31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 901–950 of 1,619 in KEV · page 19 of 33
| ID | Title | Summary |
|---|---|---|
| CVE-2021-20090 | Arcadyan Buffalo Firmware Path Traversal Vulnerability KEVArcadyan | Arcadyan Buffalo firmware contains a path traversal vulnerability that could allow unauthenticated, remote attackers to bypass authentication and access sensit… |
| CVE-2021-20038 | SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability KEVSonicWall | SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution. |
| CVE-2021-20035 | SonicWall SMA100 Appliances OS Command Injection Vulnerability KEVSonicWall | SonicWall SMA100 appliances contain an OS command injection vulnerability in the management interface that allows a remote authenticated attacker to inject arb… |
| CVE-2021-20028 | SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability KEVSonicWall | SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection. |
| CVE-2021-20023 | SonicWall Email Security Path Traversal Vulnerability KEVSonicWall | SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability… |
| CVE-2021-20022 | SonicWall Email Security Unrestricted Upload of File Vulnerability KEVSonicWall | SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file t… |
| CVE-2021-20021 | SonicWall Email Security Improper Privilege Management Vulnerability KEVSonicWall | SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a craft… |
| CVE-2021-20016 | SonicWall SSLVPN SMA100 SQL Injection Vulnerability KEVSonicWall | SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker. |
| CVE-2021-1906 | Qualcomm Multiple Chipsets Detection of Error Condition Without Action Vulnerability KEVQualcomm | Multiple Qualcomm chipsets contain a detection of error condition without action vulnerability when improper handling of address deregistration on failure can … |
| CVE-2021-1905 | Qualcomm Multiple Chipsets Use-After-Free Vulnerability KEVQualcomm | Multiple Qualcomm Chipsets contain a use after free vulnerability due to improper handling of memory mapping of multiple processes simultaneously. |
| CVE-2021-1879 | Apple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability KEVApple | Apple iOS, iPadOS, and watchOS WebKit contain an unspecified vulnerability that allows for universal cross-site scripting (XSS) when processing maliciously cra… |
| CVE-2021-1871 | Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability KEVApple | Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact H… |
| CVE-2021-1870 | Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability KEVApple | Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact H… |
| CVE-2021-1789 | Apple Multiple Products Type Confusion Vulnerability KEVApple | A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution. |
| CVE-2021-1782 | Apple Multiple Products Race Condition Vulnerability KEVApple | Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condition vulnerability that may allow a malicious application to elevate privileges. |
| CVE-2021-1732 | Microsoft Win32k Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2021-1675 | Microsoft Windows Print Spooler Remote Code Execution Vulnerability KEVMicrosoft | Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution. |
| CVE-2021-1647 | Microsoft Defender Remote Code Execution Vulnerability KEVMicrosoft | Microsoft Defender contains an unspecified vulnerability that allows for remote code execution. |
| CVE-2021-1498 | Cisco HyperFlex HX Data Platform Command Injection Vulnerability KEVCisco | Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an af… |
| CVE-2021-1497 | Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability KEVCisco | Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an af… |
| CVE-2021-1048 | Android Kernel Use-After-Free Vulnerability KEVAndroid | Android kernel contains a use-after-free vulnerability that allows for privilege escalation. |
| CVE-2021-0920 | Android Kernel Race Condition Vulnerability KEVAndroid | Android kernel contains a race condition, which allows for a use-after-free vulnerability. Exploitation can allow for privilege escalation. |
| CVE-2020-9934 | Apple iOS, iPadOS, and macOS Input Validation Vulnerability KEVApple | Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user informatio… |
| CVE-2020-9907 | Apple Multiple Products Memory Corruption Vulnerability KEVApple | Apple iOS, iPadOS, and tvOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges. |
| CVE-2020-9859 | Apple Multiple Products Code Execution Vulnerability KEVApple | Apple iOS, iPadOS, macOS, watchOS, and tvOS contain an unspecified vulnerability that may allow an application to execute code with kernel privileges. |
