Known Exploited Vulnerabilities Catalog

Download CSV version

Download JSON version

Download JSON schema

Subscribe to the Known Exploited Vulnerabilities Catalog Update Bulletin

Back to previous page for background on known exploited vulnerabilities

CVE Vendor/Project Product Vulnerability Name Date Added to Catalog Short Description Action Due Date Notes
CVE-2021-27104 Accellion
FTA Accellion FTA OS Command Injection Vulnerability 2021-11-03 Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-27102 Accellion
FTA Accellion FTA OS Command Injection Vulnerability 2021-11-03 Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-27101 Accellion
FTA Accellion FTA SQL Injection Vulnerability 2021-11-03 Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-27103 Accellion
FTA Accellion FTA SSRF Vulnerability 2021-11-03 Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-21017 Adobe
Acrobat and Reader Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability 2021-11-03 Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-28550 Adobe
Acrobat and Reader Adobe Acrobat and Reader Use-After-Free Vulnerability 2021-11-03 Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Apply updates per vendor instructions. 2021-11-17  
CVE-2018-4939 Adobe
ColdFusion Adobe ColdFusion Deserialization of Untrusted Data vulnerability 2021-11-03 Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution. Apply updates per vendor instructions. 2022-05-03  
CVE-2018-15961 Adobe
ColdFusion Adobe ColdFusion Remote Code Execution 2021-11-03 Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. Apply updates per vendor instructions. 2022-05-03  
CVE-2018-4878 Adobe
Flash Player Adobe Flash Player Use-After-Free Vulnerability 2021-11-03 A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018. The impacted product is end-of-life and should be disconnected if still in use. 2022-05-03  
CVE-2020-5735 Amcrest
Cameras and Network Video Recorder (NVR) Amcrest Camera and NVR Buffer Overflow Vulnerability 2021-11-03 Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code. Apply updates per vendor instructions. 2022-05-03  
CVE-2019-2215 Android
Android OS Android "AbstractEmu" Root Access Vulnerabilities 2021-11-03 Apply updates per vendor instructions. 2022-05-03  
CVE-2020-0041 Android
Android OS Android "AbstractEmu" Root Access Vulnerabilities 2021-11-03 Apply updates per vendor instructions. 2022-05-03  
CVE-2020-0069 Android
Android OS Android "AbstractEmu" Root Access Vulnerabilities 2021-11-03 Apply updates per vendor instructions. 2022-05-03  
CVE-2017-9805 Apache
Struts Apache Struts Multiple Versions Remote Code Execution Vulnerability 2021-11-03 The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 contains a vulnerability which can lead to Remote Code Execution. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-42013 Apache
HTTP Server Apache HTTP Server 2.4.49 and 2.4.50 Path Traversal 2021-11-03 Apache HTTP server vulnerabilities allow an attacker to use a path traversal attack to map URLs to files outside the expected document root and perform Remote Code Execution. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-41773 Apache
HTTP Server Apache HTTP Server Path Traversal Vulnerability 2021-11-03 A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013. Apply updates per vendor instructions. 2021-11-17  
CVE-2019-0211 Apache
HTTP Server Apache HTTP Server scoreboard vulnerability 2021-11-03 In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected. Apply updates per vendor instructions. 2022-05-03  
CVE-2016-4437 Apache
Shiro Apache Shiro 1.2.4 Cookie RememberME Deserial Remote Code Execution Vulnerability 2021-11-03 Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter. Apply updates per vendor instructions. 2022-05-03  
CVE-2019-17558 Apache
Solr Apache Solr 5.0.0-8.3.1 Remote Code Execution Vulnerability 2021-11-03 Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user). Apply updates per vendor instructions. 2022-05-03  
CVE-2020-17530 Apache
Struts Apache Struts Forced OGNL Double Evaluation Remote Code Execution 2021-11-03 Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25. Apply updates per vendor instructions. 2022-05-03  
CVE-2017-5638 Apache
Struts Apache Struts Jakarta Multipart parser exception handling vulnerability 2021-11-03 The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. Apply updates per vendor instructions. 2022-05-03  
CVE-2018-11776 Apache
Struts Apache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16 Remote Code Execution Vulnerability 2021-11-03 Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 contain a vulnerability which can allow for remote code execution. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-30858 Apple
iOS and iPadOS Apple Apple iOS and iPadOS Use-After-Free Vulnerability 2021-11-03 Apple iOS and iPadOS Arbitrary Code Execution Apply updates per vendor instructions. 2021-11-17  
CVE-2019-6223 Apple
FaceTime Apple FaceTime Vulnerability 2021-11-03 A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. The initiator of a Group FaceTime call may be able to cause the recipient to answer. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-30860 Apple
iOS Apple iOS "FORCEDENTRY" Remote Code Execution Vulnerability 2021-11-03 An integer overflow was addressed with improved input validation vulnerability affecting iOS devices that allows for remote code execution. Apply updates per vendor instructions. 2021-11-17  
CVE-2020-27930 Apple
iOS and macOS Apple iOS and macOS FontParser Remote Code Execution Vulnerability 2021-11-03 A memory corruption issue was addressed with improved input validation. Processing a maliciously crafted font may lead to arbitrary code execution. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-30807 Apple
iOS and macOS Apple iOS and macOS Memory Corruption Vulnerability 2021-11-03 Apply updates per vendor instructions. 2021-11-17  
CVE-2020-27950 Apple
iOS and macOS Apple iOS and macOS Kernel Memory Initialization Vulnerability 2021-11-03 A malicious application may be able to disclose kernel memory. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-27932 Apple
iOS and macOS Apple iOS and macOS Kernel Type Confusion Vulnerability 2021-11-03 A malicious application may be able to execute arbitrary code with kernel privileges. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-9818 Apple
iOS Mail Apple iOS Mail OOB Vulnerability 2021-11-03 Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-9819 Apple
iOS Mail Apple iOS Mail Heap Overflow Vulnerability 2021-11-03 Processing a maliciously crafted mail message may lead to heap corruption. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-30762 Apple
iOS Apple WebKit Browser Engine Use-After-Free Vulnerability 2021-11-03 Use after free issue. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-1782 Apple
iOS Apple iOS Privilege Escalation and Code Execution Chain 2021-11-03 A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-1870 Apple
iOS Apple iOS Privilege Escalation and Code Execution Chain 2021-11-03 A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-1871 Apple
iOS Apple iOS Privilege Escalation and Code Execution Chain 2021-11-03 A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-1879 Apple
iOS Apple iOS Webkit Browser Engine XSS 2021-11-03 Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-30661 Apple
iOS Apple iOS Webkit Storage Use-After-Free Remote Code Execution Vulnerability 2021-11-03 Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-30666 Apple
iOS Apple iOS12.x Buffer Overflow 2021-11-03 Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-30713 Apple
macOS Apple macOS Input Validation Error 2021-11-03 A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-30657 Apple
macOS Apple macOS Policy Subsystem Gatekeeper Bypass 2021-11-03 A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-30665 Apple
Safari Apple Safari Webkit Browser Engine Buffer Overflow Vulnerability 2021-11-03 Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-30663 Apple
Safari Apple Safari Webkit Browser Engine Integer Overflow Vulnerability 2021-11-03 Integer overflow. Processing maliciously crafted web content may lead to arbitrary code execution. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-30761 Apple
iOS Apple WebKit Browser Engine Memory Corruption Vulnerability 2021-11-03 Memory corruption issue. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-30869 Apple
iOS, macOS, and iPadOS Apple XNU Kernel Type Confusion 2021-11-03 Apple XNU kernel contains a type confusion vulnerability which allows a malicious application to execute arbitrary code with kernel privileges. Apply updates per vendor instructions. 2021-11-17  
CVE-2020-9859 Apple
iOS and iPadOS Apple 11-13.5 XNU Kernel Vulnerability 2021-11-03 A memory consumption issue was addressed with improved memory handling. An application may be able to execute arbitrary code with kernel privileges. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-20090 Arcadyan
Buffalo WSR-2533DHPL2 and WSR-2533DHP3 firmware Arcadyan Buffalo Firmware Multiple Versions Path Traversal 2021-11-03 A path traversal vulnerability in Arcadyan firmware could allow unauthenticated remote attackers to bypass authentication. It impacts many routers. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-27562 Arm
Arm Trusted Firmware Arm Trusted Firmware M through 1.2 Denial-of-Service 2021-11-03 In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode. This vulnerability has known active exploitation against Yealink Device Management servers. It is assessed this product utilizes the affected Arm firmware. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-28664 Arm
Mali Graphics Processing Unit (GPU) Arm Mali GPU Kernel Boundary Error Vulnerability 2021-11-03 The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r8p0 through r30p0. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-28663 Arm
Mali Graphics Processing Unit (GPU) Arm Mali GPU Kernel Use-After-Free Vulnerability 2021-11-03 The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0. Apply updates per vendor instructions. 2021-11-17  
CVE-2019-3398 Atlassian
Confluence Atlassian Confluence Path Traversal Vulnerability 2021-11-03 Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-26084 Atlassian
Confluence Server Atlassian Confluence Server 2021-11-03 Atlassian Confluence Server The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5 contains an OGNL injection vulnerability which allows an attacker to execute arbitrary code. Apply updates per vendor instructions. 2021-11-17  
CVE-2019-11580 Atlassian
Crowd and Crowd Data Center Atlassian Crowd and Crowd Data Center Remote Code Execution Vulnerability 2021-11-03 Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5, from version 3.1.0 before 3.1.6, from version 3.2.0 before 3.2.8, from version 3.3.0 before 3.3.5, and from version 3.4.0 before 3.4.4 are affected by this vulnerability. Apply updates per vendor instructions. 2022-05-03  
CVE-2019-3396 Atlassian
Atlassian Confluence Server Remote code execution via Widget Connector macro Vulnerability 2021-11-03 Allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-42258 BQE
BillQuick Web Suite BQE BillQuick Web Suite Versions Prior to 22.0.9.1 (from 2018 through 2021) Remote Code Execution Vulnerability 2021-11-03 BQE BillQuick Web Suite 2018 through 2021 prior to 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. Apply updates per vendor instructions. 2021-11-17  
CVE-2020-3452 Cisco
Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Cisco Adaptive Security Appliance and Cisco Fire Power Threat Defense directory traversal sensitive file read 2021-11-03 A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-3580 Cisco
Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Cisco ASA and FTD XSS Vulnerabilities 2021-11-03 Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-1497 Cisco
HyperFlex HX Cisco HyperFlex HX Command Injection Vulnerabilities 2021-11-03 Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-1498 Cisco
HyperFlex HX Cisco HyperFlex HX Command Injection Vulnerabilities 2021-11-03 Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. Apply updates per vendor instructions. 2021-11-17  
CVE-2018-0171 Cisco
IOS and IOS XE Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability 2021-11-03 A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, Causing an indefinite loop on the affected device that triggers a watchdog crash. Cisco Bug IDs: CSCvg76186. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-3118 Cisco
IOS XR Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability 2021-11-03 A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Apply updates per vendor instructions. 2022-05-03  
CVE-2020-3566 Cisco
IOS XR Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability 2021-11-03 A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-3569 Cisco
IOS XR Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability 2021-11-03 Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other processes that are running on the device. These vulnerabilities are due to the incorrect handling of IGMP packets. An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to immediately crash the IGMP process or cause memory exhaustion, resulting in other processes becoming unstable. These processes may include, but are not limited to, interior and exterior routing protocols. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-3161 Cisco
IP Phones Cisco IP Phones Web Server DoS and Remote Code Execution Vulnerability 2021-11-03 A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition. Apply updates per vendor instructions. 2022-05-03  
CVE-2019-1653 Cisco
RV320 and RV325 Routers Cisco RV320 and RV325 Routers Improper Access Control Vulnerability (COVID-19-CTI list) 2021-11-03 A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Apply updates per vendor instructions. 2022-05-03  
CVE-2018-0296 Cisco
Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Cisco Adaptive Security Appliance Firepower Threat Defense Denial-of-Service/Directory Traversal vulnerability 2021-11-03 A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029. Apply updates per vendor instructions. 2022-05-03  
CVE-2019-13608 Citrix
StoreFront Server Citrix StoreFront Server Multiple Versions XML External Entity (XXE) 2021-11-03 Citrix StoreFront Server contains a XXE processing vulnerability that could allow an unauthenticated attacker to retrieve potentially sensitive information. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-8193 Citrix
Application Delivery Controller (ADC), Gateway, and SDWAN WANOP Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP Unauthenticated Authorization Bypass 2021-11-03 Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-8195 Citrix
Application Delivery Controller (ADC), Gateway, and SDWAN WANOP Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP Unauthenticated Authorization Bypass 2021-11-03 Application Delivery Controller (ADC), Gateway, and SDWAN WANOP Apply updates per vendor instructions. 2022-05-03  
CVE-2020-8196 Citrix
Application Delivery Controller (ADC), Gateway, and SDWAN WANOP Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP Unauthenticated Authorization Bypass 2021-11-03 Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users. Apply updates per vendor instructions. 2022-05-03  
