Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2022/03/03 12:0 a.m.•7 views

VulnCheck KEV: CVE-2018-0179

A vulnerability in the Login Enhancements Login Block feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service DoS condition...

7.1CVSS6.3AI score0.05051EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/03 12:0 a.m.•5 views

VulnCheck KEV: CVE-2004-0210

A privilege elevation vulnerability exists in the POSIX subsystem. This vulnerability could allow a logged on user to take complete control of the system...

7.8CVSS5.8AI score0.07606EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/03 12:0 a.m.•6 views

VulnCheck KEV: CVE-2017-6740

The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload...

9CVSS7.4AI score0.10788EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-6738

The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code...

9CVSS7.3AI score0.1055EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/03 12:0 a.m.•5 views

VulnCheck KEV: CVE-2018-8298

The ChakraCore scripting engine contains a type confusion vulnerability which can allow for remote code execution...

7.6CVSS7.5AI score0.75339EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/03 12:0 a.m.•8 views

VulnCheck KEV: CVE-2022-20703

A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or...

10CVSS7.7AI score0.09203EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-6739

The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload...

9CVSS7.4AI score0.1055EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/03 12:0 a.m.•5 views

VulnCheck KEV: CVE-2016-8562

An improper privilege management vulnerability exists within the Siemens SIMATIC Communication Processor CP that allows a privileged attacker to remotely cause a denial of service...

7.5CVSS6.6AI score0.03624EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/03 12:0 a.m.•2 views

VulnCheck KEV: CVE-2018-0172

A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service DoS...

8.6CVSS7.2AI score0.07824EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-6743

The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code...

9CVSS7.3AI score0.1055EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-1297

A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory...

9.3CVSS7.7AI score0.21805EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/03 12:0 a.m.•6 views

VulnCheck KEV: CVE-2022-20700

A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or...

10CVSS7.7AI score0.05655EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-8581

A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of the Exchange server...

7.4CVSS7.3AI score0.27355EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/03 12:0 a.m.•5 views

VulnCheck KEV: CVE-2017-12319

A vulnerability in the Border Gateway Protocol BGP over an Ethernet Virtual Private Network EVPN for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service DoS condition, or potentially corrupt the BGP routing...

7.1CVSS6.3AI score0.05367EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/03 12:0 a.m.•5 views

VulnCheck KEV: CVE-2018-0161

A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial-of-service DoS condition...

6.3CVSS6.8AI score0.04746EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/03/03 12:0 a.m.•5 views

VulnCheck KEV: CVE-2013-1675

Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site...

6.5CVSS6.8AI score0.06696EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/02/24 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-1636

Microsoft SQL Elevation of Privilege Vulnerability...

8.8CVSS7.4AI score0.06153EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/02/22 12:0 a.m.•5 views

VulnCheck KEV: CVE-2018-1303

A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of modcachesocache. The vulnerability is...

7.5CVSS7.1AI score0.70783EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/02/22 12:0 a.m.•6 views

VulnCheck KEV: CVE-2017-9788

In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in Proxy-Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by modauthdigest. Providing an initial key with no '=' assignment could reflect the...

9.1CVSS6.7AI score0.5677EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/02/22 12:0 a.m.•5 views

VulnCheck KEV: CVE-2017-7659

A maliciously constructed HTTP/2 request could cause modhttp2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process...

7.5CVSS6.7AI score0.53939EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/02/22 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-9798

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker...

7.5CVSS6.7AI score0.94999EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2022/02/22 12:0 a.m.•2 views

VulnCheck KEV: CVE-2018-8011

By specially crafting HTTP requests, the modmd challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 Affected 2.4.33...

7.5CVSS6.8AI score0.51714EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/02/22 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-0190

A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1...

7.5CVSS6.9AI score0.59942EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/02/22 12:0 a.m.•5 views

VulnCheck KEV: CVE-2017-7668

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or...

7.5CVSS7.1AI score0.57472EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/02/22 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-10097

In Apache HTTP Server 2.4.32-2.4.39, when modremoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted...

