4985 matches found
VulnCheck KEV: CVE-2021-0920
Android kernel contains a race condition, which allows for a use-after-free vulnerability. Exploitation can allow for privilege escalation...
VulnCheck KEV: CVE-2020-5847
Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable with CVE-2020-5849 for initial access...
VulnCheck KEV: CVE-2019-16256
SIMalliance Toolbox Browser contains an command injection vulnerability that could allow remote attackers to retrieve location and IMEI information or execute a range of other attacks by modifying the attack message...
VulnCheck KEV: CVE-2016-3235
Microsoft Office Object Linking & Embedding OLE dynamic link library DLL contains a side loading vulnerability due to it improperly validating input before loading libraries. Successful exploitation allows for remote code execution...
VulnCheck KEV: CVE-2020-4427
IBM Data Risk Manager contains a security bypass vulnerability that could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication...
VulnCheck KEV: CVE-2020-5735
Amcrest cameras and NVR contain a stack-based buffer overflow vulnerability through port 37777 that allows an unauthenticated, remote attacker to crash the device and possibly execute code...
VulnCheck KEV: CVE-2019-7481
SonicWall SMA100 contains a SQL injection vulnerability allowing an unauthenticated user to gain read-only access to unauthorized resources...
VulnCheck KEV: CVE-2018-15961
Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution...
VulnCheck KEV: CVE-2020-10221
rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fileName POST parameter...
VulnCheck KEV: CVE-2020-0646
Microsoft .NET Framework contains an improper input validation vulnerability that allows for remote code execution...
VulnCheck KEV: CVE-2018-0171
Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected device, cause a denial-of-service DoS condition, or perform code execution on the affected device...
VulnCheck KEV: CVE-2018-15811
DotNetNuke DNN contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters...
VulnCheck KEV: CVE-2020-3580
Cisco Adaptive Security Appliance ASA and Firepower Threat Defense FTD contain an insufficient input validation vulnerability for user-supplied input by the web services interface. Successful exploitation could allow an attacker to perform cross-site scripting XSS in the context of the...
VulnCheck KEV: CVE-2020-0878
Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user...
VulnCheck KEV: CVE-2020-3161
Cisco IP Phones contain an improper input validation vulnerability for HTTP requests. Exploitation could allow an attacker to execute code remotely with root privileges or cause a denial-of-service DoS condition...
VulnCheck KEV: CVE-2021-36955
Microsoft Windows Common Log File System CLFS driver contains an unspecified vulnerability that allows for privilege escalation...
VulnCheck KEV: CVE-2019-0211
Apache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute code with the privileges of the parent process usually root by manipulating the scoreboard...
VulnCheck KEV: CVE-2020-4430
IBM Data Risk Manager contains a directory traversal vulnerability that could allow a remote authenticated attacker to traverse directories and send a specially crafted URL request to download arbitrary files from the system...
VulnCheck KEV: CVE-2020-4428
IBM Data Risk Manager contains an unspecified vulnerability which could allow a remote, authenticated attacker to execute commands on the system.�...
VulnCheck KEV: CVE-2019-17558
The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution...
VulnCheck KEV: CVE-2020-0683
Microsoft Windows Installer contains a privilege escalation vulnerability when MSI packages process symbolic links, which allows attackers to bypass access restrictions to add or remove files...
VulnCheck KEV: CVE-2020-10199
Sonatype Nexus Repository contains an unspecified vulnerability that allows for remote code execution...
VulnCheck KEV: CVE-2020-8655
EyesOfNetwork contains an improper privilege management vulnerability that may allow a user to run commands as root via a crafted Nmap Scripting Engine NSE script to nmap7...
VulnCheck KEV: CVE-2020-5849
Unraid contains an authentication bypass vulnerability that allows attackers to gain access to the administrative interface. This CVE is chainable with CVE-2020-5847 for remote code execution...
