31,509 indexed
CVECVE vulnerabilities
31,509 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 1,151–1,200 of 1,619 in KEV · page 24 of 33
| ID | Title | Summary |
|---|---|---|
| CVE-2019-11707 | Mozilla Firefox and Thunderbird Type Confusion Vulnerability KEVMozilla | Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing… |
| CVE-2019-11634 | Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability KEVCitrix | Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enfo… |
| CVE-2019-11581 | Atlassian Jira Server and Data Center Server-Side Template Injection Vulnerability KEVAtlassian | Atlassian Jira Server and Data Center contain a server-side template injection vulnerability which can allow for remote code execution. |
| CVE-2019-11580 | Atlassian Crowd and Crowd Data Center Remote Code Execution Vulnerability KEVAtlassian | Atlassian Crowd and Crowd Data Center contain a remote code execution vulnerability resulting from a pdkinstall development plugin being incorrectly enabled in… |
| CVE-2019-11539 | Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability KEVIvanti | Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands. |
| CVE-2019-11510 | Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability KEVIvanti | Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send … |
| CVE-2019-1132 | Microsoft Win32k Privilege Escalation Vulnerability KEVMicrosoft | A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. |
| CVE-2019-1130 | Microsoft Windows AppX Deployment Service Privilege Escalation Vulnerability KEVMicrosoft | A privilege escalation vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. |
| CVE-2019-1129 | Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability KEVMicrosoft | A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could… |
| CVE-2019-11043 | PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability KEVPHP | In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of … |
| CVE-2019-11001 | Reolink Multiple IP Cameras OS Command Injection Vulnerability KEVReolink | Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W IP cameras contain an authenticated OS command injection vulnerability. This vulnerability allows an a… |
| CVE-2019-10758 | MongoDB mongo-express Remote Code Execution Vulnerability KEVMongoDB | mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. |
| CVE-2019-1069 | Microsoft Task Scheduler Privilege Escalation Vulnerability KEVMicrosoft | A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations. |
| CVE-2019-1064 | Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability KEVMicrosoft | A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could… |
| CVE-2019-10149 | Exim Mail Transfer Agent (MTA) Improper Input Validation KEVExim | Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. |
| CVE-2019-10068 | Kentico Xperience Deserialization of Untrusted Data Vulnerability KEVKentico | Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code execution. |
| CVE-2019-1003030 | Jenkins Matrix Project Plugin Remote Code Execution Vulnerability KEVJenkins | Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution. |
| CVE-2019-1003029 | Jenkins Script Security Plugin Sandbox Bypass Vulnerability KEVJenkins | Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox. |
| CVE-2019-0903 | Microsoft GDI Remote Code Execution Vulnerability KEVMicrosoft | A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who success… |
| CVE-2019-0880 | Microsoft Windows Privilege Escalation Vulnerability KEVMicrosoft | A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could e… |
| CVE-2019-0863 | Microsoft Windows Error Reporting (WER) Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows Error Reporting (WER) contains a privilege escalation vulnerability due to the way it handles files, allowing for code execution in kernel mo… |
| CVE-2019-0859 | Microsoft Win32k Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Win32k fails to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode. |
| CVE-2019-0841 | Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability KEVMicrosoft | A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could… |
| CVE-2019-0808 | Microsoft Win32k Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Win32k contains a privilege escalation vulnerability due to the component failing to properly handle objects in memory. Successful exploitation allow… |
| CVE-2019-0803 | Microsoft Win32k Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Win32k contains an unspecified vulnerability due to it failing to properly handle objects in memory causing privilege escalation. Successful exploita… |
| CVE-2019-0797 | Microsoft Win32k Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Win32k contains a privilege escalation vulnerability when the Win32k component fails to properly handle objects in memory. Successful exploitation al… |
| CVE-2019-0752 | Microsoft Internet Explorer Type Confusion Vulnerability KEVMicrosoft | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer |
| CVE-2019-0708 | Microsoft Remote Desktop Services Remote Code Execution Vulnerability KEVMicrosoft | Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect… |
| CVE-2019-0703 | Microsoft Windows SMB Information Disclosure Vulnerability KEVMicrosoft | An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, which could lead to information disclosure from… |
| CVE-2019-0676 | Microsoft Internet Explorer Information Disclosure Vulnerability KEVMicrosoft | An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnera… |
| CVE-2019-0604 | Microsoft SharePoint Remote Code Execution Vulnerability KEVMicrosoft | Microsoft SharePoint fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run remote code … |
| CVE-2019-0543 | Microsoft Windows Privilege Escalation Vulnerability KEVMicrosoft | A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability … |
| CVE-2019-0541 | Microsoft MSHTML Remote Code Execution Vulnerability KEVMicrosoft | Microsoft MSHTML engine contains an improper input validation vulnerability that allows for remote code execution vulnerability. |
| CVE-2019-0344 | SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability KEVSAP | SAP Commerce Cloud (formerly known as Hybris) contains a deserialization of untrusted data vulnerability within the mediaconversion and virtualjdbc extension t… |
| CVE-2019-0211 | Apache HTTP Server Privilege Escalation Vulnerability KEVApache | Apache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-proces… |
| CVE-2019-0193 | Apache Solr DataImportHandler Code Injection Vulnerability KEVApache | The optional Apache Solr module DataImportHandler contains a code injection vulnerability. |
| CVE-2018-9276 | Paessler PRTG Network Monitor OS Command Injection Vulnerability KEVPaessler | Paessler PRTG Network Monitor contains an OS command injection vulnerability that allows an attacker with administrative privileges to execute commands via the… |
| CVE-2018-8653 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability KEVMicrosoft | Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execut… |
| CVE-2018-8639 | Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability KEVMicrosoft | Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker… |
| CVE-2018-8611 | Microsoft Windows Kernel Privilege Escalation Vulnerability KEVMicrosoft | A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. |
| CVE-2018-8589 | Microsoft Win32k Privilege Escalation Vulnerability KEVMicrosoft | A privilege escalation vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited this vulnerability coul… |
| CVE-2018-8581 | Microsoft Exchange Server Privilege Escalation Vulnerability KEVMicrosoft | A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonat… |
| CVE-2018-8453 | Microsoft Win32k Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows Win32k contains a vulnerability that allows an attacker to escalate privileges. |
| CVE-2018-8440 | Microsoft Windows Privilege Escalation Vulnerability KEVMicrosoft | An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). |
| CVE-2018-8414 | Microsoft Windows Shell Remote Code Execution Vulnerability KEVMicrosoft | A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths. |
| CVE-2018-8406 | Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability KEVMicrosoft | An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. |
| CVE-2018-8405 | Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability KEVMicrosoft | An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. |
| CVE-2018-8373 | Microsoft Scripting Engine Memory Corruption Vulnerability KEVMicrosoft | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. |
| CVE-2018-8298 | ChakraCore Scripting Engine Type Confusion Vulnerability KEVChakraCore | The ChakraCore scripting engine contains a type confusion vulnerability which can allow for remote code execution. |
| CVE-2018-8174 | Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability KEVMicrosoft | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution" |