Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2017/06/20 12:0 a.m.•6 views

VulnCheck KEV: CVE-2003-0127

The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel...

7.2CVSS5.8AI score0.01584EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2017/06/20 12:0 a.m.•4 views

VulnCheck KEV: CVE-2001-0236

Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long "indication" event...

10CVSS6.2AI score0.72036EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2017/06/20 12:0 a.m.•2 views

VulnCheck KEV: CVE-2003-0681

A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets 1 recipient 2, final, or 3 mailer-specific envelope recipients, has unknown consequences...

7.5CVSS6AI score0.20081EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2017/06/20 12:0 a.m.•4 views

VulnCheck KEV: CVE-2003-0201

Buffer overflow in the calltrans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code...

10CVSS6.1AI score0.84502EPSS
Exploits23References1
VulnCheck KEV
VulnCheck KEV
•added 2017/06/20 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-3623

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Kernel RPC. For supported versions that are affected see note. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. While the...

10CVSS7.3AI score0.21965EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2017/06/20 12:0 a.m.•2 views

VulnCheck KEV: CVE-2011-4130

Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer...

9CVSS7.5AI score0.12804EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2017/06/20 12:0 a.m.•4 views

VulnCheck KEV: CVE-2003-0694

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c...

10CVSS6.4AI score0.60185EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2017/06/20 12:0 a.m.•5 views

VulnCheck KEV: CVE-2006-3439

Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314...

10CVSS6.2AI score0.85461EPSS
Exploits16References1
VulnCheck KEV
VulnCheck KEV
•added 2017/06/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2017-8464

Windows Shell in multiple versions of Microsoft Windows allows local users or remote attackers to execute arbitrary code via a crafted .LNK file...

9.3CVSS7.3AI score0.90026EPSS
Exploits20References1
VulnCheck KEV
VulnCheck KEV
•added 2017/06/13 12:0 a.m.•2 views

VulnCheck KEV: CVE-2017-8543

Microsoft Windows allows an attacker to take control of the affected system when Windows Search fails to handle objects in memory...

10CVSS6.9AI score0.7376EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2017/06/12 12:0 a.m.•3 views

VulnCheck KEV: CVE-2015-5374

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant...

7.8CVSS7.3AI score0.74497EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2017/05/09 12:0 a.m.•1 views

VulnCheck KEV: CVE-2017-0222

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory...

8.8CVSS7.8AI score0.29645EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2017/05/09 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-0001

The Graphics Device Interface GDI in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges...

7.8CVSS7.3AI score0.03114EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2017/05/09 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-0262

A remote code execution vulnerability exists in Microsoft Office...

9.3CVSS7.8AI score0.80734EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2017/05/09 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-0261

Microsoft Office contains a use-after-free vulnerability which can allow for remote code execution...

9.3CVSS7.5AI score0.7813EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2017/05/09 12:0 a.m.•5 views

VulnCheck KEV: CVE-2017-0263

Microsoft Win32k contains a privilege escalation vulnerability due to the Windows kernel-mode driver failing to properly handle objects in memory...

7.8CVSS7.3AI score0.10034EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2017/05/04 12:0 a.m.•5 views

VulnCheck KEV: CVE-2017-20210

Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerability related to the XMR mining programs identified by internal research...

9.8CVSS5.8AI score0.00308EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2017/04/27 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-8291

Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile...

7.8CVSS7.1AI score0.96968EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2017/04/25 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-0148

The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets...

9.3CVSS7.8AI score0.99373EPSS
Exploits17References1
VulnCheck KEV
VulnCheck KEV
•added 2017/04/11 12:0 a.m.•3 views

VulnCheck KEV: CVE-2014-9222

AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability...

10CVSS7.3AI score0.63748EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
•added 2017/04/11 12:0 a.m.•2 views

VulnCheck KEV: CVE-2017-0199

Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code execution...

9.3CVSS7.2AI score0.99933EPSS
Exploits29References1
VulnCheck KEV
VulnCheck KEV
•added 2017/04/11 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-0210

A privilege escalation vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information...

8.8CVSS6.9AI score0.19522EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2017/04/01 12:0 a.m.•6 views

VulnCheck KEV: CVE-2017-2404

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016...

7.5CVSS7.3AI score0.01436EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2017/03/31 12:0 a.m.•2 views

VulnCheck KEV: CVE-2017-3197

GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 version F6 and GB-BXi7-5775 version F2 platforms does not securely implement BIOSWE, BLE, SMMBWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash...

10CVSS7.4AI score0.05641EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2017/03/31 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-3198

GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected...

10CVSS7.4AI score0.01597EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2017/03/27 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-7269

Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services IIS 6.0 which allows remote attackers to execute code via a long header beginning with "If: http://" in a PROPFIND request...

10CVSS7.9AI score0.99823EPSS
Exploits39References1
VulnCheck KEV
VulnCheck KEV
•added 2017/03/20 12:0 a.m.•2 views

VulnCheck KEV: CVE-2017-1274

IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749...