CVE-2019-19781 Citrix
Application Delivery Controller (ADC) and Gateway Citrix Application Delivery Controller and Citrix Gateway Vulnerability 2021-11-03 Issue in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0 allowing Directory Traversal. Apply updates per vendor instructions. 2022-05-03  
CVE-2019-11634 Citrix
Workspace (for Windows) Citrix Workspace (for Windows) Prior to 1904 Improper Access Control 2021-11-03 Citrix Workspace app and Receiver for Windows prior to version 1904 contains an incorrect access control vulnerability which allows for code execution. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-29557 D-Link
DIR-825 R1 D-Link DIR-825 R1 Through 3.0.1 Before 11/2020 Buffer Overflow 2021-11-03 D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20 contain a vulnerability in the web interface allowing for remote code execution. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-25506 D-Link
DNS-320 D-Link DNS-320 Command Injection Remote Code Execution Vulnerability 2021-11-03 D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution. Apply updates per vendor instructions. 2022-05-03  
CVE-2018-15811 DNN
DotNetNuke (DNN) DotNetNuke 9.2-9.2.2 Encryption Algorithm Vulnerability 2021-11-03 DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters. Apply updates per vendor instructions. 2022-05-03  
CVE-2018-18325 DNN
DotNetNuke (DNN) DotNetNuke 9.2-9.2.2 Encryption Algorithm Vulnerability 2021-11-03 DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811. Apply updates per vendor instructions. 2022-05-03  
CVE-2017-9822 DNN
DotNetNuke (DNN) DotNetNuke before 9.1.1 Remote Code Execution Vulnerability 2021-11-03 DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites." Apply updates per vendor instructions. 2022-05-03  
CVE-2019-15752 Docker
Desktop Community Edition Docker Desktop Community Edition Privilege Escalation Vulnerability 2021-11-03 Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-8515 DrayTek
Vigor Router(s) DrayTek Vigor Router Vulnerability 2021-11-03 DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. Apply updates per vendor instructions. 2022-05-03  
CVE-2018-7600 Drupal
Drupal Drupal module configuration vulnerability 2021-11-03 Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-22205 ExifTool
ExifTool GitLab Community and Enterprise Editions From 11.9 Remote Code Execution Vulnerability 2021-11-03 Anyone with the ability to upload an image that goes through the GitLab Workhorse could achieve Remote Code Execution via a specially crafted file. Apply updates per vendor instructions. 2021-11-17  
CVE-2018-6789 Exim
Exim Exim Buffer Overflow Vulnerability 2021-11-03 Issue in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-8657 EyesOfNetwork
EyesOfNetwork EyesOfNetwork 5.3 Insufficient Credential Protection 2021-11-03 Issue in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-8655 EyesOfNetwork
EyesOfNetwork EyesOfNetwork 5.3 Privilege Escalation Vulnerability 2021-11-03 Issue in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted NSE script for nmap 7. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-5902 F5
BIG-IP F5 BIG-IP Traffic Management User Interface Remote Code Execution Vulnerability 2021-11-03 In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-22986 F5
BIG-IP F5 iControl REST unauthenticated Remote Code Execution Vulnerability 2021-11-03 The iControl REST interface has an unauthenticated remote command execution vulnerability. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-35464 ForgeRock
Access Management server ForgeRock Access Management Remote Code Execution Vulnerability 2021-11-03 ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server. Apply updates per vendor instructions. 2021-11-17  
CVE-2019-5591 Fortinet
FortiOS Fortinet FortiOS Default Configuration Vulnerability 2021-11-03 A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-12812 Fortinet
FortiOS Fortinet FortiOS SSL VPN 2FA Authentication Vulnerability 2021-11-03 An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username. Apply updates per vendor instructions. 2022-05-03  
CVE-2018-13379 Fortinet
FortiOS Fortinet FortiOS SSL VPN credential exposure vulnerability 2021-11-03 An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-16010 Google
Chrome for Android Google Chrome for Android Heap Overflow Vulnerability 2021-11-03 Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-15999 Google
Chrome Google Chrome FreeType Memory Corruption 2021-11-03 Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-21166 Google
Chrome Google Chrome Heap Buffer Overflow in WebAudio Vulnerability 2021-11-03 Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Apply updates per vendor instructions. 2021-11-17  
CVE-2020-16017 Google
Chrome Google Chrome Site Isolation Component Use-After-Free Remote Code Execution vulnerability 2021-11-03 Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-37976 Google
Chrome Google Chrome Information Leakage 2021-11-03 Information disclosure in Google Chrome that exists due to excessive data output in core. Apply updates per vendor instructions. 2021-11-17  
CVE-2020-16009 Google
Chromium V8 Engine Chromium V8 Implementation Vulnerability 2021-11-03 Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-30632 Google
Chrome Google Chrome Out-of-bounds write 2021-11-03 Google Chrome out-of-bounds write that allows to execute arbitrary code on the target system. Apply updates per vendor instructions. 2021-11-17  
CVE-2020-16013 Google
Chromium V8 Engine Chromium V8 Incorrect Implementation Vulnerabililty 2021-11-03 Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-30633 Google
Chrome Google Chrome Use-After-Free Vulnerability 2021-11-03 Google Chrome Use-After-Free vulnerability Apply updates per vendor instructions. 2021-11-17  
CVE-2021-21148 Google
Chromium V8 Engine Chromium V8 JavaScript Rendering Engine Heap Buffer Overflow Vulnerability 2021-11-03 Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-37973 Google
Chrome Google Chrome Use-After-Free Vulnerability 2021-11-03 Use-after-free weakness in Portals, Google's new web page navigation system for Chrome. Successful exploitation can let attackers to execute code. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-30551 Google
Chromium V8 Engine Chromium V8 Type Confusion Vulnerability 2021-11-03 Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-37975 Google
Chrome Google Chrome Use-After-Free Vulnerability 2021-11-03 Google Chrome use-after-free error within the V8 browser engine. Apply updates per vendor instructions. 2021-11-17  
CVE-2020-6418 Google
Chromium V8 Engine Chromium V8 Type Confusion Vulnerability 2021-11-03 Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-30554 Google
Chrome Google Chrome WebGL Use-After-Free Vulnerability 2021-11-03 Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-21206 Google
Chromium Blink Chromium Blink Use-After-Free Vulnerability 2021-11-03 Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-38000 Google
Chromium V8 Engine Google Chromium V8 Insufficient Input Validation Vulnerability 2021-11-03 Apply updates per vendor instructions. 2021-11-17  
CVE-2021-38003 Google
Chromium V8 Engine Google Chromium V8 Incorrect Implementation Vulnerability 2021-11-03 Apply updates per vendor instructions. 2021-11-17  
CVE-2021-21224 Google
Chromium V8 Engine Chromium V8 JavaScript Engine Remote Code Execution Vulnerability 2021-11-03 Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-21193 Google
Chromium V8 Engine Chromium V8 Use-After-Free Vulnerability 2021-11-03 Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-21220 Google
Chromium V8 Engine Chromium V8 Input Validation Vulnerability 2021-11-03 Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-30563 Google
Chrome Google Chrome Browser V8 Arbitrary Code Execution 2021-11-03 Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Apply updates per vendor instructions. 2021-11-17  
CVE-2020-4430 IBM
IBM Data Risk Manager IBM Data Risk Manager Arbritary File Download 2021-11-03 IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-4427 IBM
IBM Data Risk Manager IBM Data Risk Manager Authentication Bypass 2021-11-03 IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-4428 IBM
IBM Data Risk Manager IBM Data Risk Manager Command Injection 2021-11-03 IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533. Apply updates per vendor instructions. 2022-05-03  
CVE-2019-4716 IBM
IBM Planning Analytics IBM Planning Analytics configuration overwrite vulnerability 2021-11-03 IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094. Apply updates per vendor instructions. 2022-05-03  
CVE-2016-3715 ImageMagick
ImageMagick ImageMagick Ephemeral Coder Arbitrary File Deletion Vulnerability 2021-11-03 The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. Apply updates per vendor instructions. 2022-05-03  
CVE-2016-3718 ImageMagick
ImageMagick ImageMagick SSRF Vulnerability 2021-11-03 The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-15505 Ivanti
MobileIron Core & Connector MobileIron Core, Connector, Sentry, and RDM Remote Code Execution Vulnerability 2021-11-03 A remote code execution vulnerability that allows remote attackers to execute arbitrary code via unspecified vectors. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-30116 Kaseya
Kaseya VSA Kaseya VSA Remote Code Execution Vulnerability 2021-11-03 Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. Apply updates per vendor instructions. 2021-11-17  
CVE-2020-7961 LifeRay
Liferay Portal Liferay Portal prior to 7.2.1 CE GA2 Remote Code Execution Vulnerability 2021-11-03 Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS). Apply updates per vendor instructions. 2022-05-03  
CVE-2021-23874 McAfee
McAfee Total Protection (MTP) McAfee Total Protection MTP Arbitrary Process Execution 2021-11-03 Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-22506 Micro Focus
Micro Focus Access Manager Micro Focus Access Manager Earlier Than 5.0 Information Leakage 2021-11-03 Micro Focus Access Manager versions prior to 5.0 contain a vulnerability which allows for information leakage. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-22502 Micro Focus
Micro Focus Operation Bridge Reporter (OBR) Micro Focus Operation Bridge Report (OBR) Server Remote Code Execution Vulnerability 2021-11-03 Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server. Apply updates per vendor instructions. 2021-11-17  
CVE-2014-1812 Microsoft
Windows Microsoft Windows Group Policy Privilege Escalation 2021-11-03 Allows remote authenticated users to obtain sensitive credential information and consequently gain privileges by leveraging access to the SYSVOL share, as exploited in the wild in May 2014, aka "Group Policy Preferences Password Elevation of Privilege Vulnerability." Apply updates per vendor instructions. 2022-05-03  
CVE-2021-38647 Microsoft
Microsoft Azure Open Management Infrastructure (OMI) Microsoft Azure Open Management Infrastructure (OMI) Remote Code Execution Vulnerability 2021-11-03 Azure Open Management Infrastructure Remote Code Execution Vulnerability Apply updates per vendor instructions. 2021-11-17  
CVE-2016-0167 Microsoft
Windows Microsoft Windows Kernel 'Win32k.sys' Local Privilege Escalation Vulnerability 2021-11-03 The kernel-mode driver allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0165. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-0878 Microsoft
Microsoft Edge, Internet Explorer Microsoft Browser Memory Corruption Vulnerability 2021-11-03 A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-31955 Microsoft
Windows Microsoft Windows Kernel Information Disclosure Vulnerability 2021-11-03 Windows Kernel Information Disclosure Vulnerability Apply updates per vendor instructions. 2021-11-17  
CVE-2021-1647 Microsoft
Microsoft Defender Microsoft Defender Remote Code Execution Vulnerability 2021-11-03 Microsoft Defender Remote Code Execution Vulnerability Apply updates per vendor instructions. 2021-11-17  
CVE-2021-33739 Microsoft
Microsoft Desktop Window Manager (DWM) Microsoft DWM Core Library Privilege Escalation Vulnerability 2021-11-03 Microsoft Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability Apply updates per vendor instructions. 2021-11-17  
CVE-2016-0185 Microsoft
Windows Microsoft Windows Media Center Remote Code Execution vulnerability 2021-11-03 Media Center allows remote attackers to execute arbitrary code via a crafted Media Center link (aka .mcl) file, aka "Windows Media Center Remote Code Execution Vulnerability." Apply updates per vendor instructions. 2022-05-03  
CVE-2020-0683 Microsoft
Windows Microsoft Windows Installer Privilege Escalation Vulnerability 2021-11-03 A privilege escalation vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0686. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-17087 Microsoft
Windows Microsoft Windows Kernel Cryptography Driver Privilege Escalation Vulnerability 2021-11-03 Windows Kernel Local Privilege Escalation Vulnerability Apply updates per vendor instructions. 2022-05-03  
CVE-2021-33742 Microsoft
Microsoft MSHTML Microsoft MSHTML Platform Remote Code Execution Vulnerability 2021-11-03 Microsoft MSHTML Remote Code Execution Vulnerability Apply updates per vendor instructions. 2021-11-17  
CVE-2021-31199 Microsoft
Microsoft Enhanced Cryptographic Provider Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerabilities 2021-11-03 Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability. This CVE ID is unique from CVE-2021-31201. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-33771 Microsoft
Windows Microsoft Windows Kernel Privilege Escalation Vulnerability 2021-11-03 Windows Kernel Privilege Escalation Vulnerability. This CVE ID is unique from CVE-2021-31979, CVE-2021-34514. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-31956 Microsoft
Windows Microsoft Windows NTFS Privilege Escalation Vulnerability 2021-11-03 Windows NTFS Privilege Escalation Vulnerability Apply updates per vendor instructions. 2021-11-17  
CVE-2021-31201 Microsoft
Microsoft Enhanced Cryptographic Provider Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerabilities 2021-11-03 Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability. This CVE ID is unique from CVE-2021-31199. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-31979 Microsoft
Windows Microsoft Windows Kernel Privilege Escalation Vulnerability 2021-11-03 Windows Kernel Privilege Escalation Vulnerability. This CVE ID is unique from CVE-2021-33771, CVE-2021-34514. Apply updates per vendor instructions. 2021-11-17  
CVE-2020-0938 Microsoft
Windows, Windows Adobe Type Manager Library Microsoft Windows Type 1 Font Parsing Remote Code Execution Vulnerability 2021-11-03 A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format. This CVE ID is unique from CVE-2020-1020. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-17144 Microsoft
Microsoft Exchange Server Microsoft Exchange Remote Code Execution Vulnerability 2021-11-03 Microsoft Exchange Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-0986 Microsoft
Windows Microsoft Windows Kernel Privilege Escalation Vulnerability 2021-11-03 A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-1020 Microsoft
Windows, Windows Adobe Type Manager Library Microsoft Windows Type 1 Font Parsing Remote Code Execution Vulnerability 2021-11-03 A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format. This CVE ID is unique from CVE-2020-0938. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-38645 Microsoft
Microsoft Azure Open Management Infrastructure (OMI) Microsoft Azure Open Management Infrastructure (OMI) Privilege Escalation Vulnerability 2021-11-03 Open Management Infrastructure Privilege Escalation Vulnerability Apply updates per vendor instructions. 2021-11-17  
CVE-2021-34523 Microsoft
Microsoft Exchange Server Microsoft Exchange Server Privilege Escalation Vulnerability 2021-11-03 Microsoft Exchange Server Privilege Escalation Vulnerability. This CVE ID is unique from CVE-2021-33768, CVE-2021-34470. Apply updates per vendor instructions. 2021-11-17  
CVE-2017-7269 Microsoft
Internet Information Services (IIS) Microsft Windows Server 2003 R2 IIS WEBDAV buffer overflow Remote Code Execution vulnerability (COVID-19-CTI list) 2021-11-03 Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: Apply updates per vendor instructions. 2022-05-03  
CVE-2021-36948 Microsoft
Windows Microsoft Windows Update Medic Service Privilege Escalation Vulnerability 2021-11-03 Windows Update Medic Service Privilege Escalation Vulnerability Apply updates per vendor instructions. 2021-11-17  
CVE-2021-38649 Microsoft
Microsoft Azure Open Management Infrastructure (OMI) Microsoft Azure Open Management Infrastructure (OMI) Privilege Escalation Vulnerability 2021-11-03 Open Management Infrastructure Privilege Escalation Vulnerability Apply updates per vendor instructions. 2021-11-17  
CVE-2020-0688 Microsoft
Microsoft Exchange Server Microsoft Exchange Server Key Validation Vulnerability 2021-11-03 A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. Apply updates per vendor instructions. 2022-05-03  
CVE-2017-0143 Microsoft
SMBv1 server Microsoft Windows SMBv1 Remote Code Execution Vulnerability 2021-11-03 The SMBv1 server allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148. Apply updates per vendor instructions. 2022-05-03  
CVE-2016-7255 Microsoft
Windows Microsoft Windows Vista, 7, 8.1, 10 and Windows Server 2008, 2012, and 2016 Win32k Privilege Escalation Vulnerability 2021-11-03 The kernel-mode drivers allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability" Apply updates per vendor instructions. 2022-05-03  
CVE-2019-0708 Microsoft
Remote Desktop Services "BlueKeep" Microsoft Windows Remote Desktop Remote Code Execution Vulnerability 2021-11-03 A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-34473 Microsoft
Microsoft Exchange Server Microsoft Exchange Server Remote Code Execution Vulnerability 2021-11-03 Microsoft Exchange Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2021-31196, CVE-2021-31206. Apply updates per vendor instructions. 2021-11-17  
CVE-2020-1464 Microsoft
Windows Microsoft Windows Spoofing Vulnerability 2021-11-03 A spoofing vulnerability exists when Windows incorrectly validates file signatures. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-1732 Microsoft
Win32k Microsoft Win32k Privilege Escalation Vulnerability 2021-11-03 Windows Win32k Privilege Escalation Vulnerability. This CVE ID is unique from CVE-2021-1698. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-34527 Microsoft
Windows "PrintNightmare" - Microsoft Windows Print Spooler Remote Code Execution Vulnerability 2021-11-03 Windows Print Spooler Remote Code Execution Vulnerability Apply updates per vendor instructions. 2021-07-20  
CVE-2021-31207 Microsoft
Microsoft Exchange Server Microsoft Exchange Server Security Feature Bypass Vulnerability 2021-11-03 Microsoft Exchange Server Security Feature Bypass Vulnerability Apply updates per vendor instructions. 2021-11-17  
CVE-2019-0803 Microsoft
Win32k Microsoft Win32k Escalation Kernel Vulnerability 2021-11-03 A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0859. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-1040 Microsoft
Hyper-V RemoteFX vGPU Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability 2021-11-03 A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-28310 Microsoft
Win32k Microsoft Win32k Privilege Escalation Vulnerability 2021-11-03 Win32k Privilege Escalation Vulnerability. This CVE ID is unique from CVE-2021-27072. Apply updates per vendor instructions. 2021-11-17  
CVE-2020-1350 Microsoft
Windows "SigRed" - Microsoft Windows Domain Name System (DNS) Server Remote Code Execution Vulnerability 2021-11-03 A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. Apply updates per vendor instructions. 2020-07-24  
CVE-2021-26411 Microsoft
Microsoft Edge, Internet Explorer Microsoft Internet Explorer and Edge Memory Corruption Vulnerability 2021-11-03 Internet Explorer Memory Corruption Vulnerability Apply updates per vendor instructions. 2021-11-17  
CVE-2019-0859 Microsoft
Win32k Microsoft Win32k Escalation Kernel Vulnerability 2021-11-03 A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-40444 Microsoft
Microsoft MSHTML Microsoft Windows, Server (spec. IE) All Arbitrary Code Execution 2021-11-03 Microsoft MSHTML Remote Code Execution Vulnerability Apply updates per vendor instructions. 2021-11-17  
CVE-2017-8759 Microsoft
Microsoft .NET Framework .NET Framework Remote Code Execution vulnerability 2021-11-03 Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application. Apply updates per vendor instructions. 2022-05-03  
CVE-2018-8653 Microsoft
Internet Explorer Scripting Engine Microsoft Internet Explorer Scripting Engine JScript Memory Corruption Vulnerability 2021-11-03 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2018-8643. Apply updates per vendor instructions. 2022-05-03  
CVE-2019-0797 Microsoft
Win32k Microsoft Win32k.sys Driver Vulnerability 2021-11-03 A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0808. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-36942 Microsoft
Windows Microsoft Windows Local Security Authority (LSA) Spoofing 2021-11-03 Windows Local Security Authority (LSA) Spoofing Vulnerability "PetitPotam" Apply updates per vendor instructions. 2021-11-17  
CVE-2019-1215 Microsoft
Windows Microsoft Windows Winsock (ws2ifsl.sys) Vulnerability 2021-11-03 A privilege escalation vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303. Apply updates per vendor instructions. 2022-05-03  
CVE-2018-0798 Microsoft
Office Microsoft Office 2007 - 2016 Backdoor Exploitation Chain 2021-11-03 Allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". Apply updates per vendor instructions. 2022-05-03  
CVE-2018-0802 Microsoft
Office Microsoft Office 2007 - 2016 Backdoor Exploitation Chain 2021-11-03 Allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812. Apply updates per vendor instructions. 2022-05-03  
CVE-2012-0158 Microsoft
MSCOMCTL.OCX Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability 2021-11-03 Allows remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX Remote Code Execution Vulnerability. Apply updates per vendor instructions. 2022-05-03  
CVE-2015-1641 Microsoft
Office Microsoft Office Memory Corruption vulnerability 2021-11-03 Allows remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability." Apply updates per vendor instructions. 2022-05-03  
CVE-2021-27085 Microsoft
Internet Explorer Internet Explorer 11 Remote Code Execution Vulnerability 2021-11-03 Internet Explorer Remote Code Execution Vulnerability Apply updates per vendor instructions. 2021-11-17  
CVE-2019-0541 Microsoft
MSHTML engine Microsoft MSHTML Engine Remote Code Execution Vulnerability 2021-11-03 A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability. Apply updates per vendor instructions. 2022-05-03  
CVE-2017-11882 Microsoft
Office Microsoft Office memory corruption vulnerability 2021-11-03 Allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-0674 Microsoft
Internet Explorer Scripting Engine Internet Explorer 9-11 Scripting Engine Memory Corruption Vulnerability 2021-11-03 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-27059 Microsoft
Office Microsoft Office Remote Code Execution Vulnerability 2021-11-03 Microsoft Office Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2021-24108, CVE-2021-27057. Apply updates per vendor instructions. 2021-11-17  
CVE-2019-1367 Microsoft
Internet Explorer Scripting Engine Internet Explorer 9-11 Scripting Engine Memory Corruption Vulnerability 2021-11-03 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. This CVE ID is unique from CVE-2019-1221. Apply updates per vendor instructions. 2022-05-03  
CVE-2017-0199 Microsoft
Windows, Windows Server, Office Microsoft Office/WordPad Remote Code Execution Vulnerability with Windows API 2021-11-03 Allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API." Apply updates per vendor instructions. 2022-05-03  
CVE-2020-1380 Microsoft
Internet Explorer Scripting Engine Memory Corruption Vulnerability 2021-11-03 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1555, CVE-2020-1570. Apply updates per vendor instructions. 2022-05-03  
CVE-2019-1429 Microsoft
Internet Explorer Scripting Engine Internet Explorer 9-11 Scripting Engine Memory Corruption Vulnerability 2021-11-03 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428. Apply updates per vendor instructions. 2022-05-03  
CVE-2017-11774 Microsoft
Microsoft Outlook Microsoft Outlook Security Feature Bypass Vulnerability 2021-11-03 Allows an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability." Apply updates per vendor instructions. 2022-05-03  
CVE-2020-0968 Microsoft
Internet Explorer Scripting Engine Internet Explorer Scripting Engine Memory Corruption Vulnerability 2021-11-03 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. This CVE ID is unique from CVE-2020-0970. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-1472 Microsoft
Netlogon Remote Protocol (MS-NRPC) NetLogon Privilege Escalation Vulnerability 2021-11-03 A privilege escalation vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'. Apply updates per vendor instructions. 2020-09-21  
CVE-2021-26855 Microsoft
Microsoft Exchange Server Microsoft OWA Exchange Control Panel (ECP) Exploit Chain 2021-11-03 Microsoft Exchange Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. Apply updates per vendor instructions. 2021-04-16  
CVE-2021-26858 Microsoft
Microsoft Exchange Server Microsoft OWA Exchange Control Panel (ECP) Exploit Chain 2021-11-03 Microsoft Exchange Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-27078. Apply updates per vendor instructions. 2021-04-16  
CVE-2021-27065 Microsoft
Microsoft Exchange Server Microsoft OWA Exchange Control Panel (ECP) Exploit Chain 2021-11-03 Microsoft Exchange Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27078. Apply updates per vendor instructions. 2021-04-16  
CVE-2020-1054 Microsoft
Win32k Microsoft Win32k Privilege Escalation Vulnerability 2021-11-03 A privilege escalation vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory Apply updates per vendor instructions. 2022-05-03  
CVE-2021-1675 Microsoft
Windows Microsoft Windows Print Spooler Remote Code Execution Vulnerability 2021-11-03 Windows Print Spooler Privilege Escalation Vulnerability Apply updates per vendor instructions. 2021-11-17  
CVE-2021-34448 Microsoft
Scripting Engine Microsoft Scripting Engine Memory Corruption Vulnerability 2021-11-03 Scripting Engine Memory Corruption Vulnerability Apply updates per vendor instructions. 2021-11-17  
CVE-2020-0601 Microsoft
Windows CryptoAPI Microsoft Windows 10 API/ECC Vulnerability 2021-11-03 A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'. Apply updates per vendor instructions. 2020-01-29  
CVE-2019-0604 Microsoft
SharePoint Microsoft SharePoint Remote Code Execution Vulnerability 2021-11-03 A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-0646 Microsoft
Microsoft .NET Framework Microsoft .NET Framework Remote Code Execution Vulnerability 2021-11-03 A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'. Apply updates per vendor instructions. 2022-05-03  
CVE-2019-0808 Microsoft
Windows Microsoft Windows 7 win32k.sys Driver Vulnerability 2021-11-03 A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0797. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-26857 Microsoft
Microsoft Exchange Server Microsoft Unified Messaging Deserialization Vulnerability 2021-11-03 Microsoft Exchange Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. Apply updates per vendor instructions. 2021-04-16  
CVE-2020-1147 Microsoft
Microsoft .NET Framework, Microsoft SharePoint, Visual Studio Microsoft .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability 2021-11-03 A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. Apply updates per vendor instructions. 2022-05-03  
CVE-2019-1214 Microsoft
Windows Microsoft Windows Common Log File System (CLFS) Driver Vulnerability 2021-11-03 A privilege escalation vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'. Apply updates per vendor instructions. 2022-05-03  
CVE-2016-3235 Microsoft
Microsoft Visio/Office Microsoft Visio/Office OLE DLL Side Loading vulnerability 2021-11-03 Allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability." Apply updates per vendor instructions. 2022-05-03  
CVE-2019-0863 Microsoft
Windows Microsoft Windows Error Reporting (WER) Vulnerability 2021-11-03 A privilege escalation vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-36955 Microsoft
Windows Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability 2021-11-03 Microsoft Windows Common Log File System Driver contains an unspecified vulnerability which allows for privilege escalation. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-38648 Microsoft
Microsoft Azure Open Management Infrastructure (OMI) Microsoft Azure Open Management Infrastructure (OMI) Privilege Escalation Vulnerability 2021-11-03 Open Management Infrastructure Privilege Escalation Vulnerability Apply updates per vendor instructions. 2021-11-17  
CVE-2020-6819 Mozilla
nsDocShell destructor Mozilla Firefox 74 and Firefox ESR 68.6 nsDocShell vulnerability 2021-11-03 A race condition can cause a use-after-free when running the nsDocShell destructor. This vulnerability affects Thunderbird Apply updates per vendor instructions. 2022-05-03  
CVE-2020-6820 Mozilla
ReadableStream Mozilla Firefox 74 and Firefox ESR 68.6 ReadableStream vulnerability 2021-11-03 A race condition can cause a use-after-free when handling a ReadableStream. This vulnerability affects Thunderbird Apply updates per vendor instructions. 2022-05-03  
CVE-2019-17026 Mozilla
IonMonkey JIT compiler Mozilla Firefox IonMonkey JIT compiler Type Confusion Vulnerability 2021-11-03 Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. This vulnerability affects Firefox ESR Apply updates per vendor instructions. 2022-05-03  
CVE-2019-15949 Nagios
Nagios XI Nagios XI Remote Code Execution Vulnerability 2021-11-03 The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios user Apply updates per vendor instructions. 2022-05-03  
CVE-2020-26919 Netgear
NETGEAR JGS516PE devices Netgear ProSAFE Plus JGS516PE Remote Code Execution vulnerability 2021-11-03 NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level. Apply updates per vendor instructions. 2022-05-03  
CVE-2019-19356 Netis
Netis WF2419 Netis WF2419 Router Tracert Remote Code Execution vulnerability 2021-11-03 Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123 Apply updates per vendor instructions. 2022-05-03  
CVE-2020-2555 Oracle
Oracle Coherence Oracle Coherence Deserialization Remote Code Execution 2021-11-03 Allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence Apply updates per vendor instructions. 2022-05-03  
CVE-2012-3152 Oracle
Oracle Reports Developer Oracle Reports Developer Arbitrary File Read and Upload vulnerability 2021-11-03 Allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-14871 Oracle
Oracle Solaris Oracle Solaris Pluggable Authentication Module vulnerability 2021-11-03 Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. Apply updates per vendor instructions. 2022-05-03  
CVE-2015-4852 Oracle
Oracle WebLogic Server Oracle WebLogic Server Remote Code Execution Vulnerability 2021-11-03 Allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-14750 Oracle
Oracle WebLogic Server Oracle WebLogic Server Remote Code Execution Vulnerability 2021-11-03 Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-14882 Oracle
Oracle WebLogic Server Oracle WebLogic Server Remote Code Execution Vulnerability 2021-11-03 Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-14883 Oracle
Oracle WebLogic Server Oracle WebLogic Server Remote Code Execution Vulnerability 2021-11-03 Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-8644 PlaySMS
PlaySMS PlaySMS Remote Code Execution Vulnerability 2021-11-03 PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. Apply updates per vendor instructions. 2022-05-03  
CVE-2019-18935 Progess
ASP.NET AJAX Progress Telerik UI for ASP.NET deserialization bug 2021-11-03 Contains a .NET deserialization vulnerability in the RadAsyncUpload function that can result in remote code execution. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-22893 Pulse Secure
Pulse Connect Secure Pulse Connect Secure Remote Code Execution Vulnerability 2021-11-03 Vulnerability to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. Apply updates per vendor instructions. 2021-04-23  
CVE-2020-8243 Pulse Secure
Pulse Connect Secure Pulse Connect Secure Arbitrary Code Execution 2021-11-03 A vulnerability in the Pulse Connect Secure Apply updates per vendor instructions. 2021-04-23  
CVE-2021-22900 Pulse Secure
Pulse Connect Secure Pulse Connect Secure Arbitrary File Upload Vulnerability 2021-11-03 A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. Apply updates per vendor instructions. 2021-04-23  
CVE-2021-22894 Pulse Secure
Pulse Connect Secure Pulse Connect Secure Collaboration Suite Remote Code Execution Vulnerability 2021-11-03 A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room. Apply updates per vendor instructions. 2021-04-23  
CVE-2020-8260 Pulse Secure
Pulse Connect Secure Pulse Connect Secure Remote Code Execution Vulnerability 2021-11-03 A vulnerability in the Pulse Connect Secure Apply updates per vendor instructions. 2021-04-23  
CVE-2021-22899 Pulse Secure
Pulse Connect Secure Pulse Connect Secure Remote Code Execution Vulnerability 2021-11-03 Allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature. Apply updates per vendor instructions. 2021-04-23  
CVE-2019-11510 Pulse Secure
Pulse Connect Secure Pulse Connect Secure VPN arbitrary file reading vulnerability (COVID-19-CTI list) 2021-11-03 An unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability. Apply updates per vendor instructions. 2021-04-23  
CVE-2019-11539 Pulse Secure
Pulse Connect Secure, Policy Secure Pulse Connect Secure and Policy Secure Multiple Versions Code Execution 2021-11-03 Pulse Secure's Connect and Policy secure platforms contain a vulnerability in the admin web interface which allows an attacker to inject and execute commands. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-1906 Qualcomm
Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Qualcomm Improper Error Handling Vulnerability 2021-11-03 Improper handling of address deregistration on failure can lead to new GPU address allocation failure. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-1905 Qualcomm
Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Qualcomm Use-After-Free Vulnerability 2021-11-03 Possible use after free due to improper handling of memory mapping of multiple processes simultaneously Apply updates per vendor instructions. 2022-05-03  
CVE-2020-10221 rConfig
rConfig rConfig Remote Code Execution Vulnerability 2021-11-03 lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-35395 Realtek
Jungle Software Development Kit (SDK) Realtek SDK Arbitrary Code Execution 2021-11-03 Realtek Jungle SDK version v2.x up to v3.4.14B arbitrary code execution. Apply updates per vendor instructions. 2021-11-17  
CVE-2017-16651 Roundcube
Roundcube Webmail Roundcube Webmail File Disclosure Vulnerability 2021-11-03 Allows unauthorized access to arbitrary files on the host's filesystem, including configuration files. The issue is related to file-based attachment plugins and _task=settings&_action=upload-display&_from=timezone requests. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-11652 SaltStack
Salt SaltStack directory traversal failure to sanitize untrusted input 2021-11-03 The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-11651 SaltStack
Salt SaltStack Salt Authentication Bypass 2021-11-03 The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-16846 SaltStack
Salt SaltStack Through 3002 Shell Injection Vulnerability 2021-11-03 An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection. Apply updates per vendor instructions. 2022-05-03  
CVE-2018-2380 SAP
SAP CRM SAP NetWeaver AS JAVA CRM Remote Code Execution Vulnerability 2021-11-03 SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs. Apply updates per vendor instructions. 2022-05-03  
CVE-2010-5326 SAP
SAP NetWeaver Application Server Java platforms SAP NetWeaver AS JAVA Remote Code Execution Vulnerability 2021-11-03 The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request. Apply updates per vendor instructions. 2022-05-03  
CVE-2016-9563 SAP
SAP NetWeaver AS JAVA SAP NetWeaver AS JAVA XXE Vulnerability 2021-11-03 BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-6287 SAP
SAP NetWeaver AS JAVA (LM Configuration Wizard) SAP Netweaver JAVA remote unauthenticated access vulnerability 2021-11-03 SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-6207 SAP
SAP Solution Manager (User Experience Monitoring) SAP Solution Manager Missing Authentication Check Complete Compromise of SMD Agents vulnerability 2021-11-03 SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager. Apply updates per vendor instructions. 2022-05-03  
CVE-2016-3976 SAP
SAP NetWeaver AS Java SAP NetWeaver AS Java 7.1 - 7.5 Directory Traversal Vulnerability 2021-11-03 Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971. Apply updates per vendor instructions. 2022-05-03  
CVE-2019-16256 SIMalliance
SIMalliance Toolbox (S@T) Browser SIMalliance Toolbox (S@T) Browser Command and Control Vulnerability 2021-11-03 Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-10148 SolarWinds
SolarWinds Orion Platform SolarWinds Orion API Authentication Bypass Vulnerability 2021-11-03 The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-35211 SolarWinds
SolarWinds nServ-U SolarWinds Serv-U Remote Memory Escape Vulnerability 2021-11-03 Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. Apply updates per vendor instructions. 2021-11-17  
CVE-2016-3643 SolarWinds
SolarWinds Virtualization Manager SolarWinds Virtualization Manager Privilege Escalation Vulnerability 2021-11-03 SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd." Apply updates per vendor instructions. 2022-05-03  
CVE-2020-10199 Sonatype
Sonatype Nexus Repository Nexus Repository Manager 3 Remote Code Execution Vulnerability 2021-11-03 Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2). Apply updates per vendor instructions. 2022-05-03  
CVE-2021-20021 SonicWall
SonicWall Email Security SonicWall Email Security Privilege Escalation Exploit Chain 2021-11-03 A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. Apply updates per vendor instructions. 2021-11-17  
CVE-2019-7481 SonicWall
SMA100 SonicWall SMA100 9.0.0.3 and Earlier SQL Injection 2021-11-03 Vulnerability in SonicWall SMA100 versions 9.0.0.3 and earlier allow an unauthenticated user to gain read-only access to unauthorized resources. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-20022 SonicWall
SonicWall Email Security SonicWall Email Security Privilege Escalation Exploit Chain 2021-11-03 SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-20023 SonicWall
SonicWall Email Security SonicWall Email Security Privilege Escalation Exploit Chain 2021-11-03 SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-20016 SonicWall
SonicWall SSLVPN SMA100 SonicWall SSL VPN SMA100 SQL Injection Vulnerability 2021-11-03 Allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information in SMA100 build version 10.x. Apply updates per vendor instructions. 2021-11-17  
CVE-2020-12271 Sophos
Sophos XG Firewall devices Sophos XG Firewall SQL Injection Vulnerability 2021-11-03 A SQL injection issue that causes affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-10181 Sumavision
Sumavision Enhanced Multimedia Router (EMR) Sumavision EMR 3.0 CSRF Vulnerability 2021-11-03 goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges (administrator) on a device, as demonstrated by a setString=new_useradministrator123456 request. Apply updates per vendor instructions. 2022-05-03  
CVE-2017-6327 Symantec
Symantec Messaging Gateway Symantec Messaging Gateway Remote Code Execution Vulnerability 2021-11-03 The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution. Apply updates per vendor instructions. 2022-05-03  
CVE-2019-18988 TeamViewer
TeamViewer Desktop TeamViewer Desktop Bypass Remote Login 2021-11-03 Allows a bypass of remote-login access control because the same key is used for different customers' installations. Apply updates per vendor instructions. 2022-05-03  
CVE-2017-9248 Telerik
ASP.NET AJAX and Sitefinity Telerik UI for ASP.NET AJAX and Progress Sitefinity Cryptographic Weakness Vuln 2021-11-03 Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-31755 Tenda
Tenda AC11 devices Tenda AC11 Up to 02.03.01.104_CN Stack Buffer Overflow 2021-11-03 Tenda AC11 devices with firmware through 02.03.01.104_CN contain a stack buffer overflow vulnerability in /goform/setmac which allows for arbitrary execution. Apply updates per vendor instructions. 2021-11-17  
CVE-2020-10987 Tenda
Tenda AC15 AC1900 Tenda Router Code Execution 2021-11-03 The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter. Apply updates per vendor instructions. 2022-05-03  
CVE-2018-14558 Tenda
Tenda AC7, AC9, and AC10 devices Tenda Router Command Injection Vulnerability 2021-11-03 Issue on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Apply updates per vendor instructions. 2022-05-03  
CVE-2018-20062 ThinkPHP
NoneCms ThinkPHP Remote Code Execution Vulnerability 2021-11-03 Issue in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string. Apply updates per vendor instructions. 2022-05-03  
CVE-2019-9082 ThinkPHP
ThinkPHP ThinkPHP Remote Code Execution Vulnerability 2021-11-03 ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command. Apply updates per vendor instructions. 2022-05-03  
CVE-2019-18187 Trend Micro
Trend Micro OfficeScan Trend Micro Antivirus 0day Traversal Vulnerability 2021-11-03 Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). Apply updates per vendor instructions. 2022-05-03  
CVE-2020-8467 Trend Micro
Trend Micro Apex One and OfficeScan XG Trend Micro Apex One (2019) and OfficeScan XG migration tool remote code execution vulnerability 2021-11-03 A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). Apply updates per vendor instructions. 2022-05-03  
CVE-2020-8468 Trend Micro
Trend Micro Apex One, OfficeScan XG and Worry-Free Business Security Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agent content validation escape vulnerability 2021-11-03 Agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-24557 Trend Micro
Trend Micro Apex One and Worry-Free Business Security Trend Micro Apex One and OfficeScan XG Improper Access Control Privilege Escalation Vulnerability 2021-11-03 A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation Apply updates per vendor instructions. 2022-05-03  
CVE-2020-8599 Trend Micro
Trend Micro Apex One and OfficeScan XG server Trend Micro Apex One and OfficeScan XG Vulnerability 2021-11-03 Server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-36742 Trend Micro
Trend Micro Multiple Products Trend Micro Systems Multiple Products Buffer Overflow - Arbitrary File Upload 2021-11-03 An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-36741 Trend Micro
Trend Micro Multiple Products Trend Micro Systems Multiple Products Buffer Overflow - Arbitrary File Upload 2021-11-03 An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product's management console in order to exploit this vulnerability. Apply updates per vendor instructions. 2021-11-17  
CVE-2019-20085 TVT
NVMS-1000 TVT NVMS-1000 Directory Traversal 2021-11-03 TVT NVMS-1000 devices allow GET /.. Directory Traversal Apply updates per vendor instructions. 2022-05-03  
CVE-2020-5849 Unraid
Unraid Unraid 6.8.0 Authentication Bypass 2021-11-03 Unraid 6.8.0 allows authentication bypass. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-5847 Unraid
Unraid Unraid 6.8.0 Remote Code Execution Vulnerability 2021-11-03 Unraid through 6.8.0 allows Remote Code Execution. Apply updates per vendor instructions. 2022-05-03  
CVE-2019-16759 vBulletin
vBulletin vBulletin PHP Module Remote Code Execution Vulnerability 2021-11-03 vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-17496 vBulletin
vBulletin vBulletin PHP Module Remote Code Execution Vulnerability 2021-11-03 vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. Apply updates per vendor instructions. 2022-05-03  
CVE-2019-5544 VMware
ESXi, Horizon DaaS Appliances VMware ESXi/Horizon DaaS Appliances Heap-Overwrite Vulnerability 2021-11-03 OpenSLP as used in ESXi and the Horizon DaaS appliances have a heap overwrite issue. A malicious actor with network access to port 427 on an ESXi host or on any Horizon DaaS management appliance may be able to overwrite the heap of the OpenSLP service resulting in remote code execution. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-3992 VMware
ESXi OpenSLP as used in VMware ESXi 2021-11-03 OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-3950 VMware
VMware Fusion, VMware Remote Console for Mac, and Horizon Client for Mac VMware Privilege escalation vulnerability 2021-11-03 Privilege escalation vulnerability due to improper use of setuid binaries. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-22005 VMware
vCenter Server VMware vCenter Server File Upload 2021-11-03 VMware vCenter Server file upload vulnerability in the VMware-analytics service that allows to execute code on vCenter Server. Apply updates per vendor instructions. 2021-11-17  
CVE-2020-3952 VMware
vCenter Server VMware vCenter Server Info Disclosure Vulnerability 2021-11-03 Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-21972 VMware
vCenter Server VMware vCenter Server Remote Code Execution Vulnerability 2021-11-03 The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. Apply updates per vendor instructions. 2021-11-17  
CVE-2021-21985 VMware
vCenter Server VMware vCenter Server Remote Code Execution Vulnerability 2021-11-03 The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. Apply updates per vendor instructions. 2021-11-17  
CVE-2020-4006 VMware
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector Command Injection vulnerability 2021-11-03 VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-25213 WordPress
File Manager WordPress File Manager Remote Code Execution Vulnerability 2021-11-03 The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-11738 WordPress
Snap Creek Duplicator WordPress Snap Creek Duplicator and Duplicator Pro plugins Directory Traversal 2021-11-03 The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init. Apply updates per vendor instructions. 2022-05-03  
CVE-2019-9978 WordPress
Social-Warfare WordPress Social-Warfare plugin XSS 2021-11-03 The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-27561 Yealink
Device Management Platform Yealink Device Management Server Pre-Authorization SSRF 2021-11-03 Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication Apply updates per vendor instructions. 2021-11-17  
CVE-2021-40539 Zoho
ManageEngine ADSelfServicePlus Zoho Corp. ManageEngine ADSelfService Plus Version 6113 and Earlier Authentication Bypass 2021-11-03 Zoho ManageEngine ADSelfService Plus versions 6113 and earlier contain an authentication bypass vulnerability which allows for Remote Code Execution. Apply updates per vendor instructions. 2021-11-17  
CVE-2020-10189 Zoho
ManageEngine Desktop Central Zoho ManageEngine Desktop Central Remote Code Execution Vulnerability 2021-11-03 Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets. Apply updates per vendor instructions. 2022-05-03  
CVE-2019-8394 Zoho
ManageEngine ServiceDesk Plus (SDP) Zoho ManageEngine ServiceDesk Plus Arbitrary File Upload Vulnerability 2021-11-03 Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization. Apply updates per vendor instructions. 2022-05-03  
CVE-2020-29583 Zyxel
Unified Security Gateway (USG) Zyxel Unified Security Gateway Undocumented Administrator Account with Default Credentials 2021-11-03 Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. Apply updates per vendor instructions. 2022-05-03  
CVE-2021-22204 Perl
Exiftool ExifTool Remote Code Execution Vulnerability 2021-11-17 Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image Apply updates per vendor instructions. 2021-12-01  
CVE-2021-40449 Microsoft
Windows Microsoft Windows Win32k Privilege Escalation Vulnerability 2021-11-17 Unspecified vulnerability allows for an authenticated user to escalate privileges. Apply updates per vendor instructions. 2021-12-01  
CVE-2021-42321 Microsoft
Exchange Microsoft Exchange Server Remote Code Execution Vulnerability 2021-11-17 An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution. Apply updates per vendor instructions. 2021-12-01  
CVE-2021-42292 Microsoft
Office Microsoft Excel Security Feature Bypass 2021-11-17 A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution. Apply updates per vendor instructions. 2021-12-01  
CVE-2020-11261 Qualcomm
Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Qualcomm Multiple Chipsets Improper Input Validation Vulnerability 2021-12-01 Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Apply updates per vendor instructions. 2022-06-01  
CVE-2018-14847 MikroTik
RouterOS MikroTik Router OS Directory Traversal Vulnerability 2021-12-01 MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface. Apply updates per vendor instructions. 2022-06-01  
CVE-2021-37415 Zoho
ManageEngine ServiceDesk Plus (SDP) Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability 2021-12-01 Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication Apply updates per vendor instructions. 2021-12-15  
CVE-2021-40438 Apache
Apache Apache HTTP Server-Side Request Forgery (SSRF) 2021-12-01 A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. Apply updates per vendor instructions. 2021-12-15  
CVE-2021-44077 Zoho
ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability 2021-12-01 Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution Apply updates per vendor instructions. 2021-12-15  
CVE-2021-44515 Zoho
Desktop Central Zoho Desktop Central Authentication Bypass Vulnerability 2021-12-10 Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server. Apply updates per vendor instructions. 2021-12-24  
CVE-2019-13272 Linux
Kernel Linux Kernel Improper Privilege Management Vulnerability 2021-12-10 Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability which allows local users to obtain root access. Apply updates per vendor instructions. 2022-06-10  
CVE-2021-35394 Realtek
Jungle Software Development Kit (SDK) Realtek Jungle SDK Remote Code Execution Vulnerability 2021-12-10 RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution. Apply updates per vendor instructions. 2021-12-24  
CVE-2019-7238 Sonatype
Nexus Repository Manager Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability 2021-12-10 Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution. Apply updates per vendor instructions. 2022-06-10  
CVE-2019-0193 Apache
Solr Apache Solr DataImportHandler Code Injection Vulnerability 2021-12-10 The optional Apache Solr module DataImportHandler contains a code injection vulnerability. Apply updates per vendor instructions. 2022-06-10  
CVE-2021-44168 Fortinet
FortiOS Fortinet FortiOS Arbitrary File Download 2021-12-10 Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files. Apply updates per vendor instructions. 2021-12-24  
CVE-2017-17562 Embedthis
GoAhead Embedthis GoAhead Remote Code Execution Vulnerability 2021-12-10 Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. Apply updates per vendor instructions. 2022-06-10  
CVE-2017-12149 Red Hat
JBoss Application Server Red Hat JBoss Application Server Remote Code Execution Vulnerability 2021-12-10 The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data. Apply updates per vendor instructions. 2022-06-10  
CVE-2010-1871 Red Hat
JBoss Seam 2 Red Hat Linux JBoss Seam 2 Remote Code Execution Vulnerability 2021-12-10 JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured. Apply updates per vendor instructions. 2022-06-10  
CVE-2020-17463 Fuel CMS
Fuel CMS SQL Injection Vulnerability 2021-12-10 FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. Apply updates per vendor instructions. 2022-06-10  
CVE-2020-8816 Pi-hole
AdminLTE Pi-Hole AdminLTE Remote Code Execution Vulnerability 2021-12-10 Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. Apply updates per vendor instructions. 2022-06-10  
CVE-2019-10758 MongoDB
mongo-express MongoDB mongo-express Remote Code Execution Vulnerability 2021-12-10 mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. Apply updates per vendor instructions. 2022-06-10  
CVE-2021-44228 Apache
Log4j2 Apache Log4j2 Remote Code Execution Vulnerability 2021-12-10 Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution. For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available. 2021-12-24  
CVE-2021-43890 Microsoft
Windows Microsoft Windows AppX Installer Spoofing Vulnerability 2021-12-15 Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability. Apply updates per vendor instructions. 2021-12-29  
CVE-2021-4102 Google
Chromium V8 Engine Google Chromium V8 Use-After-Free Vulnerability 2021-12-15 Google Chromium V8 Engine contains a use-after-free vulnerability which can allow a remote attacker to execute arbitrary code on the target system. Apply updates per vendor instructions. 2021-12-29  
CVE-2021-22017 VMware
vCenter Server VMware vCenter Server Improper Access Control 2022-01-10 Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. Apply updates per vendor instructions. 2022-01-24  
CVE-2021-36260 Hikvision
Security cameras web server Hikvision Improper Input Validation 2022-01-10 A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation. Apply updates per vendor instructions. 2022-01-24  
CVE-2020-6572 Google
Chrome Google Chrome Prior to 81.0.4044.92 Use-After-Free Vulnerability 2022-01-10 Use-after-free vulnerability in Media in Google Chrome prior to 81.0.4044.92 allowed a Remote attacker to execute arbitrary code via a crafted HTML page. Apply updates per vendor instructions. 2022-07-10  
CVE-2019-1458 Microsoft
Win32k Microsoft Win32k Privilege Escalation Vulnerability 2022-01-10 A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP. Apply updates per vendor instructions. 2022-07-10  
CVE-2013-3900 Microsoft
WinVerifyTrust function Microsoft WinVerifyTrust function Remote Code Execution 2022-01-10 A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files. Apply updates per vendor instructions. 2022-07-10  
CVE-2019-2725 Oracle
WebLogic Server Oracle WebLogic Server, Injection 2022-01-10 Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Apply updates per vendor instructions. 2022-07-10  
CVE-2019-9670 Synacor
Zimbra Collaboration Suite Synacor Zimbra Collaboration Suite Improper Restriction of XML External Entity Reference 2022-01-10 Improper Restriction of XML External Entity Reference vulnerability affecting Synacor Zimbra Collaboration Suite. Apply updates per vendor instructions. 2022-07-10  
CVE-2018-13382 Fortinet
FortiOS and FortiProxy Fortinet FortiOS and FortiProxy Improper Authorization 2022-01-10 An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password. Apply updates per vendor instructions. 2022-07-10  
CVE-2018-13383 Fortinet
FortiOS and FortiProxy Fortinet FortiOS and FortiProxy Out-of-bounds Write 2022-01-10 A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users. Apply updates per vendor instructions. 2022-07-10  
CVE-2019-1579 Palo Alto Networks
PAN-OS Palo Alto Networks PAN-OS Remote Code Execution Vulnerability 2022-01-10 Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled. Apply updates per vendor instructions. 2022-07-10  
CVE-2019-10149 Exim
Mail Transfer Agent (MTA) Exim Mail Transfer Agent (MTA) Improper Input Validation 2022-01-10 Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. Apply updates per vendor instructions. 2022-07-10  
CVE-2015-7450 IBM
WebSphere Application Server and Server Hypervisor Edition IBM WebSphere Application Server and Server Hypervisor Edition Code Injection. 2022-01-10 Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands Apply updates per vendor instructions. 2022-07-10  
CVE-2017-1000486 Primetek
Primefaces Application Primetek Primefaces Remote Code Execution Vulnerability 2022-01-10 Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution Apply updates per vendor instructions. 2022-07-10  
CVE-2019-7609 Elastic
Kibana Kibana Arbitrary Code Execution 2022-01-10 Kibana contain an arbitrary code execution flaw in the Timelion visualizer. Apply updates per vendor instructions. 2022-07-10  
CVE-2021-27860 FatPipe
WARP, IPVPN, and MPVPN software FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit 2022-01-10 A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. Apply updates per vendor instructions. 2022-01-24  
CVE-2021-32648 October CMS
October CMS October CMS Improper Authentication 2022-01-18 In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. Apply updates per vendor instructions. 2022-02-01  
CVE-2021-25296 Nagios
Nagios XI Nagios XI OS Command Injection 2022-01-18 Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server. Apply updates per vendor instructions. 2022-02-01  
CVE-2021-25297 Nagios
Nagios XI Nagios XI OS Command Injection 2022-01-18 Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server. Apply updates per vendor instructions. 2022-02-01  
CVE-2021-25298 Nagios
Nagios XI Nagios XI OS Command Injection 2022-01-18 Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server. Apply updates per vendor instructions. 2022-02-01  
CVE-2021-40870 Aviatrix
Aviatrix Controller Aviatrix Controller Unrestricted Upload of File 2022-01-18 Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal. Apply updates per vendor instructions. 2022-02-01  
CVE-2021-33766 Microsoft
Exchange Server Microsoft Exchange Server Information Disclosure 2022-01-18 Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target. Apply updates per vendor instructions. 2022-02-01  
CVE-2021-21975 VMware
vRealize Operations Manager API VMware Server Side Request Forgery in vRealize Operations Manager API 2022-01-18 Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials. Apply updates per vendor instructions. 2022-02-01  
CVE-2021-21315 Npm package
System Information Library for Node.JS System Information Library for Node.JS Command Injection 2022-01-18 In this vulnerability, an attacker can send a malicious payload that will exploit the name parameter. After successful exploitation, attackers can execute remote. Apply updates per vendor instructions. 2022-02-01  
CVE-2021-22991 F5
BIG-IP Traffic Management Microkernel F5 BIG-IP Traffic Management Microkernel Buffer Overflow 2022-01-18 The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls. Apply updates per vendor instructions. 2022-02-01  
CVE-2020-14864 Oracle
Intelligence Enterprise Edition Oracle Business Intelligence Enterprise Edition Path Transversal 2022-01-18 Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file. Apply updates per vendor instructions. 2022-07-18  
CVE-2020-13671 Drupal
Drupal core Drupal core Un-restricted Upload of File 2022-01-18 Improper sanitization in the extension file names is present in Drupal core. Apply updates per vendor instructions. 2022-07-18  
CVE-2020-11978 Apache
Airflow Apache Airflow Command Injection 2022-01-18 A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow. Apply updates per vendor instructions. 2022-07-18  
CVE-2020-13927 Apache
Airflow's Experimental API Apache Airflow's Experimental API Authentication Bypass 2022-01-18 The previous default setting for Airflow's Experimental API was to allow all API requests without authentication. Apply updates per vendor instructions. 2022-07-18  
CVE-2006-1547 Apache
Struts 1 Apache Struts 1 ActionForm Denial-of-Service Vulnerability 2022-01-21 ActionForm in Apache Struts versions before 1.2.9 with BeanUtils 1.7 contains a vulnerability which allows for denial-of-service. Apply updates per vendor instructions. 2022-07-21  
CVE-2012-0391 Apache
Struts 2 Apache Struts 2 Improper Input Validation Vulnerability 2022-01-21 The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability which allows for remote code execution. Apply updates per vendor instructions. 2022-07-21  
CVE-2018-8453 Microsoft
Win32k Microsoft Win32k Privilege Escalation Vulnerability 2022-01-21 Microsoft Windows Win32k contains a vulnerability which allows an attacker to escalate privileges. Apply updates per vendor instructions. 2022-07-21  
CVE-2021-35247 SolarWinds
Serv-U SolarWinds Serv-U Improper Input Validation Vulnerability 2022-01-21 SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability which allows attackers to build and send queries without sanitization. Apply updates per vendor instructions. 2022-02-04  
CVE-2022-22587 Apple
iOS and macOS Apple Memory Corruption Vulnerability 2022-01-28 Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges. Apply updates per vendor instructions. 2022-02-11  
CVE-2021-20038 SonicWall
SMA 100 Appliances SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability 2022-01-28 SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution. Apply updates per vendor instructions. 2022-02-11  
CVE-2020-5722 Grandstream
UCM6200 Grandstream Networks UCM6200 Series SQL Injection Vulnerability 2022-01-28 Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. Exploitation can allow for code execution as root. Apply updates per vendor instructions. 2022-07-28  
