31,509 indexed
CVECVE vulnerabilities
31,509 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 1,101–1,150 of 1,619 in KEV · page 23 of 33
| ID | Title | Summary |
|---|---|---|
| CVE-2019-3568 | WhatsApp VOIP Stack Buffer Overflow Vulnerability KEVMeta Platforms | A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. |
| CVE-2019-3398 | Atlassian Confluence Server and Data Center Path Traversal Vulnerability KEVAtlassian | Atlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote a… |
| CVE-2019-3396 | Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability KEVAtlassian | Atlassian Confluence Server and Data Center contain a server-side template injection vulnerability that may allow an attacker to achieve path traversal and rem… |
| CVE-2019-3010 | Oracle Solaris Privilege Escalation Vulnerability KEVOracle | Oracle Solaris component: XScreenSaver contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2019-2725 | Oracle WebLogic Server, Injection KEVOracle | Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). |
| CVE-2019-2616 | Oracle BI Publisher Unauthorized Access Vulnerability KEVOracle | Oracle BI Publisher, formerly XML Publisher, contains an unspecified vulnerability that allows for various unauthorized actions. Open-source reporting attribut… |
| CVE-2019-2215 | Android Kernel Use-After-Free Vulnerability KEVAndroid | Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. This vulnerabi… |
| CVE-2019-20500 | D-Link DWL-2600AP Access Point Command Injection Vulnerability KEVD-Link | D-Link DWL-2600AP access point contains an authenticated command injection vulnerability via the Save Configuration functionality in the Web interface, using s… |
| CVE-2019-20085 | TVT NVMS-1000 Directory Traversal Vulnerability KEVTVT | TVT devices utilizing NVMS-1000 software contain a directory traversal vulnerability via GET /.. requests. |
| CVE-2019-19781 | Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability KEVCitrix | Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker… |
| CVE-2019-19356 | Netis WF2419 Devices Remote Code Execution Vulnerability KEVNetis | Netis WF2419 devices contains an unspecified vulnerability that allows an attacker to perform remote code execution as root through the router's web management… |
| CVE-2019-19006 | CVE-2019-19006 KEVCVSS 9.8sangoma | Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control. |
| CVE-2019-18988 | TeamViewer Desktop Bypass Remote Login Vulnerability KEVTeamViewer | TeamViewer Desktop allows for bypass of remote-login access control because the same AES key is used for different customers' installations. If an attacker wer… |
| CVE-2019-18935 | Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability KEVProgress | Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the ser… |
| CVE-2019-18426 | WhatsApp Cross-Site Scripting Vulnerability KEVMeta Platforms | A vulnerability in WhatsApp Desktop when paired with WhatsApp for iPhone allows cross-site scripting and local file reading. |
| CVE-2019-18187 | Trend Micro OfficeScan Directory Traversal Vulnerability KEVTrend Micro | Trend Micro OfficeScan contains a directory traversal vulnerability by extracting files from a zip file to a specific folder on the OfficeScan server, leading … |
| CVE-2019-17621 | D-Link DIR-859 Router Command Execution Vulnerability KEVD-Link | D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. Exploitation allows an unauthenticated remote attacker to… |
| CVE-2019-17558 | Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability KEVApache | The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution. |
| CVE-2019-17026 | Mozilla Firefox And Thunderbird Type Confusion Vulnerability KEVMozilla | Mozilla Firefox and Thunderbird contain a type confusion vulnerability due to incorrect alias information in the IonMonkey JIT compiler when setting array elem… |
| CVE-2019-16928 | Exim Out-of-bounds Write Vulnerability KEVExim | Exim contains an out-of-bounds write vulnerability which can allow for remote code execution. |
| CVE-2019-16920 | D-Link Multiple Routers Command Injection Vulnerability KEVD-Link | Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system compromise. |
| CVE-2019-16759 | vBulletin PHP Module Remote Code Execution Vulnerability KEVvBulletin | The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfig[code] parameter in an ajax/ren… |
| CVE-2019-1653 | Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability KEVCisco | Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contain improper access controls for URLs. Exploitation could allow an attacker to download t… |
| CVE-2019-1652 | Cisco Small Business Routers Improper Input Validation Vulnerability KEVCisco | A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote… |
