31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 701–750 of 1,619 in KEV · page 15 of 33
| ID | Title | Summary |
|---|---|---|
| CVE-2022-1364 | Google Chromium V8 Type Confusion Vulnerability KEVGoogle | Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.… |
| CVE-2022-1096 | Google Chromium V8 Type Confusion Vulnerability KEVGoogle | Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.… |
| CVE-2022-1040 | Sophos Firewall Authentication Bypass Vulnerability KEVSophos | An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution. |
| CVE-2022-0847 | Linux Kernel Privilege Escalation Vulnerability KEVLinux | Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerabili… |
| CVE-2022-0609 | Google Chromium Animation Use-After-Free Vulnerability KEVGoogle | Google Chromium Animation contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.… |
| CVE-2022-0543 | Debian-specific Redis Server Lua Sandbox Escape Vulnerability KEVRedis | Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. |
| CVE-2022-0492 | Linux Kernel Improper Authentication Vulnerability KEVCVSS 7.8Linux | Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 release_agent feature. |
| CVE-2022-0185 | Linux Kernel Heap-Based Buffer Overflow Vulnerability KEVLinux | Linux kernel contains a heap-based buffer overflow vulnerability in the legacy_parse_param function in the Filesystem Context functionality. This allows an att… |
| CVE-2022-0028 | Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability KEVPalo Alto Networks | A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service… |
| CVE-2021-45382 | D-Link Multiple Routers Remote Code Execution Vulnerability KEVD-Link | A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file. |
| CVE-2021-45046 | Apache Log4j2 Deserialization of Untrusted Data Vulnerability KEVApache | Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern i… |
| CVE-2021-44529 | Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability KEVIvanti | Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code… |
| CVE-2021-44515 | Zoho Desktop Central Authentication Bypass Vulnerability KEVZoho | Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server. |
| CVE-2021-44228 | Apache Log4j2 Remote Code Execution Vulnerability KEVApache | Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code executio… |
| CVE-2021-44207 | Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability KEVAcclaim Systems | Acclaim Systems USAHERDS contains a hard-coded credentials vulnerability that could allow an attacker to achieve remote code execution on the system that runs … |
| CVE-2021-44168 | Fortinet FortiOS Arbitrary File Download KEVFortinet | Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files. |
| CVE-2021-44077 | Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability KEVZoho | Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remot… |
| CVE-2021-44026 | Roundcube Webmail SQL Injection Vulnerability KEVRoundcube | Roundcube Webmail is vulnerable to SQL injection via search or search_params. |
| CVE-2021-43890 | Microsoft Windows AppX Installer Spoofing Vulnerability KEVMicrosoft | Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability. |
| CVE-2021-43798 | Grafana Path Traversal Vulnerability KEVGrafana Labs | Grafana contains a path traversal vulnerability that could allow access to local files. |
| CVE-2021-43226 | Microsoft Windows Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows Common Log File System Driver contains a privilege escalation vulnerability that could allow a local, privileged attacker to bypass certain s… |
| CVE-2021-42321 | Microsoft Exchange Server Remote Code Execution Vulnerability KEVMicrosoft | An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution. |
| CVE-2021-42292 | Microsoft Excel Security Feature Bypass KEVMicrosoft | A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution. |
| CVE-2021-42287 | Microsoft Active Directory Domain Services Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2021-42278 | Microsoft Active Directory Domain Services Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2021-42258 | BQE BillQuick Web Suite SQL Injection Vulnerability KEVBQE | BQE BillQuick Web Suite contains an SQL injection vulnerability when accessing the username parameter that may allow for unauthenticated, remote code execution. |
| CVE-2021-42237 | Sitecore XP Remote Command Execution Vulnerability KEVSitecore | Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution. |
| CVE-2021-42013 | Apache HTTP Server Path Traversal Vulnerability KEVApache | Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by … |
| CVE-2021-41773 | Apache HTTP Server Path Traversal Vulnerability KEVApache | Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by … |
| CVE-2021-41379 | Microsoft Windows Installer Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2021-41357 | Microsoft Win32k Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2021-41277 | Metabase GeoJSON API Local File Inclusion Vulnerability KEVMetabase | Metabase contains a local file inclusion vulnerability in the custom map support in the API to read GeoJSON formatted data. |
| CVE-2021-4102 | Google Chromium V8 Use-After-Free Vulnerability KEVGoogle | Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.… |
| CVE-2021-40870 | Aviatrix Controller Unrestricted Upload of File KEVAviatrix | Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal. |
| CVE-2021-40655 | D-Link DIR-605 Router Information Disclosure Vulnerability KEVD-Link | D-Link DIR-605 routers contain an information disclosure vulnerability that allows attackers to obtain a username and password by forging a post request to the… |
| CVE-2021-40539 | Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability KEVZoho | Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution. |
| CVE-2021-40450 | Microsoft Win32k Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2021-40449 | Microsoft Windows Win32k Privilege Escalation Vulnerability KEVMicrosoft | Unspecified vulnerability allows for an authenticated user to escalate privileges. |
| CVE-2021-40444 | Microsoft MSHTML Remote Code Execution Vulnerability KEVMicrosoft | Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution. |
| CVE-2021-40438 | Apache HTTP Server-Side Request Forgery (SSRF) KEVApache | A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4… |
| CVE-2021-40407 | Reolink RLC-410W IP Camera OS Command Injection Vulnerability KEVReolink | Reolink RLC-410W IP cameras contain an authenticated OS command injection vulnerability in the device network settings functionality. |
| CVE-2021-4034 | Red Hat Polkit Out-of-Bounds Read and Write Vulnerability KEVRed Hat | The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights. |
| CVE-2021-39935 | GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability KEVGitLab | GitLab Community and Enterprise Editions contain a server-side request forgery vulnerability which could allow unauthorized external users to perform Server Si… |
| CVE-2021-39793 | Google Pixel Out-of-Bounds Write Vulnerability KEVGoogle | Google Pixel contains a possible out-of-bounds write due to a logic error in the code that could lead to local escalation of privilege. |
| CVE-2021-39226 | Grafana Authentication Bypass Vulnerability KEVGrafana Labs | Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and delete all snapshot data, potentially r… |
| CVE-2021-39144 | XStream Remote Code Execution Vulnerability KEVXStream | XStream contains a remote code execution vulnerability that allows an attacker to manipulate the processed input stream and replace or inject objects that resu… |
| CVE-2021-38649 | Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation. |
| CVE-2021-38648 | Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation. |
| CVE-2021-38647 | Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability KEVMicrosoft | Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution. |
| CVE-2021-38646 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability KEVMicrosoft | Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution. |