Lucene search
K
Vulncheck KevRecent

4985 matches found

VulnCheck KEV
VulnCheck KEV
•added 2014/10/14 12:0 a.m.•5 views

VulnCheck KEV: CVE-2014-4113

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.3AI score0.87042EPSS
Exploits22References1
VulnCheck KEV
VulnCheck KEV
•added 2014/10/14 12:0 a.m.•3 views

VulnCheck KEV: CVE-2014-8439

Adobe Flash Player has a vulnerability in the way it handles a dereferenced memory pointer which could lead to code execution...

10CVSS6.1AI score0.20008EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2014/10/14 12:0 a.m.•6 views

VulnCheck KEV: CVE-2014-4114

A vulnerability exists in Windows Object Linking & Embedding OLE that could allow remote code execution if a user opens a file that contains a specially crafted OLE object...

9.3CVSS7.8AI score0.81628EPSS
Exploits22References1
VulnCheck KEV
VulnCheck KEV
•added 2014/09/30 12:0 a.m.•7 views

VulnCheck KEV: CVE-2014-7169

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. This CVE correctly remediates the vulnerability in CVE-2014-6271...

10CVSS7.4AI score0.99999EPSS
Exploits140References1
VulnCheck KEV
VulnCheck KEV
•added 2014/09/30 12:0 a.m.•5 views

VulnCheck KEV: CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code...

10CVSS7.4AI score0.99999EPSS
Exploits131References1
VulnCheck KEV
VulnCheck KEV
•added 2014/09/22 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-6360

QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors...

10CVSS7.3AI score0.66146EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2014/09/22 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-6361

QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors...

10CVSS7.5AI score0.56847EPSS
Exploits5References1
VulnCheck KEV
VulnCheck KEV
•added 2014/09/18 12:0 a.m.•4 views

VulnCheck KEV: CVE-2014-0324

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0297, CVE-2014-0308, and CVE-2014-0312...

9.3CVSS7.5AI score0.21664EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
•added 2014/09/03 12:0 a.m.•2 views

VulnCheck KEV: CVE-2014-9734

Directory traversal vulnerability in the Slider Revolution revslider plugin before 4.2 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the img parameter in a revslidershowimage action to wp-admin/admin-ajax.php...

5CVSS7.4AI score0.20631EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2014/09/03 12:0 a.m.•7 views

VulnCheck KEV: CVE-2015-1579

Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the img parameter in a revslidershowimage action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734...

5CVSS7.4AI score0.22055EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2014/08/12 12:0 a.m.•4 views

VulnCheck KEV: CVE-2014-0546

Adobe Reader and Acrobat on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context...

10CVSS6.1AI score0.2233EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2014/08/12 12:0 a.m.•3 views

VulnCheck KEV: CVE-2014-2817

Microsoft Internet Explorer cotains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site...

8.8CVSS7.2AI score0.26349EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2014/08/07 12:0 a.m.•6 views

VulnCheck KEV: CVE-2013-3346

Adobe Reader and Acrobat contain a memory corruption vulnerability which can allow attackers to execute arbitrary code or cause a denial of service...

10CVSS7.8AI score0.78581EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2014/08/07 12:0 a.m.•8 views

VulnCheck KEV: CVE-2013-2729

Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code...

10CVSS5.9AI score0.66555EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2014/07/29 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-3900

A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files...

8.8CVSS7.5AI score0.44647EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2014/07/23 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-25141

The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admininit function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to...

9.8CVSS7.3AI score0.04461EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2014/07/11 12:0 a.m.•5 views

VulnCheck KEV: CVE-2013-5015

SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager SEPM 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute...

6.5CVSS5.9AI score0.28759EPSS
Exploits18References1
VulnCheck KEV
VulnCheck KEV
•added 2014/07/11 12:0 a.m.•6 views

VulnCheck KEV: CVE-2013-5014

The management console in Symantec Endpoint Protection Manager SEPM 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external...

7.5CVSS5.9AI score0.67573EPSS
Exploits13References1
VulnCheck KEV
VulnCheck KEV
•added 2014/07/11 12:0 a.m.•5 views

VulnCheck KEV: CVE-2012-2539

Microsoft Word allows attackers to execute remote code or cause a denial-of-service DoS via crafted RTF data...

9.3CVSS6.1AI score0.53159EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2014/06/06 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-0074

Microsoft Silverlight does not properly validate pointers during HTML object rendering, which allows remote attackers to execute code via a crafted Silverlight application...

9.3CVSS7.5AI score0.81868EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2014/05/14 12:0 a.m.•4 views

VulnCheck KEV: CVE-2014-1809

The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web site, as exploited in the wild in May 2014, aka "MSCOMCTL ASLR Vulnerability."...

6.8CVSS5.8AI score0.10117EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2014/05/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2014-1812

Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploits the vulnerability could decrypt the passwords and use them to elevate...

9CVSS7.3AI score0.65117EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2014/05/13 12:0 a.m.•4 views

VulnCheck KEV: CVE-2014-1815

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, as exploited in the wild in May 2014, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than...

9.3CVSS6.2AI score0.20263EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2014/05/13 12:0 a.m.•5 views

VulnCheck KEV: CVE-2014-1807

The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly implement file associations, which allows...

7.2CVSS5.8AI score0.01767EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2014/05/06 12:0 a.m.•5 views

VulnCheck KEV: CVE-2009-4140

Unrestricted file upload vulnerability in ofcuploadimage.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when registerglobals is enabled, allows remote authenticated users...

7.5CVSS5.8AI score0.75838EPSS
Exploits8References1
VulnCheck KEV
VulnCheck KEV
•added 2014/04/29 12:0 a.m.•4 views

VulnCheck KEV: CVE-2014-0515

Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014...

10CVSS6.2AI score0.94569EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2014/04/27 12:0 a.m.•5 views

VulnCheck KEV: CVE-2014-1776

Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code in the context of the current user...

10CVSS7.6AI score0.88013EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2014/03/24 12:0 a.m.•4 views

VulnCheck KEV: CVE-2014-1761

Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution...

9.3CVSS7.6AI score0.77734EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2014/03/13 12:0 a.m.•6 views

VulnCheck KEV: CVE-2013-2465

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to 2D...

10CVSS7AI score0.98704EPSS
Exploits10References1
VulnCheck KEV
VulnCheck KEV
•added 2014/02/28 12:0 a.m.•4 views

VulnCheck KEV: CVE-2014-0266

The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers...

7.1CVSS5.8AI score0.1941EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2014/02/26 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-7331

An information disclosure vulnerability exists in Internet Explorer which allows resources loaded into memory to be queried. This vulnerability could allow an attacker to detect anti-malware applications...

6.5CVSS6.6AI score0.58023EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2014/02/21 12:0 a.m.•2 views

VulnCheck KEV: CVE-2014-0502

Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code...

10CVSS6.3AI score0.24204EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2014/02/14 12:0 a.m.•3 views

VulnCheck KEV: CVE-2014-0322

Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code...

9.3CVSS7.4AI score0.85239EPSS
Exploits23References1
VulnCheck KEV
VulnCheck KEV
•added 2014/02/12 12:0 a.m.•5 views

VulnCheck KEV: CVE-2014-6293

SQL injection vulnerability in the Statistics kestats extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in February 2014...

7.5CVSS6.2AI score0.01688EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2014/02/12 12:0 a.m.•5 views

VulnCheck KEV: CVE-2014-0295

VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in February 2014, aka "VSAVB7RT ASLR Vulnerability."...

4.3CVSS6.2AI score0.13768EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2014/02/11 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-5330

Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210, and Adobe AIR SDK & Compiler before 3.9.0.1210 allow attackers to execute arbitrary code or...

10CVSS6.3AI score0.1129EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2014/02/11 12:0 a.m.•4 views

VulnCheck KEV: CVE-2014-0253

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service ASP.NET daemon hang via crafted HTTP requests that trigger persistent resource consumption for a 1 stale or...

