Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2021/11/05 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-0920

Android kernel contains a race condition, which allows for a use-after-free vulnerability. Exploitation can allow for privilege escalation...

6.9CVSS6.7AI score0.00811EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-5847

Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable with CVE-2020-5849 for initial access...

10CVSS7.5AI score0.95844EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-16256

SIMalliance Toolbox Browser contains an command injection vulnerability that could allow remote attackers to retrieve location and IMEI information or execute a range of other attacks by modifying the attack message...

9.8CVSS7.4AI score0.04949EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•6 views

VulnCheck KEV: CVE-2016-3235

Microsoft Office Object Linking & Embedding OLE dynamic link library DLL contains a side loading vulnerability due to it improperly validating input before loading libraries. Successful exploitation allows for remote code execution...

9.3CVSS7.4AI score0.43431EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-4427

IBM Data Risk Manager contains a security bypass vulnerability that could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication...

9.8CVSS7.3AI score0.70031EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•7 views

VulnCheck KEV: CVE-2020-5735

Amcrest cameras and NVR contain a stack-based buffer overflow vulnerability through port 37777 that allows an unauthenticated, remote attacker to crash the device and possibly execute code...

8.8CVSS7.7AI score0.35643EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•7 views

VulnCheck KEV: CVE-2019-7481

SonicWall SMA100 contains a SQL injection vulnerability allowing an unauthenticated user to gain read-only access to unauthorized resources...

7.5CVSS7.4AI score0.99906EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•2 views

VulnCheck KEV: CVE-2018-15961

Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution...

10CVSS7.5AI score0.9995EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-10221

rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fileName POST parameter...

9CVSS7.5AI score0.36754EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•5 views

VulnCheck KEV: CVE-2020-0646

Microsoft .NET Framework contains an improper input validation vulnerability that allows for remote code execution...

10CVSS7.5AI score0.99193EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-0171

Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected device, cause a denial-of-service DoS condition, or perform code execution on the affected device...

10CVSS7.8AI score0.9951EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•5 views

VulnCheck KEV: CVE-2018-15811

DotNetNuke DNN contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters...

7.5CVSS7.1AI score0.74048EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•5 views

VulnCheck KEV: CVE-2020-3580

Cisco Adaptive Security Appliance ASA and Firepower Threat Defense FTD contain an insufficient input validation vulnerability for user-supplied input by the web services interface. Successful exploitation could allow an attacker to perform cross-site scripting XSS in the context of the...

6.1CVSS6.8AI score0.85439EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•5 views

VulnCheck KEV: CVE-2020-0878

Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user...

7.5CVSS6.9AI score0.02696EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-3161

Cisco IP Phones contain an improper input validation vulnerability for HTTP requests. Exploitation could allow an attacker to execute code remotely with root privileges or cause a denial-of-service DoS condition...

10CVSS7.4AI score0.83734EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-36955

Microsoft Windows Common Log File System CLFS driver contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.1AI score0.03054EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•6 views

VulnCheck KEV: CVE-2019-0211

Apache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute code with the privileges of the parent process usually root by manipulating the scoreboard...

7.8CVSS7AI score0.65005EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-4430

IBM Data Risk Manager contains a directory traversal vulnerability that could allow a remote authenticated attacker to traverse directories and send a specially crafted URL request to download arbitrary files from the system...

4.3CVSS6.3AI score0.68544EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-4428

IBM Data Risk Manager contains an unspecified vulnerability which could allow a remote, authenticated attacker to execute commands on the system.�...

9.1CVSS7.4AI score0.61692EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•5 views

VulnCheck KEV: CVE-2019-17558

The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution...

7.5CVSS7.4AI score0.98567EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•5 views

VulnCheck KEV: CVE-2020-0683

Microsoft Windows Installer contains a privilege escalation vulnerability when MSI packages process symbolic links, which allows attackers to bypass access restrictions to add or remove files...

7.8CVSS7.1AI score0.07667EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-10199

Sonatype Nexus Repository contains an unspecified vulnerability that allows for remote code execution...

9CVSS7.5AI score0.99064EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-8655

EyesOfNetwork contains an improper privilege management vulnerability that may allow a user to run commands as root via a crafted Nmap Scripting Engine NSE script to nmap7...

9.3CVSS7.2AI score0.58076EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-5849

Unraid contains an authentication bypass vulnerability that allows attackers to gain access to the administrative interface. This CVE is chainable with CVE-2020-5847 for remote code execution...

10CVSS7.4AI score0.95844EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-18325

DotNetNuke DNN contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. This CVE ID resolves an incomplete patch for CVE-2018-15811...