| CVE-2019-16278 | Nostromo nhttpd Directory Traversal Vulnerability KEVNostromo | Nostromo nhttpd contains a directory traversal vulnerability in the http_verify() function in a non-chrooted nhttpd server allowing for remote code execution. |
| CVE-2019-16256 | SIMalliance Toolbox Browser Command Injection Vulnerability KEVSIMalliance | SIMalliance Toolbox Browser contains an command injection vulnerability that could allow remote attackers to retrieve location and IMEI information or execute … |
| CVE-2019-16057 | D-Link DNS-320 Remote Code Execution Vulnerability KEVD-Link | The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution. |
| CVE-2019-15949 | Nagios XI Remote Code Execution Vulnerability KEVNagios | Nagios XI contains a remote code execution vulnerability in which a user can modify the check_plugin executable and insert malicious commands to execute as roo… |
| CVE-2019-1579 | Palo Alto Networks PAN-OS Remote Code Execution Vulnerability KEVPalo Alto Networks | Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled. |
| CVE-2019-15752 | Docker Desktop Community Edition Privilege Escalation Vulnerability KEVDocker | Docker Desktop Community Edition contains a vulnerability that may allow local users to escalate privileges by placing a trojan horse docker-credential-wincred… |
| CVE-2019-15271 | Cisco RV Series Routers Deserialization of Untrusted Data Vulnerability KEVCisco | A deserialization of untrusted data vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an attack… |
| CVE-2019-15107 | Webmin Command Injection Vulnerability KEVWebmin | An issue was discovered in Webmin. The parameter old in password_change.cgi contains a command injection vulnerability. |
| CVE-2019-1458 | Microsoft Win32k Privilege Escalation Vulnerability KEVMicrosoft | A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP. |
| CVE-2019-1429 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability KEVMicrosoft | Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user. |
| CVE-2019-1405 | Microsoft Windows Universal Plug and Play (UPnP) Service Privilege Escalation Vulnerability KEVMicrosoft | A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation. |
| CVE-2019-1388 | Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context. |
| CVE-2019-1385 | Microsoft Windows AppX Deployment Extensions Privilege Escalation Vulnerability KEVMicrosoft | A privilege escalation vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system… |
| CVE-2019-13720 | Google Chrome WebAudio Use-After-Free Vulnerability KEVGoogle | Google Chrome WebAudio contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2019-1367 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability KEVMicrosoft | Microsoft Internet Explorer contains a memory corruption vulnerability in how the scripting engine handles objects in memory. Successful exploitation allows fo… |
| CVE-2019-13608 | Citrix StoreFront Server XML External Entity (XXE) Processing Vulnerability KEVCitrix | Citrix StoreFront Server contains an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sens… |
| CVE-2019-13272 | Linux Kernel Improper Privilege Management Vulnerability KEVLinux | Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability that allows local users to obtain root access. |
| CVE-2019-1322 | Microsoft Windows Privilege Escalation Vulnerability KEVMicrosoft | A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability … |
| CVE-2019-1315 | Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability KEVMicrosoft | A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vul… |
| CVE-2019-12991 | Citrix SD-WAN and NetScaler Command Injection Vulnerability KEVCitrix | Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance. |
| CVE-2019-12989 | Citrix SD-WAN and NetScaler SQL Injection Vulnerability KEVCitrix | Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection. |
| CVE-2019-1297 | Microsoft Excel Remote Code Execution Vulnerability KEVMicrosoft | A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory. |
| CVE-2019-1253 | Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability KEVMicrosoft | A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions. |
| CVE-2019-1215 | Microsoft Windows Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows contains an unspecified vulnerability due to the way ws2ifsl.sys (Winsock) handles objects in memory, allowing for privilege escalation. Succ… |
| CVE-2019-1214 | Microsoft Windows Privilege Common Log File System (CLFS) Escalation Vulnerability KEVMicrosoft | Microsoft Windows Common Log File System (CLFS) driver improperly handles objects in memory which can allow for privilege escalation. |
| CVE-2019-11708 | Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability KEVMozilla | Mozilla Firefox and Thunderbird contain a sandbox escape vulnerability that could result in remote code execution. |