31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 1,001–1,050 of 1,619 in KEV · page 21 of 33
| ID | Title | Summary |
|---|---|---|
| CVE-2020-2021 | Palo Alto Networks PAN-OS Authentication Bypass Vulnerability KEVPalo Alto Networks | Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication. |
| CVE-2020-1956 | Apache Kylin OS Command Injection Vulnerability KEVApache | Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution. |
| CVE-2020-1938 | Apache Tomcat Improper Privilege Management Vulnerability KEVApache | Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are avail… |
| CVE-2020-17530 | Apache Struts Remote Code Execution Vulnerability KEVApache | Forced Object-Graph Navigation Language (OGNL) evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code executi… |
| CVE-2020-17519 | Apache Flink Improper Access Control Vulnerability KEVApache | Apache Flink contains an improper access control vulnerability that allows an attacker to read any file on the local filesystem of the JobManager through its R… |
| CVE-2020-17496 | vBulletin PHP Module Remote Code Execution Vulnerability KEVvBulletin | The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via crafted subWidgets data in an ajax/render/widge… |
| CVE-2020-17463 | Fuel CMS SQL Injection Vulnerability KEVFuel CMS | FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. |
| CVE-2020-17144 | Microsoft Exchange Server Remote Code Execution Vulnerability KEVMicrosoft | Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution. |
| CVE-2020-17087 | Microsoft Windows Kernel Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2020-16846 | SaltStack Salt Shell Injection Vulnerability KEVSaltStack | SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. Thi… |
| CVE-2020-1631 | Juniper Junos OS Path Traversal Vulnerability KEVJuniper | A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-R… |
| CVE-2020-16017 | Google Chrome Use-After-Free Vulnerability KEVGoogle | Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox… |
| CVE-2020-16013 | Google Chromium V8 Incorrect Implementation Vulnerabililty KEVGoogle | Google Chromium V8 Engine contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a cra… |
| CVE-2020-16010 | Google Chrome for Android UI Heap Buffer Overflow Vulnerability KEVGoogle | Google Chrome for Android UI contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentia… |
| CVE-2020-16009 | Google Chromium V8 Type Confusion Vulnerability KEVGoogle | Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.… |
| CVE-2020-15999 | Google Chrome FreeType Heap Buffer Overflow Vulnerability KEVGoogle | Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png… |
| CVE-2020-15505 | Ivanti MobileIron Multiple Products Remote Code Execution Vulnerability KEVIvanti | Ivanti MobileIron's Core & Connector, Sentry, and Monitor and Reporting Database (RDB) products contain an unspecified vulnerability that allows for remote cod… |
| CVE-2020-15415 | DrayTek Multiple Vigor Routers OS Command Injection Vulnerability KEVDrayTek | DrayTek Vigor3900, Vigor2960, and Vigor300B devices contain an OS command injection vulnerability in cgi-bin/mainfunction.cgi/cvmcfgupload that allows for remo… |
| CVE-2020-15069 | Sophos XG Firewall Buffer Overflow Vulnerability KEVSophos | Sophos XG Firewall contains a buffer overflow vulnerability that allows for remote code execution via the "HTTP/S bookmark" feature. |
| CVE-2020-14883 | Oracle WebLogic Server Unspecified Vulnerability KEVOracle | Oracle WebLogic Server contains an unspecified vulnerability in the Console component with high impacts to confidentilaity, integrity, and availability. |
| CVE-2020-14882 | Oracle WebLogic Server Remote Code Execution Vulnerability KEVOracle | Oracle WebLogic Server contains an unspecified vulnerability, which is assessed to allow for remote code execution, based on this vulnerability being related t… |
| CVE-2020-14871 | Oracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability KEVOracle | Oracle Solaris and Oracle ZFS Storage Appliance Kit contain an unspecified vulnerability causing high impacts to confidentiality, integrity, and availability o… |
| CVE-2020-14864 | Oracle Business Intelligence Enterprise Edition Path Transversal KEVOracle | Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system fil… |
| CVE-2020-14750 | Oracle WebLogic Server Remote Code Execution Vulnerability KEVOracle | Oracle WebLogic Server contains an unspecified vulnerability allowing an unauthenticated attacker to perform remote code execution. This vulnerability is relat… |
| CVE-2020-1472 | Microsoft Netlogon Privilege Escalation Vulnerability KEVMicrosoft | Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel … |
| CVE-2020-14644 | Oracle WebLogic Server Remote Code Execution Vulnerability KEVOracle | Oracle WebLogic Server, a product within the Fusion Middleware suite, contains a deserialization vulnerability. Unauthenticated attackers with network access v… |
| CVE-2020-1464 | Microsoft Windows Spoofing Vulnerability KEVMicrosoft | Microsoft Windows contains a spoofing vulnerability when Windows incorrectly validates file signatures, allowing an attacker to bypass security features and lo… |
| CVE-2020-13965 | Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability KEVRoundcube | Roundcube Webmail contains a cross-site scripting (XSS) vulnerability that allows a remote attacker to manipulate data via a malicious XML attachment. |
| CVE-2020-13927 | Apache Airflow's Experimental API Authentication Bypass KEVApache | The previous default setting for Airflow's Experimental API was to allow all API requests without authentication. |
| CVE-2020-1380 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability KEVMicrosoft | Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user. |
| CVE-2020-13671 | Drupal core Un-restricted Upload of File KEVDrupal | Improper sanitization in the extension file names is present in Drupal core. |
| CVE-2020-1350 | Microsoft Windows DNS Server Remote Code Execution Vulnerability KEVMicrosoft | Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Accoun… |
| CVE-2020-12812 | Fortinet FortiOS SSL VPN Improper Authentication Vulnerability KEVFortinet | Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second fa… |
| CVE-2020-12641 | Roundcube Webmail Remote Code Execution Vulnerability KEVRoundcube | Roundcube Webmail contains an remote code execution vulnerability that allows attackers to execute code via shell metacharacters in a configuration setting for… |
| CVE-2020-12271 | Sophos SFOS SQL Injection Vulnerability KEVSophos | Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the U… |
| CVE-2020-11978 | Apache Airflow Command Injection KEVApache | A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow. |
| CVE-2020-11899 | Treck TCP/IP stack Out-of-Bounds Read Vulnerability KEVTreck TCP/IP stack | The Treck TCP/IP stack contains an IPv6 out-of-bounds read vulnerability. |
| CVE-2020-11738 | WordPress Snap Creek Duplicator Plugin File Download Vulnerability KEVWordPress | WordPress Snap Creek Duplicator plugin contains a file download vulnerability when an administrator creates a new copy of their site that allows an attacker to… |
| CVE-2020-11652 | SaltStack Salt Path Traversal Vulnerability KEVSaltStack | SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users w… |
| CVE-2020-11651 | SaltStack Salt Authentication Bypass Vulnerability KEVSaltStack | SaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerabili… |
| CVE-2020-1147 | Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability KEVMicrosoft | Microsoft .NET Framework, Microsoft SharePoint, and Visual Studio contain a remote code execution vulnerability when the software fails to check the source mar… |
| CVE-2020-11261 | Qualcomm Multiple Chipsets Improper Input Validation Vulnerability KEVQualcomm | Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute,… |
| CVE-2020-11023 | JQuery Cross-Site Scripting (XSS) Vulnerability KEVJQuery | JQuery contains a persistent cross-site scripting (XSS) vulnerability. When passing maliciously formed, untrusted input enclosed in HTML tags, JQuery's DOM man… |
| CVE-2020-10987 | Tenda AC1900 Router AC15 Model Remote Code Execution Vulnerability KEVTenda | Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter. |
| CVE-2020-1054 | Microsoft Win32k Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Win32k contains a privilege escalation vulnerability when the Windows kernel-mode driver fails to properly handle objects in memory. Successful explo… |
| CVE-2020-1040 | Microsoft Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability KEVMicrosoft | Microsoft Hyper-V RemoteFX vGPU contains an improper input validation vulnerability due to the host server failing to properly validate input from an authentic… |
| CVE-2020-1027 | Microsoft Windows Kernel Privilege Escalation Vulnerability KEVMicrosoft | An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnera… |
| CVE-2020-10221 | rConfig OS Command Injection Vulnerability KEVrConfig | rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metac… |
| CVE-2020-1020 | Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability KEVMicrosoft | Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript … |
| CVE-2020-10199 | Sonatype Nexus Repository Remote Code Execution Vulnerability KEVSonatype | Sonatype Nexus Repository contains an unspecified vulnerability that allows for remote code execution. |