Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2018/07/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-2679

Multiple cross-site scripting XSS vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the 1 logtype, 2 pingip, 3 pingsize, 4 submittype, or 5 tracerouteip parameter to apply.cgi or 6...

6.1CVSS6.9AI score0.19646EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2018/07/13 12:0 a.m.•2 views

VulnCheck KEV: CVE-2012-5958

Stack-based buffer overflow in the uniqueservicename function in ssdp/ssdpserver.c in the SSDP parser in the portable SDK for UPnP Devices aka libupnp, formerly the Intel SDK for UPnP devices before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted...

10CVSS7.9AI score0.82807EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2018/07/13 12:0 a.m.•2 views

VulnCheck KEV: CVE-2011-4723

The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information...

6.8CVSS6AI score0.03128EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2018/07/13 12:0 a.m.•2 views

VulnCheck KEV: CVE-2013-2678

Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submittype parameter...

8.1CVSS7.6AI score0.16873EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2018/07/11 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-8373

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer...

7.6CVSS7.8AI score0.61912EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2018/07/07 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-1000353

Jenkins contains a remote code execution vulnerability. This vulnerability that could allowed attackers to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would be deserialized using a new ObjectInputStream, bypassing the existing blocklist-based...

9.8CVSS7.6AI score0.99686EPSS
Exploits36References1
VulnCheck KEV
VulnCheck KEV
•added 2018/07/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2015-1770

Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document...

9.3CVSS6.2AI score0.35105EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2018/06/20 12:0 a.m.•4 views

VulnCheck KEV: CVE-2014-6322

The Windows Audio service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted web site, as demonstrated by execution of...

4.3CVSS6AI score0.12974EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2018/06/15 12:0 a.m.•2 views

VulnCheck KEV: CVE-2016-20017

D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter...

9.8CVSS7.5AI score0.6043EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2018/06/15 12:0 a.m.•2 views

VulnCheck KEV: CVE-2018-10088

Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725...

10CVSS7.3AI score0.40386EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2018/06/15 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-10562

Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution...

9.8CVSS7.7AI score0.9995EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2018/06/15 12:0 a.m.•3 views

VulnCheck KEV: CVE-2016-200017

...

5.8AI score
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2018/06/07 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-5002

Adobe Flash Player have a stack-based buffer overflow vulnerability that could lead to remote code execution...

10CVSS7.7AI score0.25353EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2018/06/06 12:0 a.m.•4 views

VulnCheck KEV: CVE-2014-2623

Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors...

10CVSS7.7AI score0.89394EPSS
Exploits20References1
VulnCheck KEV
VulnCheck KEV
•added 2018/06/01 12:0 a.m.•7 views

VulnCheck KEV: CVE-2016-3225

The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application that forwards an authentication...

7.8CVSS7.1AI score0.43493EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2018/06/01 12:0 a.m.•5 views

VulnCheck KEV: CVE-2018-1038

The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability."...

7.8CVSS7.3AI score0.08915EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2018/06/01 12:0 a.m.•5 views

VulnCheck KEV: CVE-2016-0099

A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator...

7.8CVSS7.3AI score0.37164EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
•added 2018/05/22 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-11329

The DrugDealer function of a smart contract implementation for Ether Cartel, an Ethereum game, allows attackers to take over the contract's ownership, aka ceoAnyone. After that, all the digital assets including Ether balance and tokens might be manipulated by the attackers, as exploited in...

7.5CVSS7.1AI score0.00882EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2018/05/19 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-11239

An integer overflow in the transfer function of a smart contract implementation for Hexagon HXG, an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets by providing a to argument in conjunction with a large value argument, as exploited in the...

7.5CVSS7AI score0.00926EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2018/05/18 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-20872

DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or DHCP settings, a related issue to CVE-2017-11649...

8.8CVSS6.8AI score0.00695EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2018/05/17 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-1000049

Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. The flaw can be exploited only if the software is executed with read/write mode enabled...

7.5CVSS7.7AI score0.77297EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2018/05/14 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-4990

Adobe Acrobat and Reader have a double free vulnerability that could lead to remote code execution...

8.8CVSS7.6AI score0.40537EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2018/05/09 12:0 a.m.•5 views

VulnCheck KEV: CVE-2018-10831

Z-NOMP before 2018-04-05 has an incorrect Equihash solution verifier that allows attackers to spoof mining shares, as demonstrated by providing a solution with x1=1,x2=1,x3=1,...,x512=1 to bypass this verifier for any blockheader. This originally affected for example the Bitcoin Gold and...

7.5CVSS7.1AI score0.00716EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2018/05/08 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-8120

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory...

7.2CVSS6.9AI score0.73721EPSS
Exploits18References1
VulnCheck KEV
VulnCheck KEV
•added 2018/05/08 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-8174

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution"...

7.6CVSS7.5AI score0.87814EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2018/05/07 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-10561

Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution...

9.8CVSS7.7AI score0.9995EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2018/05/01 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-10657

Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federationbase.py and handlers/message.py, as exploited in the wild in April 2018...

7.5CVSS7.1AI score0.0151EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2018/04/28 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-10468

The transferFrom function of a smart contract implementation for Useless Ethereum Token UET, an Ethereum ERC20 token, allows attackers to steal assets e.g., transfer all victims' balances into their account because certain computations involving value are incorrect, as exploited in the...

7.5CVSS7.1AI score0.01595EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2018/04/25 12:0 a.m.•8 views

VulnCheck KEV: CVE-2018-10376

An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh aka SMT, an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted fee and value parameters, as exploited in the wild in April 2018, aka...