8.8CVSS7.7AI score0.06792EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2017/03/17 12:0 a.m.•2 views

VulnCheck KEV: CVE-2017-3881

A vulnerability in the Cisco Cluster Management Protocol CMP processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges...

10CVSS7.6AI score0.98975EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
•added 2017/03/14 12:0 a.m.•2 views

VulnCheck KEV: CVE-2017-0145

The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets...

9.3CVSS7.8AI score0.8985EPSS
Exploits18References1
VulnCheck KEV
VulnCheck KEV
•added 2017/03/14 12:0 a.m.•2 views

VulnCheck KEV: CVE-2017-0022

Microsoft XML Core Services MSXML improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site...

6.5CVSS6.7AI score0.18069EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2017/03/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-0146

The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution...

9.3CVSS7.5AI score0.89862EPSS
Exploits27References1
VulnCheck KEV
VulnCheck KEV
•added 2017/03/14 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-0005

The Graphics Device Interface GDI in Microsoft Windows allows local users to gain privileges via a crafted application...

7.8CVSS7.3AI score0.11022EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2017/03/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-0147

The SMBv1 server in Microsoft Windows allows remote attackers to obtain sensitive information from process memory via a crafted packet...

7.5CVSS6.9AI score0.99693EPSS
Exploits22References1
VulnCheck KEV
VulnCheck KEV
•added 2017/03/14 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-0149

Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial-of-service DoS via a crafted website...

8.8CVSS7.3AI score0.29189EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2017/03/14 12:0 a.m.•2 views

VulnCheck KEV: CVE-2017-0143

Microsoft Windows Server Message Block 1.0 SMBv1 contains an unspecified vulnerability that allows for remote code execution...

9.3CVSS7.7AI score0.93307EPSS
Exploits47References1
VulnCheck KEV
VulnCheck KEV
•added 2017/03/11 12:0 a.m.•6 views

VulnCheck KEV: CVE-2017-5638

Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution...

10CVSS7.6AI score0.99999EPSS
Exploits44References1
VulnCheck KEV
VulnCheck KEV
•added 2017/03/10 12:0 a.m.•3 views

VulnCheck KEV: CVE-2016-15047

AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The exefile parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can...

8.7CVSS6AI score0.03946EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2017/01/17 12:0 a.m.•8 views

VulnCheck KEV: CVE-2017-10271

Oracle Corporation WebLogic Server contains a vulnerability that allows for remote code execution...

7.5CVSS7.6AI score0.99993EPSS
Exploits45References1
VulnCheck KEV
VulnCheck KEV
•added 2017/01/11 12:0 a.m.•6 views

VulnCheck KEV: CVE-2016-7200

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service memory corruption via a crafted web site...

8.8CVSS7.6AI score0.8249EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2017/01/11 12:0 a.m.•6 views

VulnCheck KEV: CVE-2016-7201

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service memory corruption via a crafted web site...

8.8CVSS7.4AI score0.79687EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2017/01/09 12:0 a.m.•5 views

VulnCheck KEV: CVE-2013-1670

The Chrome Object Wrapper COW implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote...

4.3CVSS6.8AI score0.10893EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2017/01/09 12:0 a.m.•7 views

VulnCheck KEV: CVE-2013-1710

The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting XSS...

10CVSS7.1AI score0.40118EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
•added 2017/01/09 12:0 a.m.•3 views

VulnCheck KEV: CVE-2014-8636

The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors...

7.5CVSS7.2AI score0.65657EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2016/12/14 12:0 a.m.•3 views

VulnCheck KEV: CVE-2016-10372

The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login password which defaults to the Wi-Fi password, and using the NewNTPServer...

10CVSS7.6AI score0.81899EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2016/12/13 12:0 a.m.•3 views

VulnCheck KEV: CVE-2016-7892

Adobe Flash Player has an exploitable use-after-free vulnerability in the TextField class...

9.3CVSS7.3AI score0.18786EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2016/12/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2014-0569

Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allows attackers to execute arbitrary...

9.3CVSS5.9AI score0.90208EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2016/11/29 12:0 a.m.•4 views

VulnCheck KEV: CVE-2016-9079

Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows...

7.5CVSS7.3AI score0.87598EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
•added 2016/11/16 12:0 a.m.•2 views

VulnCheck KEV: CVE-2016-9299

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server...

9.8CVSS7.7AI score0.96943EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2016/11/11 12:0 a.m.•2 views

VulnCheck KEV: CVE-1999-0502

A Unix account has a default, null, blank, or missing password...

7.5CVSS7.3AI score0.53618EPSS
Exploits41References1
VulnCheck KEV
VulnCheck KEV
•added 2016/11/08 12:0 a.m.•2 views

VulnCheck KEV: CVE-2016-7256

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits this vulnerability could take control of the affected system...

9.3CVSS7.5AI score0.64835EPSS
Exploits0References1
Total number of security vulnerabilities4985