Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2020/01/16 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-15718

The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications...

9.8CVSS7.3AI score0.03567EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2020/01/16 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-0193

The optional Apache Solr module DataImportHandler contains a code injection vulnerability...

9CVSS7.2AI score0.83547EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2020/01/16 12:0 a.m.•6 views

VulnCheck KEV: CVE-2020-7047

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability with a simple wp-admin/admin.php?db-reset-tables=users request to escalate their privileges to administrator while dropping all other users from the table...

9.9CVSS7.3AI score0.02463EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2020/01/14 12:0 a.m.•6 views

VulnCheck KEV: CVE-2020-0610

A remote code execution vulnerability exists in Windows Remote Desktop Gateway RD Gateway when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway RD Gateway Remote Code Execution Vulnerability'. This...

10CVSS8AI score0.6526EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2020/01/14 12:0 a.m.•5 views

VulnCheck KEV: CVE-2020-0601

Microsoft Windows CryptoAPI Crypt32.dll contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography ECC certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was...

8.1CVSS7AI score0.89436EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
•added 2020/01/14 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-0611

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'...

7.5CVSS8AI score0.0808EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2020/01/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2020-0609

A remote code execution vulnerability exists in Windows Remote Desktop Gateway RD Gateway when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway RD Gateway Remote Code Execution Vulnerability'. This...

10CVSS8AI score0.74897EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2020/01/08 12:0 a.m.•4 views

VulnCheck KEV: CVE-2016-1555

Multiple NETGEAR Wireless Access Point devices allows unauthenticated web pages to pass form input directly to the command-line interface. Exploitation allows for arbitrary code execution...

10CVSS7.5AI score0.98325EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2020/01/08 12:0 a.m.•3 views

VulnCheck KEV: CVE-2020-6166

A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.15, allows authenticated users with basic access to export settings and change maintenance-mode themes...

5.5CVSS6AI score0.0107EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2020/01/08 12:0 a.m.•5 views

VulnCheck KEV: CVE-2017-6077

NETGEAR DGN2200 wireless routers contain a vulnerability that allows for remote code execution...

10CVSS7.5AI score0.68201EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2020/01/08 12:0 a.m.•5 views

VulnCheck KEV: CVE-2018-9285

MainAnalysisContent.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.38410007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before...

10CVSS7.3AI score0.03613EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2020/01/08 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-6334

dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands...

9CVSS7.6AI score0.72199EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2020/01/08 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-6884

Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the pingip parameter to the...

9CVSS7.5AI score0.37634EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2020/01/08 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-3568

Cross-site request forgery CSRF vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors...

8.8CVSS7.3AI score0.25129EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2020/01/08 12:0 a.m.•5 views

VulnCheck KEV: CVE-2016-5679

cgi-bin/cgimain in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transferlicense command...

9CVSS7.6AI score0.14119EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2020/01/07 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-17026

Mozilla Firefox and Thunderbird contain a type confusion vulnerability due to incorrect alias information in the IonMonkey JIT compiler when setting array elements...

8.8CVSS7.4AI score0.46589EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2019/12/27 12:0 a.m.•8 views

VulnCheck KEV: CVE-2019-6340

In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases...

8.1CVSS7.9AI score0.91919EPSS
Exploits22References1
VulnCheck KEV
VulnCheck KEV
•added 2019/12/27 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-10149

Improper validation of recipient address in delivermessage function in /src/deliver.c may lead to remote command execution...

10CVSS7.5AI score0.99961EPSS
Exploits27References1
VulnCheck KEV
VulnCheck KEV
•added 2019/12/27 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-0903

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system...

9.3CVSS7.7AI score0.21713EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/12/26 12:0 a.m.•2 views

VulnCheck KEV: CVE-2014-0498

Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows...

10CVSS6.2AI score0.07223EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/12/24 12:0 a.m.•5 views

VulnCheck KEV: CVE-2017-17733

Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search request...

9.8CVSS7.5AI score0.44095EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/12/24 12:0 a.m.•8 views

VulnCheck KEV: CVE-2019-16662

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution...

10CVSS7.5AI score0.97702EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2019/12/24 12:0 a.m.•5 views

VulnCheck KEV: CVE-2019-11043

In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution...

9.8CVSS7.2AI score0.9947EPSS
Exploits54References1
VulnCheck KEV
VulnCheck KEV
•added 2019/12/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-19915

The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users with subscriber or greater access to modify, delete, or inject redirect rules, and exploit XSS, with the /admin-ajax.php?action=epsredirectsave and /admin-ajax.php?action=epsredirectdelete actions...