VulnCheck KEV: CVE-2018-18325
DotNetNuke DNN contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. This CVE ID resolves an incomplete patch for CVE-2018-15811...
VulnCheck KEV: CVE-2020-3452
Cisco Adaptive Security Appliance ASA and Firepower Threat Defense FTD contain an improper input validation vulnerability when HTTP requests process URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an...
VulnCheck KEV: CVE-2021-22205
GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files...
VulnCheck KEV: CVE-2020-3950
VMware Fusion, Remote Console VMRC for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries that allows attackers to escalate privileges to root...
VulnCheck KEV: CVE-2020-14883
Oracle WebLogic Server contains an unspecified vulnerability in the Console component with high impacts to confidentilaity, integrity, and availability...
VulnCheck KEV: CVE-2020-8657
EyesOfNetwork contains a use of hard-coded credentials vulnerability, as it uses the same API key by default. Exploitation allows an attacker to calculate or guess the admin access token...
VulnCheck KEV: CVE-2020-10181
Sumavision Enhanced Multimedia Router EMR contains a cross-site request forgery CSRF vulnerability allowing the creation of users with elevated privileges as administrator on a device...
VulnCheck KEV: CVE-2021-23874
McAfee Total Protection MTP contains an improper privilege management vulnerability that allows a local user to gain elevated privileges and execute code, bypassing MTP self-defense...
VulnCheck KEV: CVE-2020-8599
Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login...
VulnCheck KEV: CVE-2019-0541
Microsoft MSHTML engine contains an improper input validation vulnerability that allows for remote code execution vulnerability...
VulnCheck KEV: CVE-2019-3398
Atlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote attacker to write files. Exploitation can lead to remote code execution...
VulnCheck KEV: CVE-2016-3718
ImageMagick contains an unspecified vulnerability that allows attackers to perform server-side request forgery SSRF via a crafted image...
VulnCheck KEV: CVE-2016-0185
Microsoft Windows Media Center contains a remote code execution vulnerability when Windows Media Center opens a specially crafted Media Center link .mcl file that references malicious code...
VulnCheck KEV: CVE-2019-15949
Nagios XI contains a remote code execution vulnerability in which a user can modify the checkplugin executable and insert malicious commands to execute as root...
VulnCheck KEV: CVE-2016-3643
SolarWinds Virtualization Manager allows for privilege escalation through leveraging a misconfiguration of sudo...
VulnCheck KEV: CVE-2020-9859
Apple iOS, iPadOS, macOS, watchOS, and tvOS contain an unspecified vulnerability that may allow an application to execute code with kernel privileges...
VulnCheck KEV: CVE-2021-35464
ForgeRock Access Management AM Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints /ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame to execute code in the context of the current user unless ForgeRock AM is running as root...
VulnCheck KEV: CVE-2016-3715
ImageMagick contains an unspecified vulnerability that could allow users to delete files by using ImageMagick's 'ephemeral' pseudo protocol, which deletes files after reading...
VulnCheck KEV: CVE-2016-4437
Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been configured for the "remember me" feature...
VulnCheck KEV: CVE-2020-17144
Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution...
VulnCheck KEV: CVE-2020-29583
Zyxel firewalls ATP, USG, VM and AP Controllers NXC2500 and NXC5500 contain a use of hard-coded credentials vulnerability in an undocumented account "zyfwp" with an unchangeable password...
VulnCheck KEV: CVE-2020-3952
VMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service vmdir when the Platform Services Controller PSC does not correctly implement access controls. Successful exploitation allows an attacker with network access to port 389 to extract...
VulnCheck KEV: CVE-2017-9805
Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads...
VulnCheck KEV: CVE-2020-8644
PlaySMS contains a server-side template injection vulnerability that allows for remote code execution...
VulnCheck KEV: CVE-2019-20085
TVT devices utilizing NVMS-1000 software contain a directory traversal vulnerability via GET /.. requests...
VulnCheck KEV: CVE-2019-4716
IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting...