31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 951–1,000 of 1,619 in KEV · page 20 of 33
| ID | Title | Summary |
|---|---|---|
| CVE-2020-6418 | Google Chromium V8 Type Confusion Vulnerability KEVGoogle | Google Chromium V8 Engine contains a type confusion vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This… |
| CVE-2020-6287 | SAP NetWeaver Missing Authentication for Critical Function Vulnerability KEVSAP | SAP NetWeaver Application Server Java Platforms contains a missing authentication for critical function vulnerability allowing unauthenticated access to execut… |
| CVE-2020-6207 | SAP Solution Manager Missing Authentication for Critical Function Vulnerability KEVSAP | SAP Solution Manager User Experience Monitoring contains a missing authentication for critical function vulnerability which results in complete compromise of a… |
| CVE-2020-5902 | F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution Vulnerability KEVF5 | F5 BIG-IP Traffic Management User Interface (TMUI) contains a remote code execution vulnerability in undisclosed pages. |
| CVE-2020-5849 | Unraid Authentication Bypass Vulnerability KEVUnraid | Unraid contains an authentication bypass vulnerability that allows attackers to gain access to the administrative interface. This CVE is chainable with CVE-202… |
| CVE-2020-5847 | Unraid Remote Code Execution Vulnerability KEVUnraid | Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable wi… |
| CVE-2020-5741 | Plex Media Server Remote Code Execution Vulnerability KEVPlex | Plex Media Server contains a remote code execution vulnerability that allows an attacker with access to the server administrator's Plex account to upload a mal… |
| CVE-2020-5735 | Amcrest Cameras and NVR Stack-based Buffer Overflow Vulnerability KEVAmcrest | Amcrest cameras and NVR contain a stack-based buffer overflow vulnerability through port 37777 that allows an unauthenticated, remote attacker to crash the dev… |
| CVE-2020-5722 | Grandstream Networks UCM6200 Series SQL Injection Vulnerability KEVGrandstream | Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. Exploitation can allow for code execution as root. |
| CVE-2020-5410 | VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability KEVVMware Tanzu | Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files. |
| CVE-2020-5135 | SonicWall SonicOS Buffer Overflow Vulnerability KEVSonicWall | A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malici… |
| CVE-2020-4430 | IBM Data Risk Manager Directory Traversal Vulnerability KEVIBM | IBM Data Risk Manager contains a directory traversal vulnerability that could allow a remote authenticated attacker to traverse directories and send a speciall… |
| CVE-2020-4428 | IBM Data Risk Manager Remote Code Execution Vulnerability KEVIBM | IBM Data Risk Manager contains an unspecified vulnerability which could allow a remote, authenticated attacker to execute commands on the system.� |
| CVE-2020-4427 | IBM Data Risk Manager Security Bypass Vulnerability KEVIBM | IBM Data Risk Manager contains a security bypass vulnerability that could allow a remote attacker to bypass security restrictions when configured with SAML aut… |
| CVE-2020-4006 | Multiple VMware Products Command Injection Vulnerability KEVVMware | VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with net… |
| CVE-2020-3992 | VMware ESXi OpenSLP Use-After-Free Vulnerability KEVVMware | VMware ESXi OpenSLP contains a use-after-free vulnerability that allows an attacker residing in the management network with access to port 427 to perform remot… |
| CVE-2020-3952 | VMware vCenter Server Information Disclosure Vulnerability KEVVMware | VMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service (vmdir) when the Platform Services Controller (PSC) does… |
| CVE-2020-3950 | VMware Multiple Products Privilege Escalation Vulnerability KEVVMware | VMware Fusion, Remote Console (VMRC) for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries th… |
| CVE-2020-3837 | Apple Multiple Products Memory Corruption Vulnerability KEVApple | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges. |
| CVE-2020-36193 | PEAR Archive_Tar Improper Link Resolution Vulnerability KEVPEAR | PEAR Archive_Tar Tar.php allows write operations with directory traversal due to inadequate checking of symbolic links. PEAR stands for PHP Extension and Appli… |
| CVE-2020-3580 | Cisco ASA and FTD Cross-Site Scripting (XSS) Vulnerability KEVCisco | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an insufficient input validation vulnerability for user-supplied input by th… |
| CVE-2020-35730 | Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability KEVRoundcube | Roundcube Webmail contains a cross-site scripting (XSS) vulnerability that allows an attacker to send a plain text e-mail message with Javascript in a link ref… |
| CVE-2020-3569 | Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability KEVCisco | Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow… |
| CVE-2020-3566 | Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability KEVCisco | Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow… |
| CVE-2020-3452 | Cisco ASA and FTD Read-Only Path Traversal Vulnerability KEVCisco | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an improper input validation vulnerability when HTTP requests process URLs. … |
