Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
added 2016/04/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2010-4398

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control UAC feature...

7.8CVSS6AI score0.08661EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2016/04/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2013-1331

Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via crafted PNG data in an Office document...

9.3CVSS6.3AI score0.81877EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2016/04/01 12:0 a.m.3 views

VulnCheck KEV: CVE-2011-2005

afd.sys in the Ancillary Function Driver in Microsoft Windows does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application...

7.8CVSS5.8AI score0.31761EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
added 2016/03/25 12:0 a.m.2 views

VulnCheck KEV: CVE-2012-3347

AutoFORM PDM Archive before 7.0 implements user accounts in a way that allows for JMX Console authentication, which allows remote authenticated users to bypass intended access restrictions via the /jmx-console URI, and then upload and execute arbitrary JSP code via a JBoss remote-deployment...

6CVSS6.1AI score0.01544EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2016/03/25 12:0 a.m.3 views

VulnCheck KEV: CVE-2010-2493

The default configuration of the deployment descriptor aka web.xml in picketlink-sts.war in 1 the securitysaml quickstart, 2 the webserviceproxysecurity quickstart, 3 the web-console application, 4 the http-invoker application, 5 the gpd-deployer application, 6 the jbpm-console...

5CVSS5.8AI score0.01688EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2016/03/25 12:0 a.m.7 views

VulnCheck KEV: CVE-2013-4810

HP ProCurve Manager PCM, PCM+, Identity Driven Manager IDM, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to 1 EJBInvokerServlet or 2 JMXInvokerServlet...

10CVSS6.4AI score0.79003EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2016/03/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2011-2908

Cross-site request forgery CSRF vulnerability in the JMX Console jmx-console in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests...

6CVSS6.3AI score0.01567EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2016/03/25 12:0 a.m.4 views

VulnCheck KEV: CVE-2015-5188

Cross-site request forgery CSRF vulnerability in the Web Console web-console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly formerly JBoss Application Server before 2.0.0.CR9 allows remote attackers to hijack the authentication of administrators for requests that make...

6.8CVSS7.3AI score0.01138EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2016/03/25 12:0 a.m.5 views

VulnCheck KEV: CVE-2010-1428

Unauthenticated access to the JBoss Application Server Web Console /web-console is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker could use this flaw to gain access to sensitive information...

7.5CVSS7.2AI score0.62308EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2016/03/18 12:0 a.m.4 views

VulnCheck KEV: CVE-2015-1805

The 1 piperead and 2 pipewrite implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed copytouserinatomic and copyfromuserinatomic calls, which allows local users to cause a denial of service system crash or possibly...

7.2CVSS6.9AI score0.01407EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2016/03/12 12:0 a.m.3 views

VulnCheck KEV: CVE-2016-0021

Microsoft InfoPath 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."...

9.3CVSS7.5AI score0.23429EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2016/03/10 12:0 a.m.3 views

VulnCheck KEV: CVE-2016-1010

Integer overflow vulnerability in Adobe Flash Player and AIR allows attackers to execute code...

9.3CVSS7.4AI score0.19785EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2016/03/08 12:0 a.m.5 views

VulnCheck KEV: CVE-2014-7247

Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and 2010; Ichitaro Pro; Ichitaro Pro 2; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen; and Ichitaro 2014 Tetsu allows remote attackers to execute arbitrary code via a crafted file...

10CVSS6.2AI score0.05335EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2016/03/08 12:0 a.m.10 views

VulnCheck KEV: CVE-2016-0167

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation via a crafted application...

7.8CVSS7.1AI score0.05729EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2016/02/23 12:0 a.m.5 views

VulnCheck KEV: CVE-2011-1255

The Timed Interactive Multimedia Extensions aka HTML+TIME implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that 1 was not properly initialized or 2 is deleted,...

9.3CVSS6.2AI score0.42103EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
added 2016/02/23 12:0 a.m.4 views

VulnCheck KEV: CVE-2013-5990

Unspecified vulnerability in JustSystems Ichitaro 2006 through 2011; Ichitaro Government 6, 7, and 2006 through 2010; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen and Gen Trial Edition; Ichitaro Pro; Ichitaro Pro 2 and Pro 2 Trial Edition; Ichitaro Viewer; and Ichitaro Portable with...

9.3CVSS6AI score0.04587EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2016/01/28 12:0 a.m.4 views

VulnCheck KEV: CVE-2015-7501

Red Hat JBoss A-MQ 6.x; BPM Suite BPMS 6.x; BRMS 6.x and 5.x; Data Grid JDG 6.x; Data Virtualization JDV 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works FSW 6.x; Operations Network JBoss ON 3.x; Portal 6.x; SOA Platform SOA-P 5.x; Web...

10CVSS6.7AI score0.83274EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
added 2016/01/24 12:0 a.m.4 views

VulnCheck KEV: CVE-2010-2572

Microsoft PowerPoint contains a buffer overflow vulnerability that alllows for remote code execution...

9.3CVSS6.4AI score0.62598EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2016/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2015-1397

SQL injection vulnerability in the getCsvFile function in the MageAdminhtmlBlockWidgetGrid class in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 allows remote administrators to execute arbitrary SQL commands via the popularityfieldexpr parameter when the...

6.5CVSS6.2AI score0.56686EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2016/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2015-1398

Multiple directory traversal vulnerabilities in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 allow remote authenticated users to include and execute certain PHP files via 1 .. dot dot sequences in the PATHINFO to index.php or 2 vectors involving a block value...

