Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2016/10/28 12:0 a.m.•2 views

VulnCheck KEV: CVE-2016-8869

The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site...

9.8CVSS7.5AI score0.97426EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
•added 2016/10/28 12:0 a.m.•8 views

VulnCheck KEV: CVE-2016-8870

The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting...

8.1CVSS7.4AI score0.82086EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2016/10/21 12:0 a.m.•3 views

VulnCheck KEV: CVE-2016-7855

Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code...

9.3CVSS7.7AI score0.25198EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2016/10/21 12:0 a.m.•3 views

VulnCheck KEV: CVE-2016-7255

Microsoft Win32k kernel-mode driver fails to properly handle objects in memory which allows for privilege escalation. Successful exploitation allows an attacker to run code in kernel mode...

7.8CVSS7AI score0.80968EPSS
Exploits24References1
VulnCheck KEV
VulnCheck KEV
•added 2016/10/18 12:0 a.m.•4 views

VulnCheck KEV: CVE-2016-5195

Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges...

7.2CVSS6.9AI score0.83524EPSS
Exploits81References1
VulnCheck KEV
VulnCheck KEV
•added 2016/10/12 12:0 a.m.•3 views

VulnCheck KEV: CVE-2004-1653

The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS...

6.4CVSS7.4AI score0.11574EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2016/10/11 12:0 a.m.•2 views

VulnCheck KEV: CVE-2016-7193

Microsoft Office contains a memory corruption vulnerability which can allow for remote code execution...

9.3CVSS7.5AI score0.57705EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2016/10/11 12:0 a.m.•2 views

VulnCheck KEV: CVE-2016-3393

A remote code execution vulnerability exists due to the way the Windows GDI component handles objects in the memory. An attacker who successfully exploits this vulnerability could take control of the affected system...

9.3CVSS7.8AI score0.68684EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2016/10/05 12:0 a.m.•7 views

VulnCheck KEV: CVE-2016-2776

buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service assertion failure and daemon exit via a crafted query...

7.8CVSS7.2AI score0.89482EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2016/09/29 12:0 a.m.•5 views

VulnCheck KEV: CVE-2009-3953

Adobe Acrobat and Reader contains an array boundary issue in Universal 3D U3D support that could lead to remote code execution...

10CVSS7.5AI score0.83855EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2016/09/29 12:0 a.m.•5 views

VulnCheck KEV: CVE-2013-5326

Cross-site scripting XSS vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before Update 11, 9.0.2 before Update 6, and 10 before Update 12, when the CFIDE directory is available, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS6.2AI score0.01842EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2016/09/29 12:0 a.m.•3 views

VulnCheck KEV: CVE-2014-0160

The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information...

7.5CVSS7.1AI score0.99999EPSS
Exploits88References1
VulnCheck KEV
VulnCheck KEV
•added 2016/09/29 12:0 a.m.•8 views

VulnCheck KEV: CVE-2009-3674

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that 1 was not properly initialized or 2 is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a...

9.3CVSS6.2AI score0.26261EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2016/09/29 12:0 a.m.•1 views

VulnCheck KEV: CVE-2006-3227

Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set,...

2.6CVSS5.8AI score0.13532EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2016/09/29 12:0 a.m.•4 views

VulnCheck KEV: CVE-2011-0101

Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted RealTimeData record, related to a stTopic field, double-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability."...

9.3CVSS6.2AI score0.29971EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2016/09/29 12:0 a.m.•2 views

VulnCheck KEV: CVE-2014-0564

Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial...

10CVSS6.2AI score0.06192EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2016/09/28 12:0 a.m.•5 views

VulnCheck KEV: CVE-2016-6909

Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER...

10CVSS7.7AI score0.49856EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2016/09/28 12:0 a.m.•5 views

VulnCheck KEV: CVE-2016-6415

Cisco IOS, IOS XR, and IOS XE contain insufficient condition checks in the part of the code that handles Internet Key Exchange version 1 IKEv1 security negotiation requests. contains an information disclosure vulnerability in the Internet Key Exchange version 1 IKEv1 that could allow an...

7.5CVSS7.3AI score0.87687EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2016/09/28 12:0 a.m.•4 views

VulnCheck KEV: CVE-2016-7089

WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifconfig command, aka ESCALATEPLOWMAN...

7.8CVSS7.3AI score0.01239EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2016/09/28 12:0 a.m.•6 views

VulnCheck KEV: CVE-2014-3393

The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.25.51, 8.3 before 8.32.42, 8.4 before 8.47.23, 8.6 before 8.61.14, 9.0 before 9.04.24, 9.1 before 9.15.12, and 9.2 before 9.22.4 does not properly implement authentication, which allows remote...

4.3CVSS6AI score0.01995EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2016/09/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2016-3351

An information disclosure vulnerability exists in the way that certain functions in Internet Explorer and Edge handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer...

6.5CVSS6.9AI score0.26286EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2016/09/05 12:0 a.m.•3 views

VulnCheck KEV: CVE-2008-2990

PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms comfacileforms component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ffcompath parameter...

7.5CVSS6.1AI score0.02294EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2016/08/30 12:0 a.m.•4 views

VulnCheck KEV: CVE-2016-6195

SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016...

9.8CVSS7.7AI score0.68493EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2016/08/15 12:0 a.m.•4 views

VulnCheck KEV: CVE-2016-4656

A memory corruption vulnerability in Apple iOS kernel allows attackers to execute code in a privileged context or cause a denial-of-service DoS via a crafted application...

9.3CVSS7.4AI score0.23626EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2016/08/15 12:0 a.m.•4 views

VulnCheck KEV: CVE-2016-6367

A vulnerability in the command-line interface CLI parser of Cisco ASA software could allow an authenticated, local attacker to create a denial-of-service DoS condition or potentially execute code...

