Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2019/09/30 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-8771

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy...

6.1CVSS6.7AI score0.00983EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/09/26 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-2215

Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. This vulnerability was observed chained with CVE-2020-0041 and CVE-2020-0069 under exploit chain "AbstractEmu."...

7.8CVSS7.2AI score0.72105EPSS
Exploits35References1
VulnCheck KEV
VulnCheck KEV
•added 2019/09/24 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-5825

Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...

6.5CVSS7AI score0.55925EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2019/09/24 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-5030

Google Chromium V8 Engine contains a memory corruption vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera...

8.8CVSS7.1AI score0.41603EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/09/24 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-17463

Google Chromium V8 Engine contains an unspecified vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and...

8.8CVSS7.5AI score0.83898EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2019/09/24 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-17480

Google Chromium V8 Engine contains out-of-bounds write vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge,...

8.8CVSS7.4AI score0.34292EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/09/24 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-5070

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge,...

8.8CVSS7.4AI score0.31212EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/09/24 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-6065

Google Chromium V8 Engine contains an integer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft...

8.8CVSS7.4AI score0.58822EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2019/09/24 12:0 a.m.•2 views

VulnCheck KEV: CVE-2016-5198

Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code execution, via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not...

8.8CVSS7.4AI score0.34703EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/09/24 12:0 a.m.•6 views

VulnCheck KEV: CVE-2016-1646

Google Chromium V8 Engine contains an out-of-bounds read vulnerability that allows a remote attacker to cause a denial of service or possibly have another unspecified impact via crafted JavaScript code. This vulnerability could affect multiple web browsers that utilize Chromium, including, but...

9.3CVSS7.3AI score0.4811EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/09/24 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-25216

The Rich Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the POST body 'update' parameter in versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS5.9AI score0.00502EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/09/23 12:0 a.m.•2 views

VulnCheck KEV: CVE-2019-16057

The loginmgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution...

10CVSS7.5AI score0.8721EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/09/23 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-1367

Microsoft Internet Explorer contains a memory corruption vulnerability in how the scripting engine handles objects in memory. Successful exploitation allows for remote code execution in the context of the current user...

7.6CVSS7.6AI score0.52729EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/09/16 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-25297

Poll, Survey & Quiz Maker Plugin by Opinion Stage Wordpress plugin versions prior to 19.6.25 contain a stored cross-site scripting XSS vulnerability via multiple parameters due to insufficient input validation and output escaping. An unauthenticated attacker can inject arbitrary script into...

5.1CVSS5.8AI score0.00456EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/09/11 12:0 a.m.•8 views

VulnCheck KEV: CVE-2019-16257

Some Motorola devices include the SIMalliance Toolbox Browser aka S@T Browser on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit STK instructions in an SMS message, aka Simjacker...

9.8CVSS7.4AI score0.0208EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/09/10 12:0 a.m.•6 views

VulnCheck KEV: CVE-2019-1214

Microsoft Windows Common Log File System CLFS driver improperly handles objects in memory which can allow for privilege escalation...

7.8CVSS6.5AI score0.01419EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/09/10 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-1215

Microsoft Windows contains an unspecified vulnerability due to the way ws2ifsl.sys Winsock handles objects in memory, allowing for privilege escalation. Successful exploitation allows an attacker to execute code with elevated privileges...

7.8CVSS6.7AI score0.19254EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2019/09/01 12:0 a.m.•5 views

VulnCheck KEV: CVE-2007-1036

The default configuration of JBoss does not restrict access to the 1 console and 2 web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests...

7.5CVSS6.1AI score0.81832EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2019/08/28 12:0 a.m.•4 views

VulnCheck KEV: CVE-2005-0862

Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via the phpbbrootpath parameter to 1 pocloginform.php or 2 phpbb/poc.php, the pocrootpath parameter to 3 phpbb/poc.php, 4...

7.5CVSS6.1AI score0.10918EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/08/05 12:0 a.m.•5 views

VulnCheck KEV: CVE-2019-15774

The nd-booking plugin before 2.5 for WordPress has a nopriv AJAX action that allows modification of the siteurl setting...

6.1CVSS6.4AI score0.01731EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/08/01 12:0 a.m.•5 views

VulnCheck KEV: CVE-2019-0708

Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests. Successful exploitation allows for remote code execution. The...

10CVSS7.3AI score0.99999EPSS
Exploits123References1
VulnCheck KEV
VulnCheck KEV
•added 2019/07/31 12:0 a.m.•5 views

VulnCheck KEV: CVE-2021-41506

Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI351850H10LS39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4.02.R11.7601.Nat.Onvif.20170424, V4.02.R11.Nat.Onvif.20170327, V4.02.R11.Nat.Onvif.20161205,...

