4985 matches found
VulnCheck KEV: CVE-2021-38645
Microsoft Open Management Infrastructure OMI within Azure VM Management Extensions contains an unspecified vulnerability that allows for privilege escalation...
VulnCheck KEV: CVE-2020-24949
Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user not admin to send a crafted request to the server and perform remote command execution RCE...
VulnCheck KEV: CVE-2021-38647
Microsoft Open Management Infrastructure OMI within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution...
VulnCheck KEV: CVE-2021-40539
Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution...
VulnCheck KEV: CVE-2021-38000
Google Chromium Intents contains an improper input validation vulnerability that allows a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...
VulnCheck KEV: CVE-2021-30858
Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on...
VulnCheck KEV: CVE-2021-31010
In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions...
VulnCheck KEV: CVE-2020-8813
graphrealtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege...
VulnCheck KEV: CVE-2021-30632
Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...
VulnCheck KEV: CVE-2021-30633
Google Chromium Indexed DB API contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium,...
VulnCheck KEV: CVE-2021-26084
Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language OGNL injection vulnerability that may allow an unauthenticated attacker to execute code...
VulnCheck KEV: CVE-2021-30860
Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerability is also known under the moniker of FORCEDENTRY...
VulnCheck KEV: CVE-2021-40444
Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution...
VulnCheck KEV: CVE-2021-4374
The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the processform.php file. This makes it possible for unauthenticated attackers to arbitrarily update the...
VulnCheck KEV: CVE-2021-24654
The User Registration WordPress plugin before 2.0.2 does not properly sanitise the userregistrationprofilepicurl value when submitted directly via the userregistrationupdateprofiledetails AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored...
VulnCheck KEV: CVE-2021-4380
The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wppinterestautomaticparserequest' function and the 'processform.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated...
VulnCheck KEV: CVE-2013-2471
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to...
VulnCheck KEV: CVE-2021-32305
WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter...
VulnCheck KEV: CVE-2021-31207
Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass...
VulnCheck KEV: CVE-2021-34523
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation...
VulnCheck KEV: CVE-2021-34473
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution...
VulnCheck KEV: CVE-2021-38154
Certain Canon devices manufactured in 2012 through 2020 such as imageRUNNER ADVANCE iR-ADV C5250, when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker...
VulnCheck KEV: CVE-2021-35394
RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution...
VulnCheck KEV: CVE-2021-36942
Microsoft Windows Local Security Authority LSA contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM...
VulnCheck KEV: CVE-2021-35395
Realtek AP-Router SDK HTTP web server boa contains a buffer overflow vulnerability due to unsafe copies of some overly long parameters submitted in the form that lead to denial-of-service DoS...
VulnCheck KEV: CVE-2021-22899
Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles...
VulnCheck KEV: CVE-2021-22894
Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciously crafted meeting room...
VulnCheck KEV: CVE-2021-22900
Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface...
VulnCheck KEV: CVE-2014-2321
webshellcmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials...
VulnCheck KEV: CVE-2019-1108
An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Client Information Disclosure Vulnerability'...
VulnCheck KEV: CVE-2019-1225
An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an attacker would have to...
VulnCheck KEV: CVE-2015-1328
The overlayfs implementation in the linux aka Linux kernel package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs...
VulnCheck KEV: CVE-2019-1224
An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an attacker would have to...
VulnCheck KEV: CVE-2020-16896
An information disclosure vulnerability exists in Remote Desktop Protocol RDP when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s...
VulnCheck KEV: CVE-2021-28324
Windows SMB Information Disclosure Vulnerability...
VulnCheck KEV: CVE-2011-1823
The vold volume manager daemon in Android kernel trusts messages from a PFNETLINK socket, which allows an attacker to execute code and gain root privileges. This vulnerability is associated with GingerBreak and Exploit.AndroidOS.Lotoor...
VulnCheck KEV: CVE-2016-0193
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0186 and CVE-2016-0191...
VulnCheck KEV: CVE-2021-28442
Windows TCP/IP Information Disclosure Vulnerability...
VulnCheck KEV: CVE-2016-5165
Cross-site scripting XSS vulnerability in the Developer Tools aka DevTools subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a...
VulnCheck KEV: CVE-2016-7203
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200,...
VulnCheck KEV: CVE-2016-3377
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3350...
VulnCheck KEV: CVE-2020-29047
The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpresshotelbooking1 cookie in load in includes/class-wphb-sessions.php...
VulnCheck KEV: CVE-2017-5689
Intel products contain a vulnerability which can allow attackers to perform privilege escalation...
VulnCheck KEV: CVE-2017-0015
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user...
VulnCheck KEV: CVE-2018-8267
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from...
VulnCheck KEV: CVE-2016-3199
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3214...
VulnCheck KEV: CVE-2021-28482
Microsoft Exchange Server Remote Code Execution Vulnerability...
VulnCheck KEV: CVE-2014-0640
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors...
VulnCheck KEV: CVE-2016-3222
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."...
VulnCheck KEV: CVE-2018-0953
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951,...