7.8CVSS7.3AI score0.22583EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2016/08/15 12:0 a.m.•4 views

VulnCheck KEV: CVE-2016-4657

Apple iOS WebKit contains a memory corruption vulnerability that allows attackers to execute remote code or cause a denial-of-service DoS via a crafted web site. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products...

8.8CVSS7.6AI score0.66788EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2016/08/15 12:0 a.m.•5 views

VulnCheck KEV: CVE-2016-6366

A buffer overflow vulnerability in the Simple Network Management Protocol SNMP code of Cisco ASA software could allow an attacker to cause a reload of the affected system or to remotely execute code...

8.8CVSS7.8AI score0.87503EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2016/08/15 12:0 a.m.•6 views

VulnCheck KEV: CVE-2016-4655

The Apple iOS kernel allows attackers to obtain sensitive information from memory via a crafted application...

7.1CVSS6.9AI score0.33353EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2016/08/04 12:0 a.m.•4 views

VulnCheck KEV: CVE-2014-4076

Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to 1 tcpip.sys or 2 tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability."...

7.2CVSS5.8AI score0.22666EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
•added 2016/08/04 12:0 a.m.•6 views

VulnCheck KEV: CVE-2009-1123

The kernel in Microsoft Windows does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application...

7.8CVSS5.8AI score0.04918EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2016/08/04 12:0 a.m.•3 views

VulnCheck KEV: CVE-2014-1511

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors...

9.8CVSS6.9AI score0.83633EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2016/08/04 12:0 a.m.•6 views

VulnCheck KEV: CVE-2016-0728

The joinsessionkeyring function in security/keys/processkeys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service integer overflow and use-after-free via crafted keyctl commands...

7.8CVSS6.9AI score0.03646EPSS
Exploits14References1
VulnCheck KEV
VulnCheck KEV
•added 2016/08/04 12:0 a.m.•3 views

VulnCheck KEV: CVE-2014-1510

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call...

9.8CVSS7.2AI score0.82339EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2016/08/04 12:0 a.m.•4 views

VulnCheck KEV: CVE-2010-0232

The kernel in Microsoft Windows, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges...

7.8CVSS7.3AI score0.29253EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
•added 2016/06/15 12:0 a.m.•4 views

VulnCheck KEV: CVE-2016-4171

Unspecified vulnerability in Adobe Flash Player allows for remote code execution...

10CVSS7.7AI score0.19903EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2016/06/14 12:0 a.m.•7 views

VulnCheck KEV: CVE-2016-0147

Microsoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web site, aka "MSXML 3.0 Remote Code Execution Vulnerability."...

9.3CVSS7.8AI score0.15709EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2016/06/03 12:0 a.m.•4 views

VulnCheck KEV: CVE-2016-15043

The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in resize.php file in versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may...

9.8CVSS5.9AI score0.10032EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2016/05/26 12:0 a.m.•8 views

VulnCheck KEV: CVE-2016-1409

The Neighbor Discovery ND protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service packet-processing outage via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild...

7.5CVSS7.2AI score0.03823EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2016/05/16 12:0 a.m.•7 views

VulnCheck KEV: CVE-2010-1240

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a...

9.3CVSS5.9AI score0.73436EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2016/05/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2010-5326

SAP NetWeaver Application Server Java Platforms Invoker Servlet does not require authentication, allowing for remote code execution via a HTTP or HTTPS request...

10CVSS8AI score0.1745EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2016/05/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2015-6585

hwpapp.dll in Hangul Word Processor allows remote attackers to execute arbitrary code via a crafted heap spray, and by leveraging a "type confusion" via an HWPX file containing a crafted para text tag...

7.8CVSS7.6AI score0.0249EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2016/05/10 12:0 a.m.•6 views

VulnCheck KEV: CVE-2016-0189

The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service memory corruption via a crafted web site...

7.6CVSS7.6AI score0.93165EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2016/05/08 12:0 a.m.•4 views

VulnCheck KEV: CVE-2016-4117

An access of resource using incompatible type vulnerability exists within Adobe Flash Player that allows an attacker to perform remote code execution...

10CVSS7.5AI score0.94354EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2016/05/04 12:0 a.m.•3 views

VulnCheck KEV: CVE-2016-3714

ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image...

10CVSS6.9AI score0.97485EPSS
Exploits11References1
VulnCheck KEV
VulnCheck KEV
•added 2016/04/23 12:0 a.m.•9 views

VulnCheck KEV: CVE-2016-10995

The Tevolution plugin before 2.3.0 for WordPress has arbitrary file upload via singleupload.php or single-upload.php...

9.8CVSS7.4AI score0.01967EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2016/04/22 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-0144

The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets...

9.3CVSS7.7AI score0.9923EPSS
Exploits55References1
VulnCheck KEV
VulnCheck KEV
•added 2016/04/12 12:0 a.m.•7 views

VulnCheck KEV: CVE-2016-0165

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.1AI score0.13841EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2016/04/12 12:0 a.m.•4 views

VulnCheck KEV: CVE-2016-3298

An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could allow the attacker to test for the presence of files on disk...

6.5CVSS7AI score0.3279EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2016/04/12 12:0 a.m.•7 views

VulnCheck KEV: CVE-2016-0162

An information disclosure vulnerability exists when Internet Explorer does not properly handle JavaScript. The vulnerability could allow an attacker to detect specific files on the user's computer...

4.3CVSS6.9AI score0.22088EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2016/04/02 12:0 a.m.•5 views

VulnCheck KEV: CVE-2016-1019

Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code...

10CVSS7.5AI score0.22487EPSS
Exploits0References1
Total number of security vulnerabilities4985