7.2CVSS6.9AI score0.52873EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/02/22 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-23134

Malicious actors can pass step checks and potentially change the configuration of Zabbix Frontend...

5.3CVSS6.9AI score0.84657EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/02/22 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-11984

Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE...

9.8CVSS6.9AI score0.90039EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/02/22 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-23131

Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML...

9.8CVSS7.4AI score0.95683EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2022/02/22 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-15715

In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the...

8.1CVSS6.7AI score0.86006EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/02/22 12:0 a.m.•1 views

VulnCheck KEV: CVE-2019-10098

In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL...

6.1CVSS6.7AI score0.73981EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/02/22 12:0 a.m.•2 views

VulnCheck KEV: CVE-2018-11763

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol...

5.9CVSS6.5AI score0.51002EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/02/20 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-13982

SPON IP Network Broadcast System, a digital audio transmission platform developed by SPON Communications, contains an arbitrary file read vulnerability in the rjgettoken.php endpoint. The flaw arises from insufficient input validation on the jsondataurl parameter, which allows attackers to...

8.7CVSS5.9AI score0.00985EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/02/18 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-25335

RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for setMultipleAllowances. This enables token manipulation, as exploited in the wild in February 2022. NOTE: although 2022-02-17 is the vendor's vulnerability announcement date, the vulnerability will not be remediated until a major...

7.5CVSS7.1AI score0.0126EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/02/14 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-0429

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability...

6.1CVSS6.4AI score0.01378EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/02/14 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-24086

Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution...

10CVSS7.7AI score0.99199EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2022/02/10 12:0 a.m.•2 views

VulnCheck KEV: CVE-2014-4404

Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context...

9.3CVSS7.7AI score0.49049EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2022/02/10 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-22620

Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on...

8.8CVSS7.3AI score0.16342EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/02/10 12:0 a.m.•3 views

VulnCheck KEV: CVE-2015-1130

The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges...

7.8CVSS7.3AI score0.09887EPSS
Exploits16References1
VulnCheck KEV
VulnCheck KEV
•added 2022/02/10 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-0609

Google Chromium Animation contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft...

8.8CVSS7.5AI score0.23546EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/02/09 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-36934

If a Volume Shadow Copy VSS shadow copy of the system drive is available, users can read the SAM file which would allow any user to escalate privileges to SYSTEM level...

7.8CVSS7.3AI score0.67252EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2022/02/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2022-0441

The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin...

9.8CVSS7.3AI score0.84943EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/28 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-20038

SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution...

9.8CVSS7.9AI score0.99912EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/26 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-1000001

In glibc 2.26 and earlier there is confusion in the usage of getcwd by realpath which can be used to write before the destination buffer leading to a buffer underflow and potential code execution...

7.8CVSS7.4AI score0.13614EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/26 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-9546

SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service...

9.8CVSS7.3AI score0.02776EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/26 12:0 a.m.•3 views

VulnCheck KEV: CVE-2022-22587

Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges...

10CVSS7.7AI score0.11638EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/26 12:0 a.m.•3 views

VulnCheck KEV: CVE-2013-0322

Cross-site scripting XSS vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field...

4.3CVSS6AI score0.01161EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/26 12:0 a.m.•8 views

VulnCheck KEV: CVE-2019-16647

Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows...

9CVSS7AI score0.01961EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/26 12:0 a.m.•2 views

VulnCheck KEV: CVE-2017-5930

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check...

3.5CVSS5.8AI score0.14953EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/26 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-15302

In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver e.g., cpuz143x64.sys for version 1.43 that can result in information disclosure or elevation of privileges, because of an arbitrary read of any physical address via ioctl 0x9C402604. Any application running...

7.8CVSS7.2AI score0.00379EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2022/01/26 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-5963

An issue was discovered in caddy for TYPO3 before 7.2.10. The vulnerability exists due to insufficient filtration of user-supplied data in the "paymillToken" HTTP POST parameter passed to the "caddy/Resources/Public/JavaScript/e-payment/paymill/api/php/payment.php" URL. An attacker could...

6.1CVSS6.4AI score0.01027EPSS
Exploits1References1
Total number of security vulnerabilities4985