VulnCheck KEV: CVE-2020-0638
Microsoft Update Notification Manager contains an unspecified vulnerability that allows for privilege escalation...
VulnCheck KEV: CVE-2021-31166
Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution...
VulnCheck KEV: CVE-2022-1096
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft...
VulnCheck KEV: CVE-2022-24934
wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEYCURRENTUSER in the registry...
VulnCheck KEV: CVE-2022-1040
An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution...
VulnCheck KEV: CVE-2021-36749
In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not...
VulnCheck KEV: CVE-2021-26920
In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not...
VulnCheck KEV: CVE-2022-26318
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code...
VulnCheck KEV: CVE-2022-23176
WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access...
VulnCheck KEV: CVE-2015-2370
The authentication implementation in the RPC subsystem in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not prevent DCE/RPC connection...
VulnCheck KEV: CVE-2022-23812
This affects the package node-ipc from 10.1.1 and before 10.1.3. This package contains malicious code, that targets users with IP located in Russia or Belarus, and overwrites their files with a heart emoji. Note: from versions 11.0.0 onwards, instead of having malicious code directly in the...