| CVE-2020-9819 | Apple iOS, iPadOS, and watchOS Memory Corruption Vulnerability KEVApple | Apple iOS, iPadOS, and watchOS Mail contains a memory corruption vulnerability that may allow heap corruption when processing a maliciously crafted mail messag… |
| CVE-2020-9818 | Apple iOS, iPadOS, and watchOS Out-of-Bounds Write Vulnerability KEVApple | Apple iOS, iPadOS, and watchOS Mail contains an out-of-bounds write vulnerability which may allow memory modification or application termination when processin… |
| CVE-2020-9715 | Adobe Acrobat Use-After-Free Vulnerability KEVAdobe | Adobe Acrobat contains a use-after-free vulnerability that allows for code execution |
| CVE-2020-9377 | D-Link DIR-610 Devices Remote Command Execution KEVD-Link | D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php. |
| CVE-2020-9054 | Zyxel Multiple NAS Devices OS Command Injection Vulnerability KEVZyxel | Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated a… |
| CVE-2020-8816 | Pi-Hole AdminLTE Remote Code Execution Vulnerability KEVPi-hole | Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. |
| CVE-2020-8657 | EyesOfNetwork Use of Hard-Coded Credentials Vulnerability KEVEyesOfNetwork | EyesOfNetwork contains a use of hard-coded credentials vulnerability, as it uses the same API key by default. Exploitation allows an attacker to calculate or g… |
| CVE-2020-8655 | EyesOfNetwork Improper Privilege Management Vulnerability KEVEyesOfNetwork | EyesOfNetwork contains an improper privilege management vulnerability that may allow a user to run commands as root via a crafted Nmap Scripting Engine (NSE) s… |
| CVE-2020-8644 | PlaySMS Server-Side Template Injection Vulnerability KEVPlaySMS | PlaySMS contains a server-side template injection vulnerability that allows for remote code execution. |
| CVE-2020-8599 | Trend Micro Apex One and OfficeScan Authentication Bypass Vulnerability KEVTrend Micro | Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations a… |
| CVE-2020-8515 | Multiple DrayTek Vigor Routers Web Management Page Vulnerability KEVDrayTek | DrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution. |
| CVE-2020-8468 | Trend Micro Multiple Products Content Validation Escape Vulnerability KEVTrend Micro | Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to man… |
| CVE-2020-8467 | Trend Micro Apex One and OfficeScan Remote Code Execution Vulnerability KEVTrend Micro | Trend Micro Apex One and OfficeScan contain an unspecified vulnerability within a migration tool component that allows for remote code execution. |
| CVE-2020-8260 | Ivanti Pulse Connect Secure Code Execution Vulnerability KEVIvanti | Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction. |
| CVE-2020-8243 | Ivanti Pulse Connect Secure Code Execution Vulnerability KEVIvanti | Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom temp… |
| CVE-2020-8218 | Pulse Connect Secure Code Injection Vulnerability KEVPulse Secure | A code injection vulnerability exists in Pulse Connect Secure that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web… |
| CVE-2020-8196 | Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability KEVCitrix | Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability. |
| CVE-2020-8195 | Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability KEVCitrix | Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability. |
| CVE-2020-8193 | Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability KEVCitrix | Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated acce… |
| CVE-2020-7961 | Liferay Portal Deserialization of Untrusted Data Vulnerability KEVLiferay | Liferay Portal contains a deserialization of untrusted data vulnerability that allows remote attackers to execute code via JSON web services. |
| CVE-2020-7796 | Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability KEVSynacor | Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery vulnerability if WebEx zimlet installed and zimlet JSP is enabled. |
| CVE-2020-7247 | OpenSMTPD Remote Code Execution Vulnerability KEVOpenBSD | smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafte… |
| CVE-2020-6820 | Mozilla Firefox And Thunderbird Use-After-Free Vulnerability KEVMozilla | Mozilla Firefox and Thunderbird contain a race condition vulnerability when handling a ReadableStream under certain conditions. The race condition creates a us… |
| CVE-2020-6819 | Mozilla Firefox And Thunderbird Use-After-Free Vulnerability KEVMozilla | Mozilla Firefox and Thunderbird contain a race condition vulnerability when running the nsDocShell destructor under certain conditions. The race condition crea… |
| CVE-2020-6572 | Google Chrome Media Use-After-Free Vulnerability KEVGoogle | Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page. |