7.5CVSS7.1AI score0.74048EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-3452

Cisco Adaptive Security Appliance ASA and Firepower Threat Defense FTD contain an improper input validation vulnerability when HTTP requests process URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an...

7.5CVSS7.3AI score0.99992EPSS
Exploits24References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-22205

GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files...

10CVSS7.6AI score0.99731EPSS
Exploits30References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•7 views

VulnCheck KEV: CVE-2020-3950

VMware Fusion, Remote Console VMRC for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries that allows attackers to escalate privileges to root...

7.8CVSS7.1AI score0.07254EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-14883

Oracle WebLogic Server contains an unspecified vulnerability in the Console component with high impacts to confidentilaity, integrity, and availability...

9CVSS7.3AI score0.97929EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-8657

EyesOfNetwork contains a use of hard-coded credentials vulnerability, as it uses the same API key by default. Exploitation allows an attacker to calculate or guess the admin access token...

9.8CVSS7.3AI score0.91874EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-10181

Sumavision Enhanced Multimedia Router EMR contains a cross-site request forgery CSRF vulnerability allowing the creation of users with elevated privileges as administrator on a device...

9.8CVSS7.2AI score0.14209EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-23874

McAfee Total Protection MTP contains an improper privilege management vulnerability that allows a local user to gain elevated privileges and execute code, bypassing MTP self-defense...

8.2CVSS7.1AI score0.01026EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•5 views

VulnCheck KEV: CVE-2020-8599

Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login...

10CVSS7.3AI score0.11576EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-0541

Microsoft MSHTML engine contains an improper input validation vulnerability that allows for remote code execution vulnerability...

9.3CVSS7.7AI score0.53202EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-3398

Atlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote attacker to write files. Exploitation can lead to remote code execution...

9CVSS7.5AI score0.97153EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•5 views

VulnCheck KEV: CVE-2016-3718

ImageMagick contains an unspecified vulnerability that allows attackers to perform server-side request forgery SSRF via a crafted image...

5.5CVSS6.4AI score0.76897EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•6 views

VulnCheck KEV: CVE-2016-0185

Microsoft Windows Media Center contains a remote code execution vulnerability when Windows Media Center opens a specially crafted Media Center link .mcl file that references malicious code...

9.3CVSS7.7AI score0.6994EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-15949

Nagios XI contains a remote code execution vulnerability in which a user can modify the checkplugin executable and insert malicious commands to execute as root...

9CVSS7.9AI score0.77741EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2016-3643

SolarWinds Virtualization Manager allows for privilege escalation through leveraging a misconfiguration of sudo...

7.8CVSS7.1AI score0.03704EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•6 views

VulnCheck KEV: CVE-2020-9859

Apple iOS, iPadOS, macOS, watchOS, and tvOS contain an unspecified vulnerability that may allow an application to execute code with kernel privileges...

7.8CVSS7.4AI score0.00829EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•7 views

VulnCheck KEV: CVE-2021-35464

ForgeRock Access Management AM Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints /ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame to execute code in the context of the current user unless ForgeRock AM is running as root...

10CVSS7.6AI score0.99999EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2016-3715

ImageMagick contains an unspecified vulnerability that could allow users to delete files by using ImageMagick's 'ephemeral' pseudo protocol, which deletes files after reading...

5.8CVSS6.4AI score0.75383EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2016-4437

Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been configured for the "remember me" feature...

9.8CVSS7.3AI score0.93143EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-17144

Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution...

8.8CVSS7.7AI score0.36514EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-29583

Zyxel firewalls ATP, USG, VM and AP Controllers NXC2500 and NXC5500 contain a use of hard-coded credentials vulnerability in an undocumented account "zyfwp" with an unchangeable password...

10CVSS7.5AI score0.90049EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-3952

VMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service vmdir when the Platform Services Controller PSC does not correctly implement access controls. Successful exploitation allows an attacker with network access to port 389 to extract...

9.8CVSS7.3AI score0.90384EPSS
Exploits20References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•7 views

VulnCheck KEV: CVE-2017-9805

Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads...

8.1CVSS7.6AI score0.99461EPSS
Exploits23References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•7 views

VulnCheck KEV: CVE-2020-8644

PlaySMS contains a server-side template injection vulnerability that allows for remote code execution...

9.8CVSS7.5AI score0.86689EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•2 views

VulnCheck KEV: CVE-2019-20085

TVT devices utilizing NVMS-1000 software contain a directory traversal vulnerability via GET /.. requests...

7.5CVSS7.1AI score0.96071EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2021/11/03 12:0 a.m.•2 views

VulnCheck KEV: CVE-2019-4716

IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting...

10CVSS7.2AI score0.86441EPSS
Exploits6References1
Total number of security vulnerabilities4985