CVE-2020-0787 Microsoft
Windows Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability 2022-01-28 Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this vulnerability to execute arbitrary code with system-level privileges. Apply updates per vendor instructions. 2022-07-28  
CVE-2017-5689 Intel
Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability 2022-01-28 Intel products contain a vulnerability which can allow attackers to perform privilege escalation. Apply updates per vendor instructions. 2022-07-28  
CVE-2014-1776 Microsoft
Internet Explorer Microsoft Internet Explorer Use-After-Free Vulnerability 2022-01-28 Microsoft Internet Explorer 6 - 11 contains a use-after-free vulnerability which can allow for arbitrary code execution or denial of service. Apply updates per vendor instructions. 2022-07-28  
CVE-2014-6271 GNU
Bourne-Again Shell (Bash) GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability 2022-01-28 GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. Apply updates per vendor instructions. 2022-07-28  
CVE-2014-7169 GNU
Bourne-Again Shell (Bash) GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability 2022-01-28 GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. This CVE correctly remediates the vulnerability in CVE-2014-6271. Apply updates per vendor instructions. 2022-07-28  
CVE-2022-21882 Microsoft
Win32k Microsoft Win32k Privilege Escalation Vulnerability 2022-02-04 Microsoft Win32k contains an unspecified vulnerability which allows for privilege escalation. Apply updates per vendor instructions. 2022-02-18  
CVE-2021-36934 Microsoft
Windows Microsoft Windows SAM Local Privilege Escalation Vulnerability 2022-02-10 If a Volume Shadow Copy (VSS) shadow copy of the system drive is available, users can read the SAM file which would allow any user to escalate privileges to SYSTEM level. Apply updates per vendor instructions. 2022-02-24  
CVE-2020-0796 Microsoft
SMBv3 Microsoft SMBv3 Remote Code Execution Vulnerability 2022-02-10 A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client. Apply updates per vendor instructions. 2022-08-10  
CVE-2018-1000861 Jenkins
Jenkins Stapler Web Framework Jenkins Stapler Web Framework Deserialization of Untrusted Data Vulnerability 2022-02-10 A code execution vulnerability exists in the Stapler web framework used by Jenkins Apply updates per vendor instructions. 2022-08-10  
CVE-2017-9791 Apache
Struts 1 Apache Struts 1 Improper Input Validation Vulnerability 2022-02-10 The Struts 1 plugin in Apache Struts might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage. Apply updates per vendor instructions. 2022-08-10  
CVE-2017-8464 Microsoft
Windows Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability 2022-02-10 Windows Shell in multiple versions of Microsoft Windows allows local users or remote attackers to execute arbitrary code via a crafted .LNK file Apply updates per vendor instructions. 2022-08-10  
CVE-2017-10271 Oracle
WebLogic Server Oracle Corporation WebLogic Server Remote Code Execution Vulnerability 2022-02-10 Oracle Corporation WebLogic Server contains a vulnerability that allows for remote code execution. Apply updates per vendor instructions. 2022-08-10  
CVE-2017-0263 Microsoft
Win32k Microsoft Win32k Privilege Escalation Vulnerability 2022-02-10 Microsoft Win32k contains a privilege escalation vulnerability due to the Windows kernel-mode driver failing to properly handle objects in memory. Apply updates per vendor instructions. 2022-08-10  
CVE-2017-0262 Microsoft
Office Microsoft Office Remote Code Execution Vulnerability 2022-02-10 A remote code execution vulnerability exists in Microsoft Office. Apply updates per vendor instructions. 2022-08-10  
CVE-2017-0145 Microsoft
SMBv1 Microsoft SMBv1 Remote Code Execution Vulnerability 2022-02-10 The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets. Apply updates per vendor instructions. 2022-08-10  
CVE-2017-0144 Microsoft
SMBv1 Microsoft SMBv1 Remote Code Execution Vulnerability 2022-02-10 The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets. Apply updates per vendor instructions. 2022-08-10  
CVE-2016-3088 Apache
ActiveMQ Apache ActiveMQ Improper Input Validation Vulnerability 2022-02-10 The Fileserver web application in Apache ActiveMQ allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request Apply updates per vendor instructions. 2022-08-10  
CVE-2015-2051 D-Link
DIR-645 Router D-Link DIR-645 Router Remote Code Execution Vulnerability 2022-02-10 D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface. The impacted product is end-of-life and should be disconnected if still in use. 2022-08-10  
CVE-2015-1635 Microsoft
HTTP.sys Microsoft HTTP.sys Remote Code Execution Vulnerability 2022-02-10 Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability which allows for remote code execution. Apply updates per vendor instructions. 2022-08-10  
CVE-2015-1130 Apple
OS X Apple OS X Authentication Bypass Vulnerability 2022-02-10 The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges. Apply updates per vendor instructions. 2022-08-10  
CVE-2014-4404 Apple
OS X Apple OS X Heap-Based Buffer Overflow Vulnerability 2022-02-10 Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context. Apply updates per vendor instructions. 2022-08-10  
CVE-2022-22620 Apple
Webkit Apple Webkit Remote Code Execution Vulnerability 2022-02-11 Apple Webkit, which impacts iOS, iPadOS, and macOS, contains a vulnerability which allows for remote code execution. Apply updates per vendor instructions. 2022-02-25  
CVE-2022-24086 Adobe
Commerce and Magento Open Source Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability 2022-02-15 Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution. Apply updates per vendor instructions. 2022-03-01  
CVE-2022-0609 Google
Chrome Google Chrome Use-After-Free Vulnerability 2022-02-15 The vulnerability exists due to a use-after-free error within the Animation component in Google Chrome. Apply updates per vendor instructions. 2022-03-01  
CVE-2019-0752 Microsoft
Internet Explorer Microsoft Internet Explorer Type Confusion Vulnerability 2022-02-15 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer Apply updates per vendor instructions. 2022-08-15  
CVE-2018-8174 Microsoft
Windows Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability 2022-02-15 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution" Apply updates per vendor instructions. 2022-08-15  
CVE-2018-20250 RARLAB
WinRAR WinRAR Absolute Path Traversal Vulnerability 2022-02-15 WinRAR Absolute Path Traversal vulnerability leads to Remote Code Execution Apply updates per vendor instructions. 2022-08-15  
CVE-2018-15982 Adobe
Flash Player Adobe Flash Player Use-After-Free Vulnerability 2022-02-15 Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free Vulnerability The impacted product is end-of-life and should be disconnected if still in use. 2022-08-15  
CVE-2017-9841 PHPUnit
PHPUnit PHPUnit Command Injection Vulnerability 2022-02-15 PHPUnit allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "Apply updates per vendor instructions. 2022-08-15  
CVE-2014-1761 Microsoft
Word Microsoft Word Memory Corruption Vulnerability 2022-02-15 Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution. Apply updates per vendor instructions. 2022-08-15  
CVE-2013-3906 Microsoft
Graphics Component Microsoft Graphics Component Memory Corruption Vulnerability 2022-02-15 Microsoft Graphics Component contains a memory corruption vulnerability which can allow for remote code execution. Apply updates per vendor instructions. 2022-08-15  
CVE-2022-23131 Zabbix
Frontend Zabbix Frontend Authentication Bypass Vulnerability 2022-02-22 Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML. Apply updates per vendor instructions. 2022-03-08  
CVE-2022-23134 Zabbix
Frontend Zabbix Frontend Improper Access Control Vulnerability 2022-02-22 Malicious actors can pass step checks and potentially change the configuration of Zabbix Frontend. Apply updates per vendor instructions. 2022-03-08  
CVE-2022-24682 Zimbra
Webmail Zimbra Webmail Cross-Site Scripting Vulnerability 2022-02-25 Zimbra webmail clients running versions 8.8.15 P29 & P30 contain a XSS vulnerability that would allow attackers to steal session cookie files. Apply updates per vendor instructions. 2022-03-11  
CVE-2017-8570 Microsoft
Office Microsoft Office Remote Code Execution Vulnerability 2022-02-25 A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. Apply updates per vendor instructions. 2022-08-25  
CVE-2017-0222 Microsoft
Internet Explorer Microsoft Internet Explorer Remote Code Execution Vulnerability 2022-02-25 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. Apply updates per vendor instructions. 2022-08-25  
CVE-2014-6352 Microsoft
Windows Microsoft Windows Code Injection Vulnerability 2022-02-25 Microsoft Windows allow remote attackers to execute arbitrary code via a crafted OLE object. Apply updates per vendor instructions. 2022-08-25  
CVE-2022-20708 Cisco
Small Business RV160, RV260, RV340, and RV345 Series Routers Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability 2022-03-03 A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS). Apply updates per vendor instructions. 2022-03-17  
CVE-2022-20703 Cisco
Small Business RV160, RV260, RV340, and RV345 Series Routers Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability 2022-03-03 A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS). Apply updates per vendor instructions. 2022-03-17  
CVE-2022-20701 Cisco
Small Business RV160, RV260, RV340, and RV345 Series Routers Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability 2022-03-03 A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS). Apply updates per vendor instructions. 2022-03-17  
CVE-2022-20700 Cisco
Small Business RV160, RV260, RV340, and RV345 Series Routers Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability 2022-03-03 A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS). Apply updates per vendor instructions. 2022-03-17  
CVE-2022-20699 Cisco
Small Business RV160, RV260, RV340, and RV345 Series Routers Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability 2022-03-03 A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS). Apply updates per vendor instructions. 2022-03-17  
CVE-2021-41379 Microsoft
Windows Microsoft Windows Installer Privilege Escalation Vulnerability 2022-03-03 Microsoft Windows Installer contains an unspecified vulnerability which allows for privilege escalation. Apply updates per vendor instructions. 2022-03-17  
CVE-2020-1938 Apache
Tomcat Apache Tomcat Improper Privilege Management Vulnerability 2022-03-03 Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited. Apply updates per vendor instructions. 2022-03-17  
CVE-2020-11899 Treck TCP/IP stack
IPv6 Treck TCP/IP stack Out-of-Bounds Read Vulnerability 2022-03-03 The Treck TCP/IP stack contains an IPv6 out-of-bounds read vulnerability. Apply updates per vendor instructions. 2022-03-17  
CVE-2019-16928 Exim
Exim Internet Mailer Exim Out-of-bounds Write Vulnerability 2022-03-03 Exim contains an out-of-bounds write vulnerability which can allow for remote code execution. Apply updates per vendor instructions. 2022-03-17  
CVE-2019-1652 Cisco
Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers Cisco Small Business Routers Improper Input Validation Vulnerability 2022-03-03 A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. Apply updates per vendor instructions. 2022-03-17  
CVE-2019-1297 Microsoft
Excel Microsoft Excel Remote Code Execution Vulnerability 2022-03-03 A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory. Apply updates per vendor instructions. 2022-03-17  
CVE-2018-8581 Microsoft
Exchange Server Microsoft Exchange Server Privilege Escalation Vulnerability 2022-03-03 A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of the Exchange server. Apply updates per vendor instructions. 2022-03-17  
CVE-2018-8298 ChakraCore
ChakraCore scripting engine ChakraCore Scripting Engine Type Confusion Vulnerability 2022-03-03 The ChakraCore scripting engine contains a type confusion vulnerability which can allow for remote code execution. Apply updates per vendor instructions. 2022-03-17  
CVE-2018-0180 Cisco
IOS Software Cisco IOS Software Denial-of-Service Vulnerability 2022-03-03 A vulnerability in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. Apply updates per vendor instructions. 2022-03-17  
CVE-2018-0179 Cisco
IOS Software Cisco IOS Software Denial-of-Service Vulnerability 2022-03-03 A vulnerability in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. Apply updates per vendor instructions. 2022-03-17  
CVE-2018-0175 Cisco
IOS, XR, and XE Software Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability 2022-03-03 Format string vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Apply updates per vendor instructions. 2022-03-17  
CVE-2018-0174 Cisco
IOS XE Software Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability 2022-03-03 A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service. Apply updates per vendor instructions. 2022-03-17  
CVE-2018-0173 Cisco
IOS and IOS XE Software Cisco IOS and IOS XE Software Improper Input Validation Vulnerability 2022-03-03 A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets can allow for denial-of-service. Apply updates per vendor instructions. 2022-03-17  
CVE-2018-0172 Cisco
IOS and IOS XE Software Cisco IOS and IOS XE Software Improper Input Validation Vulnerability 2022-03-03 A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service. Apply updates per vendor instructions. 2022-03-17  
CVE-2018-0167 Cisco
IOS, XR, and XE Software Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability 2022-03-03 There is a buffer overflow vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software which could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code. Apply updates per vendor instructions. 2022-03-17  
CVE-2018-0161 Cisco
IOS Software Cisco IOS Software Resource Management Errors Vulnerability 2022-03-03 A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial-of-service (DoS) condition. Apply updates per vendor instructions. 2022-03-17  
CVE-2018-0159 CIsco
IOS Software and Cisco IOS XE Software Cisco IOS and XE Software Internet Key Exchange Version 1 Denial-of-Service Vulnerability 2022-03-03 A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial-of-service (DoS) condition. Apply updates per vendor instructions. 2022-03-17  
CVE-2018-0158 Cisco
IOS Software and Cisco IOS XE Software Cisco IOS and XE Software Internet Key Exchange Memory Leak Vulnerability 2022-03-03 A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial-of-service (DoS) condition. Apply updates per vendor instructions. 2022-03-17  
CVE-2018-0156 Cisco
IOS Software and Cisco IOS XE Software Cisco IOS Software and Cisco IOS XE Software Smart Install Denial-of-Service Vulnerability 2022-03-03 A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial-of-service (DoS) condition. Apply updates per vendor instructions. 2022-03-17  
CVE-2018-0155 Cisco
Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches Cisco Catalyst Bidirectional Forwarding Detection Denial-of-Service Vulnerability 2022-03-03 A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial-of-service (DoS) condition. Apply updates per vendor instructions. 2022-03-17  
CVE-2018-0154 Cisco