9CVSS7.3AI score0.00859EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2019/12/17 12:0 a.m.•6 views

VulnCheck KEV: CVE-2017-16608

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper validation of a...

9.8CVSS7.7AI score0.04232EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/12/17 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-15107

An issue was discovered in Webmin. The parameter old in passwordchange.cgi contains a command injection vulnerability...

10CVSS7.5AI score0.99766EPSS
Exploits37References1
VulnCheck KEV
VulnCheck KEV
•added 2019/12/17 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-14927

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file which contains data such as usernames,...

7.5CVSS7.1AI score0.41847EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2019/12/17 12:0 a.m.•2 views

VulnCheck KEV: CVE-2016-0752

Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files...

7.5CVSS6.9AI score0.95537EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2019/12/13 12:0 a.m.•2 views

VulnCheck KEV: CVE-2017-16602

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

8.8CVSS7.6AI score0.03152EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/12/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-17270

Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?command=COMMAND" page and parameter, where COMMAND will be executed and returning the results to the client. Affects Yachtcontrol webservers...

10CVSS7.3AI score0.58879EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2019/12/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-14127

Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OIFwv7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mntping.cgi...

10CVSS7.5AI score0.02689EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/12/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2019-16072

An OS command injection vulnerability in the discoverandmanage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ipaddress variable within an snmpbrowser action...

10CVSS7.6AI score0.25279EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2019/12/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2006-4000

Directory traversal vulnerability in cgi-bin/previewemail.cgi in Barracuda Spam Firewall BSF 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. dot dot in the file parameter...

4CVSS5.9AI score0.05725EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/12/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2019-14931

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to...

10CVSS7.6AI score0.5766EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2019/12/13 12:0 a.m.•2 views

VulnCheck KEV: CVE-2013-5912

VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action...

10CVSS6.2AI score0.31428EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/12/13 12:0 a.m.•2 views

VulnCheck KEV: CVE-2019-18396

An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OIFwV20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to mntping.cgi. NOTE: This...

9CVSS7.4AI score0.16206EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2019/12/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2017-6316

A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could result in an unauthenticated, remote attacker being able to execute arbitrary code as a root user. This vulnerability...

10CVSS7.6AI score0.72596EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2019/12/10 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-1458

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP...

7.8CVSS7.3AI score0.74438EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2019/11/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-19985

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure...

5.8CVSS6.3AI score0.71399EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2019/11/12 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-1429

Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user...

7.6CVSS7.7AI score0.72626EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2019/10/29 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-13720

Google Chrome WebAudio contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.3AI score0.72977EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2019/10/28 12:0 a.m.•5 views

VulnCheck KEV: CVE-2019-18187

Trend Micro OfficeScan contains a directory traversal vulnerability by extracting files from a zip file to a specific folder on the OfficeScan server, leading to remote code execution...

8.8CVSS7.4AI score0.25125EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/10/09 12:0 a.m.•2 views

VulnCheck KEV: CVE-2019-16759

The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request...

9.8CVSS8AI score0.99728EPSS
Exploits27References1
VulnCheck KEV
VulnCheck KEV
•added 2019/10/02 12:0 a.m.•4 views

VulnCheck KEV: CVE-2014-0810

Unspecified vulnerability in JustSystems Sanshiro 2007 before update 3, 2008 before update 5, 2009 before update 6, and 2010 before update 6, and Sanshiro Viewer before 2.0.2.0, allows remote attackers to execute arbitrary code via a crafted document...

7.5CVSS6.2AI score0.03498EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/10/02 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-1579

Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled...

8.1CVSS7.5AI score0.39317EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/10/02 12:0 a.m.•5 views

VulnCheck KEV: CVE-2019-11539

Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands...

8CVSS7.2AI score0.98617EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
•added 2019/10/02 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-13379

Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests...

9.8CVSS7.4AI score0.99999EPSS
Exploits22References1
VulnCheck KEV
VulnCheck KEV
•added 2019/10/02 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-13382

An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password...

9.1CVSS7.1AI score0.81691EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2019/10/02 12:0 a.m.•2 views

VulnCheck KEV: CVE-2018-13383

A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users...

6.5CVSS7AI score0.33647EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/09/30 12:0 a.m.•6 views

VulnCheck KEV: CVE-2019-17049

NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account...

7.5CVSS7.2AI score0.0113EPSS
Exploits1References1
Total number of security vulnerabilities4985