Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•5 views

VulnCheck KEV: CVE-2017-0067

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user...

7.6CVSS7.9AI score0.1523EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•2 views

VulnCheck KEV: CVE-2018-0955

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from...

7.6CVSS7.7AI score0.14443EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•11 views

VulnCheck KEV: CVE-2016-3206

The Microsoft 1 JScript 5.8 and 2 VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption...

7.6CVSS7.5AI score0.1466EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•11 views

VulnCheck KEV: CVE-2016-3205

The Microsoft 1 JScript 5.8 and 2 VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption...

7.6CVSS7.5AI score0.1466EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-8133

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130,...

7.6CVSS7.7AI score0.5094EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-0141

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user...

7.6CVSS7.9AI score0.4817EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•2 views

VulnCheck KEV: CVE-2019-3369

Atlassian Confluence and Data Center is vulnerable to a remote code execution vulnerability in the 'widget connector' component. The issue lies in a server-side template injection weakness...

6.4AI score
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•9 views

VulnCheck KEV: CVE-2016-0191

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0186 and CVE-2016-0193...

7.6CVSS7.5AI score0.28261EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-8114

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951,...

7.6CVSS7.7AI score0.51857EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•9 views

VulnCheck KEV: CVE-2016-3207

The Microsoft 1 JScript 5.8 and 2 VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption...

7.6CVSS7.5AI score0.17401EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•2 views

VulnCheck KEV: CVE-2008-2551

The DownloaderActiveX Control DownloaderActiveX.ocx in Icona SpA C6 Messenger 1.0.0.1 allows remote attackers to force the download and execution of arbitrary files via a URL in the propDownloadUrl parameter with the propPostDownloadAction parameter set to "run."...

9.3CVSS6.1AI score0.46936EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-8601

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory...

7.6CVSS7.5AI score0.66911EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•4 views

VulnCheck KEV: CVE-2010-3336

Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."...

9.3CVSS6.2AI score0.23915EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•2 views

VulnCheck KEV: CVE-2017-8598

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory...

7.6CVSS7.5AI score0.08891EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•6 views

VulnCheck KEV: CVE-2018-8122

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951,...

7.6CVSS7.7AI score0.51857EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•5 views

VulnCheck KEV: CVE-2013-2460

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from...

9.3CVSS7.5AI score0.70248EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•10 views

VulnCheck KEV: CVE-2016-3210

The Microsoft 1 JScript and 2 VBScript engines, as used in Internet Explorer 11, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."...

9.3CVSS7.7AI score0.21862EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•6 views

VulnCheck KEV: CVE-2016-7242

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200,...

8.8CVSS7.6AI score0.8249EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•6 views

VulnCheck KEV: CVE-2015-7547

Multiple stack-based buffer overflows in the 1 senddg and 2 sendvc functions in the libresolv library in the GNU C Library aka glibc or libc6 before 2.23 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted DNS response that triggers...

8.1CVSS8AI score0.89557EPSS
Exploits17References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-8275

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8279, CVE-2018-83...

7.6CVSS7.8AI score0.71043EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•6 views

VulnCheck KEV: CVE-2011-0097

Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary...

9.3CVSS5.9AI score0.38221EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/17 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-8605

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory...

7.6CVSS7.5AI score0.08967EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/16 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-30533

Google Chromium PopupBlocker contains an insufficient policy enforcement vulnerability that allows a remote attacker to bypass navigation restrictions via a crafted iframe. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...

6.5CVSS7.1AI score0.16611EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/16 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-1765

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy...

6.5CVSS6.9AI score0.01408EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/12 12:0 a.m.•11 views

VulnCheck KEV: CVE-2022-22972

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate...

9.8CVSS7.4AI score0.52813EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/11 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-36742

Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation...

7.8CVSS7.2AI score0.01482EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/11 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-36741

Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker to upload files...

8.8CVSS7.2AI score0.04951EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/10 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-36948

Microsoft Windows Update Medic Service contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.3AI score0.1991EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/10 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-1675

Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution...