IOS Software Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability 2022-03-03 A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition. Apply updates per vendor instructions. 2022-03-17  
CVE-2018-0151 Cisco
IOS and IOS XE Software Cisco IOS Software and Cisco IOS XE Software Quality of Service Remote Code Execution Vulnerability 2022-03-03 A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges. Apply updates per vendor instructions. 2022-03-17  
CVE-2017-8540 Microsoft
Malware Protection Engine Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability 2022-03-03 The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". Apply updates per vendor instructions. 2022-03-24  
CVE-2017-6744 Cisco
IOS software Cisco IOS Software SNMP Remote Code Execution Vulnerability 2022-03-03 The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Apply updates per vendor instructions. 2022-03-24  
CVE-2017-6743 Cisco
IOS and IOS XE Software Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability 2022-03-03 The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code. Apply updates per vendor instructions. 2022-03-24  
CVE-2017-6740 Cisco
IOS and IOS XE Software Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability 2022-03-03 The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. Apply updates per vendor instructions. 2022-03-24  
CVE-2017-6739 Cisco
IOS and IOS XE Software Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability 2022-03-03 The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. Apply updates per vendor instructions. 2022-03-24  
CVE-2017-6738 Cisco
IOS and IOS XE Software Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability 2022-03-03 The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code. Apply updates per vendor instructions. 2022-03-24  
CVE-2017-6737 Cisco
IOS and IOS XE Software Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability 2022-03-03 The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code. Apply updates per vendor instructions. 2022-03-24  
CVE-2017-6736 Cisco
IOS and IOS XE Software Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability 2022-03-03 The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code. Apply updates per vendor instructions. 2022-03-24  
CVE-2017-6663 Cisco
IOS and IOS XE Software Cisco IOS Software and Cisco IOS XE Software Denial-of-Service Vulnerability 2022-03-03 A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to reload, resulting in denial-of-service (DoS). Apply updates per vendor instructions. 2022-03-24  
CVE-2017-6627 Cisco
IOS and IOS XE Software Cisco IOS Software and Cisco IOS XE Software UDP Packet Processing Denial-of-Service Vulnerability 2022-03-03 A vulnerability in the UDP processing code of Cisco IOS and IOS XE could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and denial of service. Apply updates per vendor instructions. 2022-03-24  
CVE-2017-12319 Cisco
IOS XE Software Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial-of-Service Vulnerability 2022-03-03 A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability. Apply updates per vendor instructions. 2022-03-24  
CVE-2017-12240 Cisco
IOS and IOS XE Software Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability 2022-03-03 The Dynamic Host Configuration Protocol (DHCP) relay subsystem of Cisco IOS and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. Apply updates per vendor instructions. 2022-03-24  
CVE-2017-12238 Cisco
Catalyst 6800 Series Switches Cisco Catalyst 6800 Series Switches VPLS Denial-of-Service Vulnerability 2022-03-03 A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a denial of service. Apply updates per vendor instructions. 2022-03-24  
CVE-2017-12237 Cisco
IOS and IOS XE Software Cisco IOS and IOS XE Software Internet Key Exchange Denial-of-Service Vulnerability 2022-03-03 A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS and Cisco IOS XE could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service. Apply updates per vendor instructions. 2022-03-24  
CVE-2017-12235 Cisco
IOS software Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial-of-Service Vulnerability 2022-03-03 A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service. Apply updates per vendor instructions. 2022-03-24  
CVE-2017-12234 Cisco
IOS software Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability 2022-03-03 There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service. Apply updates per vendor instructions. 2022-03-24  
CVE-2017-12233 Cisco
IOS software Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability 2022-03-03 There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service. Apply updates per vendor instructions. 2022-03-24  
CVE-2017-12232 Cisco
IOS software Cisco IOS Software for Cisco Integrated Services Routers Denial-of-Service Vulnerability 2022-03-03 A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service. Apply updates per vendor instructions. 2022-03-24  
CVE-2017-12231 Cisco
IOS software Cisco IOS Software Network Address Translation Denial-of-Service Vulnerability 2022-03-03 A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS could allow an unauthenticated, remote attacker to cause a denial of service. Apply updates per vendor instructions. 2022-03-24  
CVE-2017-11826 Microsoft
Office Microsoft Office Remote Code Execution Vulnerability 2022-03-03 A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Apply updates per vendor instructions. 2022-03-24  
CVE-2017-11292 Adobe
Flash Player Adobe Flash Player Type Confusion Vulnerability 2022-03-03 Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution. The impacted product is end-of-life and should be disconnected if still in use. 2022-03-24  
CVE-2017-0261 Microsoft
Office Microsoft Office Use-After-Free Vulnerability 2022-03-03 Microsoft Office contains a use-after-free vulnerability which can allow for remote code execution. Apply updates per vendor instructions. 2022-03-24  
CVE-2017-0001 Microsoft
Graphics Device Interface (GDI) Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability 2022-03-03 The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges Apply updates per vendor instructions. 2022-03-24  
CVE-2016-8562 Siemens
SIMATIC CP Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability 2022-03-03 An improper privilege management vulnerability exists within the Siemens SIMATIC Communication Processor (CP) that allows a privileged attacker to remotely cause a denial of service. Apply updates per vendor instructions. 2022-03-24  
CVE-2016-7855 Adobe
Flash Player Adobe Flash Player Use-After-Free Vulnerability 2022-03-03 Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code. The impacted product is end-of-life and should be disconnected if still in use. 2022-03-24  
CVE-2016-7262 Microsoft
Excel Microsoft Office Security Feature Bypass Vulnerability 2022-03-03 A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands. Apply updates per vendor instructions. 2022-03-24  
CVE-2016-7193 Microsoft
Office Microsoft Office Memory Corruption Vulnerability 2022-03-03 Microsoft Office contains a memory corruption vulnerability which can allow for remote code execution. Apply updates per vendor instructions. 2022-03-24  
CVE-2016-5195 Linux
Kernel Linux Kernel Race Condition Vulnerability 2022-03-03 Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges. Apply updates per vendor instructions. 2022-03-24  
CVE-2016-4117 Adobe
Flash Player Adobe Flash Player Arbitrary Code Execution Vulnerability 2022-03-03 An access of resource using incompatible type vulnerability exists within Adobe Flash Player that allows an attacker to perform remote code execution. The impacted product is end-of-life and should be disconnected if still in use. 2022-03-24  
CVE-2016-1019 Adobe
Flash Player Adobe Flash Player Arbitrary Code Execution Vulnerability 2022-03-03 Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code. The impacted product is end-of-life and should be disconnected if still in use. 2022-03-24  
CVE-2016-0099 Microsoft
Windows Microsoft Windows Secondary Logon Service Privilege Escalation Vulnerability 2022-03-03 A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator. Apply updates per vendor instructions. 2022-03-24  
CVE-2015-7645 Adobe
Flash Player Adobe Flash Player Arbitrary Code Execution Vulnerability 2022-03-03 Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file. The impacted product is end-of-life and should be disconnected if still in use. 2022-03-24  
CVE-2015-5119 Adobe
Flash Player Adobe Flash Player Use-After-Free Vulnerability 2022-03-03 A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution. The impacted product is end-of-life and should be disconnected if still in use. 2022-03-24  
CVE-2015-4902 Oracle
Java SE Oracle Java SE Integrity Check Vulnerability 2022-03-03 Unspecified vulnerability in Oracle Java SE allows remote attackers to affect integrity via unknown vectors related to deployment. Apply updates per vendor instructions. 2022-03-24  
CVE-2015-3043 Adobe
Flash Player Adobe Flash Player Memory Corruption Vulnerability 2022-03-03 A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution. The impacted product is end-of-life and should be disconnected if still in use. 2022-03-24  
CVE-2015-2590 Oracle
Java SE Oracle Java SE and Java SE Embedded Remote Code Execution Vulnerability 2022-03-03 An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution. Apply updates per vendor instructions. 2022-03-24  
CVE-2015-2545 Microsoft
Office Microsoft Office Malformed EPS File Vulnerability 2022-03-03 Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image. Apply updates per vendor instructions. 2022-03-24  
CVE-2015-2424 Microsoft
PowerPoint Microsoft PowerPoint Memory Corruption Vulnerability 2022-03-03 Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document. Apply updates per vendor instructions. 2022-03-24  
CVE-2015-2387 Microsoft
ATM Font Driver Microsoft ATM Font Driver Privilege Escalation Vulnerability 2022-03-03 ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application. Apply updates per vendor instructions. 2022-03-24  
CVE-2015-1701 Microsoft
Win32k Microsoft Win32k Privilege Escalation Vulnerability 2022-03-03 An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privileges. Apply updates per vendor instructions. 2022-03-24  
CVE-2015-1642 Microsoft
Office Microsoft Office Memory Corruption Vulnerability 2022-03-03 Microsoft Office contains a memory corruption vulnerability which allows remote attackers to execute arbitrary code via a crafted document. Apply updates per vendor instructions. 2022-03-24  
CVE-2014-4114 Microsoft
Windows Microsoft Windows Object Linking & Embedding (OLE) Remote Code Execution Vulnerability 2022-03-03 A vulnerability exists in Windows Object Linking & Embedding (OLE) that could allow remote code execution if a user opens a file that contains a specially crafted OLE object. Apply updates per vendor instructions. 2022-03-24  
CVE-2014-0496 Adobe
Reader and Acrobat Adobe Reader and Acrobat Use-After-Free Vulnerability 2022-03-03 Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution. Apply updates per vendor instructions. 2022-03-24  
CVE-2013-5065 Microsoft
Windows Microsoft Windows Kernel Privilege Escalation Vulnerability 2022-03-03 Microsoft Windows NDProxy.sys in the kernel contains an improper input validation vulnerability which can allow a local attacker to escalate privileges. Apply updates per vendor instructions. 2022-03-24  
CVE-2013-3897 Microsoft
Internet Explorer Microsoft Internet Explorer Use-After-Free Vulnerability 2022-03-03 A use-after-free vulnerability exists within CDisplayPointer in Microsoft Internet Explorer that allows an attacker to remotely execute arbitrary code. Apply updates per vendor instructions. 2022-03-24  
CVE-2013-3346 Adobe
Reader and Acrobat Adobe Reader and Acrobat Memory Corruption Vulnerability 2022-03-03 Adobe Reader and Acrobat contain a memory corruption vulnerability which can allow attackers to execute arbitrary code or cause a denial of service. Apply updates per vendor instructions. 2022-03-24  
CVE-2013-1675 Mozilla
Firefox Mozilla Firefox Information Disclosure Vulnerability 2022-03-03 Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. Apply updates per vendor instructions. 2022-03-24  
CVE-2013-1347 Microsoft
Internet Explorer Microsoft Internet Explorer Remote Code Execution Vulnerability 2022-03-03 This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. Apply updates per vendor instructions. 2022-03-24  
CVE-2013-0641 Adobe
Reader Adobe Reader Buffer Overflow Vulnerability 2022-03-03 A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution. Apply updates per vendor instructions. 2022-03-24  
CVE-2013-0640 Adobe
Reader and Acrobat Adobe Reader and Acrobat Memory Corruption Vulnerability 2022-03-03 An memory corruption vulnerability exists in the acroform.dll in Adobe Reader that allows an attacker to perform remote code execution. Apply updates per vendor instructions. 2022-03-24  
CVE-2013-0632 Adobe
ColdFusion Adobe ColdFusion Authentication Bypass Vulnerability 2022-03-03 An authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access. Apply updates per vendor instructions. 2022-03-24  
CVE-2012-4681 Oracle
Java SE Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability 2022-03-03 The Java Runtime Environment (JRE) component in Oracle Java SE allow for remote code execution. Apply updates per vendor instructions. 2022-03-24  
CVE-2012-1856 Microsoft
Office Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability 2022-03-03 The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption. Apply updates per vendor instructions. 2022-03-24  
CVE-2012-1723 Oracle
Java SE Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability 2022-03-03 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Apply updates per vendor instructions. 2022-03-24  
CVE-2012-1535 Adobe
Flash Player Adobe Flash Player Arbitrary Code Execution Vulnerability 2022-03-03 Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content. The impacted product is end-of-life and should be disconnected if still in use. 2022-03-24  
CVE-2012-0507 Oracle
Java SE Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability 2022-03-03 An incorrect type vulnerability exists in the Concurrency component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code. Apply updates per vendor instructions. 2022-03-24  
CVE-2011-3544 Oracle
Java SE JDK and JRE Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability 2022-03-03 An access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code. Apply updates per vendor instructions. 2022-03-24  
CVE-2011-1889 Microsoft
Forefront Threat Management Gateway (TMG) Microsoft Forefront TMG Remote Code Execution Vulnerability 2022-03-03 A remote code execution vulnerability exists in the Forefront Threat Management Gateway (TMG) Firewall Client Winsock provider that could allow code execution in the security context of the client application. Apply updates per vendor instructions. 2022-03-24  
CVE-2011-0611 Adobe
Flash Player Adobe Flash Player Remote Code Execution Vulnerability 2022-03-03 Adobe Flash Player contains a vulnerability which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content. The impacted product is end-of-life and should be disconnected if still in use. 2022-03-24  
CVE-2010-3333 Microsoft