10CVSS7.3AI score0.02106EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/07/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-8978

An improper authentication vulnerability can be exploited through a race condition that occurs in Ellucian Banner Web Tailor 8.8.3, 8.8.4, and 8.9 and Banner Enterprise Identity Services 8.3, 8.3.1, 8.3.2, and 8.4, in conjunction with SSO Manager. This vulnerability allows remote attackers to...

8.1CVSS7.1AI score0.05858EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/07/19 12:0 a.m.•5 views

VulnCheck KEV: CVE-2019-14206

An Arbitrary File Deletion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to delete arbitrary files via the $REQUEST'adaptive-images-settings' parameter in adaptive-images-script.php...

7.5CVSS7.3AI score0.04728EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2019/07/09 12:0 a.m.•2 views

VulnCheck KEV: CVE-2019-0880

A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity...

7.8CVSS7.3AI score0.02404EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/07/09 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-1132

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory...

7.8CVSS7.3AI score0.09788EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2019/06/20 12:0 a.m.•4 views

VulnCheck KEV: CVE-2019-11708

Mozilla Firefox and Thunderbird contain a sandbox escape vulnerability that could result in remote code execution...

10CVSS7.6AI score0.55874EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2019/06/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-18472

Western Digital WD My Book Live and WD My Book Live Duo all versions have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/languageconfiguration language parameter. It can be triggered by anyone who knows the IP address of the affected device, as exploited in...

10CVSS7.2AI score0.30284EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/06/18 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-18852

Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018...

9CVSS7.4AI score0.63797EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/06/18 12:0 a.m.•7 views

VulnCheck KEV: CVE-2019-11707

Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash...

8.8CVSS7AI score0.37951EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2019/06/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2009-2765

httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI...

8.3CVSS7.7AI score0.82504EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2019/06/13 12:0 a.m.•2 views

VulnCheck KEV: CVE-2019-12780

The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allow an attacker to execute commands without authentication...

9.8CVSS7.4AI score0.71992EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/06/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2013-7471

An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort...

9.8CVSS7AI score0.24044EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/06/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2009-0545

cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action...

10CVSS6.1AI score0.90732EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2019/06/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2017-14135

enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI...

10CVSS7.6AI score0.21842EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/06/13 12:0 a.m.•2 views

VulnCheck KEV: CVE-2016-10760

On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the pingipaddr parameter...

10CVSS7.3AI score0.03226EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/06/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2013-5758

cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files...

9CVSS6.1AI score0.11892EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2019/06/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-15887

MainAnalysisContent.asp in ASUS DSL-N12EC1 1.1.2.3345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request...

8.8CVSS7.6AI score0.03747EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/06/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-11138

The '/common/downloadagentinstaller.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution...

10CVSS7.5AI score0.91931EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2019/06/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2010-5330

Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi...

9.8CVSS7.3AI score0.34401EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2019/06/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2017-18377

An issue was discovered on Wireless IP Camera P2P WIFICAM cameras. There is Command Injection in the setftp.cgi script via shell metacharacters in the pwd variable, as demonstrated by a setftp.cgi?svr=192.168.1.1&port=21&user=ftp URI...

10CVSS7.3AI score0.06371EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/06/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2018-14933

NUUO NVRmini devices contain an OS command injection vulnerability. This vulnerability allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command...

10CVSS7.5AI score0.93746EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2019/06/13 12:0 a.m.•2 views

VulnCheck KEV: CVE-2018-20841

HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mactable request...

10CVSS7.5AI score0.47901EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/06/13 12:0 a.m.•6 views

VulnCheck KEV: CVE-2009-5157

On Linksys WAG54G2 1.00.10 devices, there is authenticated command injection via shell metacharacters in the setup.cgi c4pingipaddr variable...

9CVSS7.3AI score0.05825EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/06/13 12:0 a.m.•7 views

VulnCheck KEV: CVE-2017-5173

An Improper Neutralization of Special Elements in an OS command issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call...

10CVSS7.2AI score0.29578EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2019/06/13 12:0 a.m.•2 views

VulnCheck KEV: CVE-2016-6255

Portable UPnP SDK aka libupnp before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler...

7.5CVSS7.3AI score0.26818EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2019/06/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2009-5156

An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Command Injection via the cgi-bin/script query string...

10CVSS7.3AI score0.10922EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2019/06/12 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-7238

Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution...

9.8CVSS7.7AI score0.76526EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2019/06/12 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-20062

ThinkPHP "noneCms" contains an unspecified vulnerability that allows for remote code execution through crafted use of the filter parameter...

9.8CVSS8AI score0.9953EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2019/06/12 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-7297

Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. This vulnerability can be exploited by unauthenticated attackers with access to the web interface...

10CVSS7.5AI score0.64811EPSS
Exploits2References1
Total number of security vulnerabilities4985