5CVSS5.8AI score0.38697EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2014/02/07 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-1904

Absolute path traversal vulnerability in steps/mail/sendmail.inc in Roundcube Webmail before 0.7.3 and 0.8.x before 0.8.6 allows remote attackers to read arbitrary files via a full pathname in the value parameter for the genericmessagefooter setting in a save-perf action to index.php, as...

5CVSS6AI score0.02287EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2014/02/01 12:0 a.m.•4 views

VulnCheck KEV: CVE-2012-0773

The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers...

9.3CVSS6AI score0.05476EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2014/01/30 12:0 a.m.•3 views

VulnCheck KEV: CVE-2013-7246

Buffer overflow in the IconCreate method in an ActiveX control in the DaumGame ActiveX plugin 1.1.0.4 and 1.1.0.5 allows remote attackers to execute arbitrary code via a long string, as exploited in the wild in January 2014...

9.3CVSS6.2AI score0.1125EPSS
Exploits7References1
VulnCheck KEV
VulnCheck KEV
•added 2014/01/15 12:0 a.m.•3 views

VulnCheck KEV: CVE-2012-2520

Cross-site scripting XSS vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office...

4.3CVSS5.8AI score0.28477EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
•added 2014/01/02 12:0 a.m.•6 views

VulnCheck KEV: CVE-2013-5211

The monlist feature in ntprequest.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service traffic amplification via forged 1 REQMONGETLIST or 2 REQMONGETLIST1 requests, as exploited in the wild in December 2013...

5CVSS6.9AI score0.97549EPSS
Exploits23References1
VulnCheck KEV
VulnCheck KEV
•added 2013/12/23 12:0 a.m.•3 views

VulnCheck KEV: CVE-2013-7102

Multiple unrestricted file upload vulnerabilities in 1 media-upload.php, 2 media-upload-lncthumb.php, and 3 media-upload-sqbutton.php in lib/admin/ in the OptimizePress theme before 1.61 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable...

6.8CVSS6.2AI score0.14802EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
•added 2013/12/20 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-7149

SQL injection vulnerability in www/delivery/axmlrpc.php aka the XML-RPC delivery invocation script in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method...

7.5CVSS6.2AI score0.02011EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
•added 2013/12/11 12:0 a.m.•3 views

VulnCheck KEV: CVE-2013-5331

Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow remote attackers to execute arbitrary...

9.3CVSS5.9AI score0.72495EPSS
Exploits6References1
VulnCheck KEV
VulnCheck KEV
•added 2013/12/10 12:0 a.m.•3 views

VulnCheck KEV: CVE-2013-5057

hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted COM component on a web site that is visited with Internet Explorer, as exploited in the wild in...

4.3CVSS6.1AI score0.09926EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2013/12/10 12:0 a.m.•4 views

VulnCheck KEV: CVE-2013-5054

Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a web site, as exploited in the wild in 2013, aka "Token Hijacking Vulnerability."...

4.3CVSS5.8AI score0.12769EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
•added 2013/11/27 12:0 a.m.•5 views

VulnCheck KEV: CVE-2013-5065

Microsoft Windows NDProxy.sys in the kernel contains an improper input validation vulnerability which can allow a local attacker to escalate privileges...

7.8CVSS7.3AI score0.34893EPSS
Exploits16References1
VulnCheck KEV
VulnCheck KEV
•added 2013/11/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2013-6282

The getuser and putuser API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. This allows an application to read and write kernel memory which could lead to privilege escalation...

8.8CVSS7.4AI score0.39711EPSS
Exploits9References1
VulnCheck KEV
VulnCheck KEV
•added 2013/11/12 12:0 a.m.•6 views

VulnCheck KEV: CVE-2013-3918

Microsoft Windows contains an out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote...

9.3CVSS5.8AI score0.73872EPSS
Exploits3References1
Total number of security vulnerabilities4985