7.5CVSS7.2AI score0.01825EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2018/04/23 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-10299

An integer overflow in the batchTransfer function of a smart contract implementation for Beauty Ecosystem Coin BEC, the Ethereum ERC20 token used in the Beauty Chain economic system, allows attackers to accomplish an unauthorized increase of digital assets by providing two receivers...

7.5CVSS7.2AI score0.02781EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2018/04/20 12:0 a.m.•6 views

VulnCheck KEV: CVE-2018-7600

Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise...

9.8CVSS7.6AI score0.99993EPSS
Exploits46References1
VulnCheck KEV
VulnCheck KEV
•added 2018/03/28 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-20149

The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on...

9.8CVSS7.7AI score0.02554EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2018/03/28 12:0 a.m.•4 views

VulnCheck KEV: CVE-2012-0874

The 1 JMXInvokerHAServlet and 2 EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which...

6.8CVSS6.6AI score0.15561EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2018/03/06 12:0 a.m.•5 views

VulnCheck KEV: CVE-2010-1592

sandra.sys 15.18.1.1 and earlier in the Sandra Device Driver in SiSoftware Sandra 16.10.2010.1 and earlier allows local users to gain privileges or cause a denial of service system crash via unspecified vectors involving "Model-Specific Registers."...

6.9CVSS7.1AI score0.00431EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2018/03/06 12:0 a.m.•3 views

VulnCheck KEV: CVE-2009-0824

Elaborate Bytes ElbyCDIO.sys 6.0.2.0 and earlier, as distributed in SlySoft AnyDVD before 6.5.2.6, Virtual CloneDrive 5.4.2.3 and earlier, CloneDVD 2.9.2.0 and earlier, and CloneCD 5.3.1.3 and earlier, uses the METHODNEITHER communication method for IOCTLs and does not properly validate a buffer...

4.9CVSS7.1AI score0.00725EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2018/03/06 12:0 a.m.•5 views

VulnCheck KEV: CVE-2007-5633

Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, allows local users to read or write arbitrary MSRs, and gain privileges and load unsigned drivers, via the 1 IOCTLRDMSR 0x9C402438 and 2 IOCTLWRMSR 0x9C40243C IOCTLs to \Device\speedfan, as...

7.2CVSS7.2AI score0.00935EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2018/03/01 12:0 a.m.•47 views

VulnCheck KEV: CVE-2016-6277

NETGEAR confirmed multiple routers allow unauthenticated web pages to pass form input directly to the command-line interface, permitting remote code execution...

9.3CVSS7.5AI score0.99781EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2018/03/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2014-6278

GNU Bash contains an OS command injection vulnerability which allows remote attackers to execute arbitrary commands via a crafted environment...

10CVSS7.6AI score0.99621EPSS
Exploits31References1
VulnCheck KEV
VulnCheck KEV
•added 2018/03/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2014-6277

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access, and untrusted-pointer read and write operations via a crafted...

10CVSS7.1AI score0.64326EPSS
Exploits16References1
VulnCheck KEV
VulnCheck KEV
•added 2018/03/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2014-7187

Off-by-one error in the readtokenword function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service out-of-bounds array access and application crash or possibly have unspecified other impact via deeply nested for loops, aka the "wordlineno" issue...

10CVSS6.8AI score0.58462EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
•added 2018/03/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2014-7186

The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service out-of-bounds array access and application crash or possibly have unspecified other impact via crafted use of here documents, aka the "redirstack" issue...

10CVSS6.8AI score0.64336EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
•added 2018/02/12 12:0 a.m.•7 views

VulnCheck KEV: CVE-2017-18046

Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1-1124 and 3.03p2-1146 devices allows remote attackers to execute arbitrary code via a long POST request to the loginaction function in /cgi-bin/loginaction.cgi aka cgipage.cgi...

9.8CVSS7.8AI score0.05045EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2018/02/04 12:0 a.m.•2 views

VulnCheck KEV: CVE-2013-4979

Buffer overflow in the gldll32.dll module in EPS Viewer 3.2 and earlier allows remote attackers to execute arbitrary code via a crafted EPS file...

9.3CVSS6.2AI score0.05144EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2018/02/03 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-4878

Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution...

7.8CVSS7.4AI score0.89618EPSS
Exploits19References1
VulnCheck KEV
VulnCheck KEV
•added 2018/02/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-11467

OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request...

10CVSS7.6AI score0.73071EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2018/01/30 12:0 a.m.•4 views

VulnCheck KEV: CVE-2018-20753

Kaseya VSA RMM allows unprivileged remote attackers to execute PowerShell payloads on all managed devices...

9.8CVSS7.4AI score0.29551EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2018/01/29 12:0 a.m.•3 views

VulnCheck KEV: CVE-2018-0101

A vulnerability in the Secure Sockets Layer SSL VPN functionality of the Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to an attempt to double free a...

10CVSS7.3AI score0.87397EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2018/01/23 12:0 a.m.•5 views

VulnCheck KEV: CVE-2015-2052

Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface...

10CVSS6.4AI score0.05205EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2018/01/17 12:0 a.m.•6 views

VulnCheck KEV: CVE-2017-16929

The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files. This can be exploited via ../ sequences in the...

8.5CVSS7.4AI score0.12889EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2018/01/15 12:0 a.m.•3 views

VulnCheck KEV: CVE-2005-2678

Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVERNAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost...

5CVSS5.8AI score0.41839EPSS
Exploits0References1
Total number of security vulnerabilities4985