9.3CVSS7.6AI score0.86132EPSS
Exploits63References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/06 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-22506

Micro Focus Access Manager contains an information leakage vulnerability resulting from a SAML service provider redirection issue when the Assertion Consumer Service URL is used...

7.5CVSS7.2AI score0.25695EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/06 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-20090

Arcadyan Buffalo firmware contains a path traversal vulnerability that could allow unauthenticated, remote attackers to bypass authentication and access sensitive information. This vulnerability affects multiple routers across several different vendors...

9.8CVSS7.3AI score0.99983EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/06 12:0 a.m.•7 views

VulnCheck KEV: CVE-2021-1497

Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the root user...

10CVSS7.5AI score0.99928EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/04 12:0 a.m.•4 views

VulnCheck KEV: CVE-2016-0545

Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-0551,...

6.4CVSS7.5AI score0.02272EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/08/04 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-14750

Oracle WebLogic Server contains an unspecified vulnerability allowing an unauthenticated attacker to perform remote code execution. This vulnerability is related to CVE-2020-14882...

10CVSS7.7AI score0.99997EPSS
Exploits43References1
VulnCheck KEV
VulnCheck KEV
•added 2021/07/28 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-36195

An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of...

9.8CVSS7.5AI score0.01765EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/07/26 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-25487

Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in setskbpriv, leading to remote code execution by dereference of an invalid function pointer...

7.8CVSS8AI score0.0062EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/07/26 12:0 a.m.•7 views

VulnCheck KEV: CVE-2021-30807

Apple iOS, iPadOS, macOS, and watchOS IOMobileFrameBuffer contain a memory corruption vulnerability which may allow an application to execute code with kernel privileges...

9.3CVSS7.5AI score0.28839EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/07/23 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-32789

woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be...

7.5CVSS7.2AI score0.17227EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2021/07/21 12:0 a.m.•8 views

VulnCheck KEV: CVE-2021-34629

The SendGrid WordPress plugin is vulnerable to authorization bypass via the getajaxstatistics function found in the /lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8...

4.3CVSS5.7AI score0.00698EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/07/16 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-25489

Samsung mobile devices contain an improper input validation vulnerability within the modem interface driver that results in a format string bug leading to kernel panic...

5.5CVSS6.2AI score0.00518EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/07/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-34448

Microsoft Windows Scripting Engine contains an unspecified vulnerability that allows for memory corruption...

9.3CVSS7.1AI score0.3067EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/07/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2021-35211

SolarWinds Serv-U contains an unspecified memory escape vulnerability which can allow for remote code execution...

10CVSS7.7AI score0.9116EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2021/07/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-31979

Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.3AI score0.02634EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/07/13 12:0 a.m.•7 views

VulnCheck KEV: CVE-2021-33771

Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.3AI score0.06255EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/07/12 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-30563

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft...

8.8CVSS6.9AI score0.08928EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/07/06 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-30120

Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. The need to use 2FA for authentication in enforce client-side instead of server-side and can be bypassed using a local proxy. Thus rendering 2FA useless. Detailed description --- During the login process, after the user...

9.9CVSS7.3AI score0.05701EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2021/07/06 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-30119

Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site Scripting attack Example request:...

5.4CVSS6.9AI score0.59632EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/07/02 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-34527

Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation allows an attacker to perform remote code execution with SYSTEM privileges. The vulnerability is also known...

9CVSS7.9AI score0.99759EPSS
Exploits41References1
VulnCheck KEV
VulnCheck KEV
•added 2021/07/02 12:0 a.m.•6 views

VulnCheck KEV: CVE-2021-30116

Kaseya Virtual System/Server Administrator VSA contains an information disclosure vulnerability allowing an attacker to obtain the sessionId that can be used to execute further attacks against the system...

10CVSS7.4AI score0.85619EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2021/06/29 12:0 a.m.•8 views

VulnCheck KEV: CVE-2021-35941

Western Digital WD My Book Live 2.x and later and WD My Book Live Duo all versions have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472...

10CVSS7.2AI score0.30284EPSS
Exploits1References1
Total number of security vulnerabilities4985