| CVE-2020-3433 | Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability KEVCisco | Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by… |
| CVE-2020-3259 | Cisco ASA and FTD Information Disclosure Vulnerability KEVCisco | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an information disclosure vulnerability. An attacker could retrieve memory c… |
| CVE-2020-3161 | Cisco IP Phones Web Server Remote Code Execution and Denial-of-Service Vulnerability KEVCisco | Cisco IP Phones contain an improper input validation vulnerability for HTTP requests. Exploitation could allow an attacker to execute code remotely with root p… |
| CVE-2020-3153 | Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability KEVCisco | Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be ab… |
| CVE-2020-3118 | Cisco IOS XR Software Discovery Protocol Format String Vulnerability KEVCisco | Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent … |
| CVE-2020-29583 | Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability KEVZyxel | Zyxel firewalls (ATP, USG, VM) and AP Controllers (NXC2500 and NXC5500) contain a use of hard-coded credentials vulnerability in an undocumented account ("zyfw… |
| CVE-2020-29574 | CyberoamOS (CROS) SQL Injection Vulnerability KEVSophos | CyberoamOS (CROS) contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely. |
| CVE-2020-29557 | D-Link DIR-825 R1 Devices Buffer Overflow Vulnerability KEVD-Link | D-Link DIR-825 R1 devices contain a buffer overflow vulnerability in the web interface that may allow for remote code execution. |
| CVE-2020-28949 | PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability KEVPEAR | PEAR Archive_Tar allows an unserialization attack because phar: is blocked but PHAR: is not blocked. PEAR stands for PHP Extension and Application Repository a… |
| CVE-2020-2883 | Oracle WebLogic Server Unspecified Vulnerability KEVOracle | Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an unspecified vulnerability exploitable by an unauthenticated attacker with net… |
| CVE-2020-27950 | Apple Multiple Products Memory Initialization Vulnerability KEVApple | Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory. |
| CVE-2020-27932 | Apple Multiple Products Type Confusion Vulnerability KEVApple | Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges. |
| CVE-2020-27930 | Apple Multiple Products Memory Corruption Vulnerability KEVApple | Apple iOS, iPadOS, macOS, and watchOS FontParser contain a memory corruption vulnerability which may allow for code execution when processing maliciously craft… |
| CVE-2020-26919 | Netgear JGS516PE Devices Missing Function Level Access Control Vulnerability KEVNETGEAR | Netgear JGS516PE devices contain a missing function level access control vulnerability. |
| CVE-2020-2555 | Oracle Multiple Products Remote Code Execution Vulnerability KEVOracle | Multiple Oracle products contain a remote code execution vulnerability that allows an unauthenticated attacker with network access via T3 or HTTP to takeover t… |
| CVE-2020-2551 | Oracle Fusion Middleware Unspecified Vulnerability KEVOracle | Oracle Fusion Middleware contains an unspecified vulnerability in the WLS Core Components that allows an unauthenticated attacker with network access via IIOP … |
| CVE-2020-25506 | D-Link DNS-320 Device Command Injection Vulnerability KEVD-Link | D-Link DNS-320 device contains a command injection vulnerability in the sytem_mgr.cgi component that may allow for remote code execution. |
| CVE-2020-25223 | Sophos SG UTM Remote Code Execution Vulnerability KEVSophos | A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM. |
| CVE-2020-25213 | WordPress File Manager Plugin Remote Code Execution Vulnerability KEVWordPress | WordPress File Manager plugin contains a remote code execution vulnerability that allows unauthenticated users to execute PHP code and upload malicious files o… |
| CVE-2020-2509 | QNAP Network-Attached Storage (NAS) Command Injection Vulnerability KEVQNAP | QNAP NAS devices contain a command injection vulnerability which could allow attackers to perform remote code execution. |
| CVE-2020-25079 | D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability KEVD-Link | D-Link DCS-2530L and DCS-2670L devices contains a command injection vulnerability in the cgi-bin/ddns_enc.cgi. The impacted products could be end-of-life (EoL)… |
| CVE-2020-25078 | D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability KEVD-Link | D-Link DCS-2530L and DCS-2670L devices contains an unspecified vulnerability that could allow for remote administrator password disclosure. The impacted produc… |
| CVE-2020-2506 | QNAP Helpdesk Improper Access Control Vulnerability KEVQNAP Systems | QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information. |
| CVE-2020-24557 | Trend Micro Multiple Products Improper Access Control Vulnerability KEVTrend Micro | Trend Micro Apex One, OfficeScan, and Worry-Free Business Security on Microsoft Windows contain an improper access control vulnerability that may allow an atta… |
| CVE-2020-24363 | TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability KEVTP-Link | TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the sa… |