6.5CVSS5.9AI score0.14396EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2016/01/22 12:0 a.m.5 views

VulnCheck KEV: CVE-2015-1399

PHP remote file inclusion vulnerability in the fetchView function in the MageCoreBlockTemplateZend class in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 allows remote administrators to execute arbitrary PHP code via a URL in unspecified vectors involving the...

6.5CVSS6.1AI score0.10071EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2016/01/11 12:0 a.m.3 views

VulnCheck KEV: CVE-2016-0984

Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows attackers to execute code...

9.3CVSS7.3AI score0.55375EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2015/12/28 12:0 a.m.4 views

VulnCheck KEV: CVE-2015-8651

Integer overflow in Adobe Flash Player allows attackers to execute code...

9.3CVSS7.5AI score0.67922EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2015/12/23 12:0 a.m.3 views

VulnCheck KEV: CVE-2015-7756

The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b,...

5CVSS5.8AI score0.02448EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2015/12/23 12:0 a.m.4 views

VulnCheck KEV: CVE-2015-7755

Juniper ScreenOS contains an improper authentication vulnerability that could allow unauthorized remote administrative access to the device...

10CVSS7.4AI score0.614EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2015/12/22 12:0 a.m.5 views

VulnCheck KEV: CVE-2015-8446

Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute...

9.3CVSS7.5AI score0.07985EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2015/12/16 12:0 a.m.1 views

VulnCheck KEV: CVE-2015-8562

Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015...

7.5CVSS7.5AI score0.98283EPSS
Exploits16References1
VulnCheck KEV
VulnCheck KEV
added 2015/12/08 12:0 a.m.7 views

VulnCheck KEV: CVE-2015-6175

The kernel in Microsoft Windows contains a vulnerability that allows local users to gain privileges via a crafted application...

7.8CVSS5.8AI score0.05169EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2015/11/25 12:0 a.m.3 views

VulnCheck KEV: CVE-2016-0034

Microsoft Silverlight mishandles negative offsets during decoding, which allows attackers to execute remote code or cause a denial-of-service DoS...

9.3CVSS7.7AI score0.69709EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2015/11/09 12:0 a.m.6 views

VulnCheck KEV: CVE-2015-3090

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code or cause a...

10CVSS6.2AI score0.87303EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2015/11/09 12:0 a.m.4 views

VulnCheck KEV: CVE-2015-0359

Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0346...

10CVSS6.2AI score0.95184EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2015/11/02 12:0 a.m.7 views

VulnCheck KEV: CVE-2015-0003

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service...

6.9CVSS5.8AI score0.04536EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2015/10/26 12:0 a.m.5 views

VulnCheck KEV: CVE-2015-7858

SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297...

7.5CVSS6.4AI score0.99967EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
added 2015/10/20 12:0 a.m.4 views

VulnCheck KEV: CVE-2015-4902

Unspecified vulnerability in Oracle Java SE allows remote attackers to affect integrity via Unknown vectors related to deployment...

5.3CVSS6.7AI score0.13354EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2015/10/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2015-7645

Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file...

9.3CVSS7.8AI score0.68396EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2015/10/05 12:0 a.m.5 views

VulnCheck KEV: CVE-2015-5065

Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter...

5CVSS6AI score0.16324EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2015/09/08 12:0 a.m.8 views

VulnCheck KEV: CVE-2015-2545

Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image...

9.3CVSS6.2AI score0.86053EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2015/09/08 12:0 a.m.8 views

VulnCheck KEV: CVE-2015-2546

The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application...

8.2CVSS7.3AI score0.10929EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2015/09/02 12:0 a.m.3 views

VulnCheck KEV: CVE-2015-9415

The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion...

7.5CVSS7.1AI score0.03399EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2015/08/18 12:0 a.m.6 views

VulnCheck KEV: CVE-2015-2502

Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service DoS...

9.3CVSS6.1AI score0.51127EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2015/08/11 12:0 a.m.5 views

VulnCheck KEV: CVE-2015-1769

A privilege escalation vulnerability exists when the Windows Mount Manager component improperly processes symbolic links...

7.2CVSS5.8AI score0.04339EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2015/08/05 12:0 a.m.3 views

VulnCheck KEV: CVE-2010-0738

The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method...

5.3CVSS6.4AI score0.79415EPSS
Exploits28References1
VulnCheck KEV
VulnCheck KEV
added 2015/08/05 12:0 a.m.4 views

VulnCheck KEV: CVE-2015-4495

Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges...

8.8CVSS6.9AI score0.70226EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
added 2015/08/02 12:0 a.m.3 views

VulnCheck KEV: CVE-2015-5477

named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via TKEY queries...

7.8CVSS7AI score0.91284EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
added 2015/07/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2015-2419

JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service memory corruption via a crafted web site...

9.3CVSS7.7AI score0.44537EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2015/07/21 12:0 a.m.4 views

VulnCheck KEV: CVE-2014-0497

Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code...

10CVSS7.7AI score0.99883EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
added 2015/07/21 12:0 a.m.5 views

VulnCheck KEV: CVE-2015-0349

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0351, CVE-2015-0358, and...

10CVSS6.4AI score0.10378EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2015/07/21 12:0 a.m.4 views

VulnCheck KEV: CVE-2014-3153

The futexrequeue function in kernel/futex.c in Linux kernel does not ensure that calls have two different futex addresses, which allows local users to gain privileges...

7.8CVSS6.5AI score0.37233EPSS
Exploits15References1
VulnCheck KEV
VulnCheck KEV
added 2015/07/14 12:0 a.m.6 views

VulnCheck KEV: CVE-2015-2590

An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution...

10CVSS6.4AI score0.25469EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2015/07/12 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-26609

ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wirelessmft ap field...

7.2CVSS7.4AI score0.38722EPSS
Exploits5References1
Total number of security vulnerabilities4985