Office Microsoft Office Stack-based Buffer Overflow Vulnerability 2022-03-03 A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution. Apply updates per vendor instructions. 2022-03-24  
CVE-2010-0232 Microsoft
Windows Microsoft Windows Kernel Exception Handler Vulnerability 2022-03-03 The kernel in Microsoft Windows, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges. Apply updates per vendor instructions. 2022-03-24  
CVE-2010-0188 Adobe
Reader and Acrobat Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability 2022-03-03 Unspecified vulnerability in Adobe Reader and Acrobat allows attackers to cause a denial of service or possibly execute arbitrary code. Apply updates per vendor instructions. 2022-03-24  
CVE-2009-3129 Microsoft
Excel Microsoft Excel Featheader Record Memory Corruption Vulnerability 2022-03-03 Microsoft Office Excel allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset. Apply updates per vendor instructions. 2022-03-24  
CVE-2009-1123 Microsoft
Windows Microsoft Windows Improper Input Validation Vulnerability 2022-03-03 The kernel in Microsoft Windows does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application. Apply updates per vendor instructions. 2022-03-24  
CVE-2008-3431 Oracle
VirtualBox Oracle VirtualBox Insufficient Input Validation Vulnerability 2022-03-03 An input validation vulnerability exists in the VBoxDrv.sys driver of Sun xVM VirtualBox which allows attackers to locally execute arbitrary code. Apply updates per vendor instructions. 2022-03-24  
CVE-2008-2992 Adobe
Acrobat and Reader Adobe Reader and Acrobat Input Validation Vulnerability 2022-03-03 Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution. Apply updates per vendor instructions. 2022-03-24  
CVE-2004-0210 Microsoft
Windows Microsoft Windows Privilege Escalation Vulnerability 2022-03-03 A privilege elevation vulnerability exists in the POSIX subsystem. This vulnerability could allow a logged on user to take complete control of the system. Apply updates per vendor instructions. 2022-03-24  
CVE-2002-0367 Microsoft
Windows Microsoft Windows Privilege Escalation Vulnerability 2022-03-03 smss.exe debugging subsystem in Microsoft Windows does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges. Apply updates per vendor instructions. 2022-03-24  
CVE-2022-26486 Mozilla
Firefox Mozilla Firefox Use-After-Free Vulnerability 2022-03-07 Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution. Apply updates per vendor instructions. 2022-03-21  
CVE-2022-26485 Mozilla
Firefox Mozilla Firefox Use-After-Free Vulnerability 2022-03-07 Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution. Apply updates per vendor instructions. 2022-03-21  
CVE-2021-21973 VMware
vCenter Server and Cloud Foundation VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability 2022-03-07 VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure. Apply updates per vendor instructions. 2022-03-21  
CVE-2020-8218 Pulse Secure
Pulse Connect Secure Pulse Connect Secure Code Injection Vulnerability 2022-03-07 A code injection vulnerability exists in Pulse Connect Secure that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. Apply updates per vendor instructions. 2022-09-07  
CVE-2019-11581 Atlassian
Jira Server and Data Center Atlassian Jira Server and Data Center Server-Side Template Injection Vulnerability 2022-03-07 Atlassian Jira Server and Data Center contain a server-side template injection vulnerability which can allow for remote code execution. Apply updates per vendor instructions. 2022-09-07  
CVE-2017-6077 NETGEAR
Wireless Router DGN2200 NETGEAR DGN2200 Remote Code Execution Vulnerability 2022-03-07 NETGEAR DGN2200 wireless routers contain a vulnerability which allows for remote code execution. Apply updates per vendor instructions. 2022-09-07  
CVE-2016-6277 NETGEAR
Multiple Routers NETGEAR Multiple Routers Remote Code Execution Vulnerability 2022-03-07 NETGEAR confirmed multiple routers allow unauthenticated web pages to pass form input directly to the command-line interface, permitting remote code execution. Apply updates per vendor instructions. 2022-09-07  
CVE-2013-0631 Adobe
ColdFusion Adobe ColdFusion Information Disclosure Vulnerability 2022-03-07 Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server. Apply updates per vendor instructions. 2022-09-07  
CVE-2013-0629 Adobe
ColdFusion Adobe ColdFusion Directory Traversal Vulnerability 2022-03-07 Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories. Apply updates per vendor instructions. 2022-09-07  
CVE-2013-0625 Adobe
ColdFusion Adobe ColdFusion Authentication Bypass Vulnerability 2022-03-07 Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access. Apply updates per vendor instructions. 2022-09-07  
CVE-2009-3960 Adobe
BlazeDS Adobe BlazeDS Information Disclosure Vulnerability 2022-03-07 Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability which allows for information disclosure. Apply updates per vendor instructions. 2022-09-07  
CVE-2020-5135 SonicWall
SonicOS SonicWall SonicOS Buffer Overflow Vulnerability 2022-03-15 A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. Apply updates per vendor instructions. 2022-04-05  
CVE-2019-1405 Microsoft
Windows Microsoft Windows Universal Plug and Play (UPnP) Service Privilege Escalation Vulnerability 2022-03-15 A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation. Apply updates per vendor instructions. 2022-04-05  
CVE-2019-1322 Microsoft
Windows Microsoft Windows Privilege Escalation Vulnerability 2022-03-15 A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context. Apply updates per vendor instructions. 2022-04-05  
CVE-2019-1315 Microsoft
Windows Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability 2022-03-15 A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status. Apply updates per vendor instructions. 2022-04-05  
CVE-2019-1253 Microsoft
Windows Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability 2022-03-15 A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions. Apply updates per vendor instructions. 2022-04-05  
CVE-2019-1132 Microsoft
Win32k Microsoft Win32k Privilege Escalation Vulnerability 2022-03-15 A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. Apply updates per vendor instructions. 2022-04-05  
CVE-2019-1129 Microsoft
Windows Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability 2022-03-15 A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. Apply updates per vendor instructions. 2022-04-05  
CVE-2019-1069 Microsoft
Task Scheduler Microsoft Task Scheduler Privilege Escalation Vulnerability 2022-03-15 A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations. Apply updates per vendor instructions. 2022-04-05  
CVE-2019-1064 Microsoft
Windows Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability 2022-03-15 A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. Apply updates per vendor instructions. 2022-04-05  
CVE-2019-0841 Microsoft
Windows Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability 2022-03-15 A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. Apply updates per vendor instructions. 2022-04-05  
CVE-2019-0543 Microsoft
Windows Microsoft Windows Privilege Escalation Vulnerability 2022-03-15 A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context. Apply updates per vendor instructions. 2022-04-05  
CVE-2018-8120 Microsoft
Win32k Microsoft Win32k Privilege Escalation Vulnerability 2022-03-15 A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. Apply updates per vendor instructions. 2022-04-05  
CVE-2017-0101 Microsoft
Windows Microsoft Windows Transaction Manager Privilege Escalation Vulnerability 2022-03-15 A privilege escalation vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. Apply updates per vendor instructions. 2022-04-05  
CVE-2016-3309 Microsoft
Windows Microsoft Windows Kernel Privilege Escalation Vulnerability 2022-03-15 A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. Apply updates per vendor instructions. 2022-04-05  
CVE-2015-2546 Microsoft
Win32k Microsoft Win32k Memory Corruption Vulnerability 2022-03-15 The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application. Apply updates per vendor instructions. 2022-04-05  
CVE-2022-26318 WatchGuard
Firebox and XTM Appliances WatchGuard Firebox and XTM Appliances Arbitrary Code Execution 2022-03-25 On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code. Apply updates per vendor instructions. 2022-04-15  
CVE-2022-26143 Mitel
MiCollab, MiVoice Business Express MiCollab, MiVoice Business Express Access Control Vulnerability 2022-03-25 A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system. Apply updates per vendor instructions. 2022-04-15  
CVE-2022-21999 Microsoft
Windows Microsoft Windows Print Spooler Privilege Escalation Vulnerability 2022-03-25 Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation. Apply updates per vendor instructions. 2022-04-15  
CVE-2021-42237 Sitecore
XP Sitecore XP Remote Command Execution Vulnerability 2022-03-25 Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution. Apply updates per vendor instructions. 2022-04-15  
CVE-2021-22941 Citrix
ShareFile Citrix ShareFile Improper Access Control Vulnerability 2022-03-25 Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller. Apply updates per vendor instructions. 2022-04-15  
CVE-2020-9377 D-Link
DIR-610 Devices D-Link DIR-610 Devices Remote Command Execution 2022-03-25 D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php. The impacted product is end-of-life and should be disconnected if still in use. 2022-04-15  
CVE-2020-9054 Zyxel
Multiple Network-Attached Storage (NAS) Devices Zyxel Multiple NAS Devices OS Command Injection Vulnerability 2022-03-25 Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code. Apply updates per vendor instructions. 2022-04-15  
CVE-2020-7247 OpenBSD
OpenSMTPD OpenSMTPD Remote Code Execution Vulnerability 2022-03-25 smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session. Apply updates per vendor instructions. 2022-04-15  
CVE-2020-5410 VMware Tanzu
Spring Cloud Configuration (Config) Server VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability 2022-03-25 Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability which allows applications to serve arbitrary configuration files. Apply updates per vendor instructions. 2022-04-15  
CVE-2020-25223 Sophos
SG UTM Sophos SG UTM Remote Code Execution Vulnerability 2022-03-25 A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM. Apply updates per vendor instructions. 2022-04-15  
CVE-2020-2506 QNAP Systems
Helpdesk QNAP Helpdesk Improper Access Control Vulnerability 2022-03-25 QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information. Apply updates per vendor instructions. 2022-04-15  
CVE-2020-2021 Palo Alto
PAN-OS Palo Alto PAN-OS Authentication Bypass Vulnerability 2022-03-25 Palo Alto PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication. Apply updates per vendor instructions. 2022-04-15  
CVE-2020-1956 Apache
Kylin Apache Kylin OS Command Injection Vulnerability 2022-03-25 Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution. Apply updates per vendor instructions. 2022-04-15  
CVE-2020-1631 Juniper
Junos OS Juniper Junos OS Path Traversal Vulnerability 2022-03-25 A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform remote code execution. Apply updates per vendor instructions. 2022-04-15  
CVE-2019-6340 Drupal
Core Drupal Core Remote Code Execution Vulnerability 2022-03-25 In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases. Apply updates per vendor instructions. 2022-04-15  
CVE-2019-2616 Oracle
BI Publisher (Formerly XML Publisher) Oracle BI Publisher Unauthorized Access Vulnerability 2022-03-25 Oracle BI Publisher, formerly XML Publisher, contains an unspecified vulnerability which allows for various unauthorized actions. Open-source reporting attributes this vulnerability to allowing for authentication bypass. Apply updates per vendor instructions. 2022-04-15  
CVE-2019-16920 D-Link
Multiple Routers D-Link Multiple Routers Command Injection Vulnerability 2022-03-25 Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system compromise. The impacted product is end-of-life and should be disconnected if still in use. 2022-04-15  
CVE-2019-15107 Webmin
Webmin Webmin Command Injection Vulnerability 2022-03-25 An issue was discovered in Webmin. The parameter old in password_change.cgi contains a command injection vulnerability. Apply updates per vendor instructions. 2022-04-15  
CVE-2019-12991 Citrix
SD-WAN and NetScaler Citrix SD-WAN and NetScaler Command Injection Vulnerability 2022-03-25 Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance. Apply updates per vendor instructions. 2022-04-15  
CVE-2019-12989 Citrix
SD-WAN and NetScaler Citrix SD-WAN and NetScaler SQL Injection Vulnerability 2022-03-25 Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection. Apply updates per vendor instructions. 2022-04-15  
CVE-2019-11043 PHP
FastCGI Process Manager (FPM) PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability 2022-03-25 In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution. Apply updates per vendor instructions. 2022-04-15  
CVE-2019-10068 Kentico
Xperience Kentico Xperience Deserialization of Untrusted Data Vulnerability 2022-03-25 Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code execution. Apply updates per vendor instructions. 2022-04-15  
CVE-2019-1003030 Jenkins
Matrix Project Plugin Jenkins Matrix Project Plugin Remote Code Execution Vulnerability 2022-03-25 Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution. Apply updates per vendor instructions. 2022-04-15  
CVE-2019-0903 Microsoft
Graphics Device Interface (GDI) Microsoft GDI Remote Code Execution Vulnerability 2022-03-25 A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. Apply updates per vendor instructions. 2022-04-15  
CVE-2018-8414 Microsoft
Windows Microsoft Windows Shell Remote Code Execution Vulnerability 2022-03-25 A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths. Apply updates per vendor instructions. 2022-04-15  
CVE-2018-8373 Microsoft
Internet Explorer Scripting Engine Microsoft Scripting Engine Memory Corruption Vulnerability 2022-03-25 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. Apply updates per vendor instructions. 2022-04-15  
CVE-2018-6961 VMware
SD-WAN Edge VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability 2022-03-25 VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution. Apply updates per vendor instructions. 2022-04-15  
CVE-2018-14839 LG
N1A1 NAS LG N1A1 NAS Remote Command Execution Vulnerability 2022-03-25 LG N1A1 NAS 3718.510 is affected by a remote code execution vulnerability. Apply updates per vendor instructions. 2022-04-15  
CVE-2018-1273 VMware Tanzu
Spring Data Commons VMware Tanzu Spring Data Commons Property Binder Vulnerability 2022-03-25 Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution. Apply updates per vendor instructions. 2022-04-15  
CVE-2018-11138 Quest
KACE System Management Appliance Quest KACE System Management Appliance Remote Command Execution Vulnerability 2022-03-25 The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution. Apply updates per vendor instructions. 2022-04-15  
CVE-2018-0147 Cisco
Secure Access Control System (ACS) Cisco Secure Access Control System Java Deserialization Vulnerability 2022-03-25 A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. Apply updates per vendor instructions. 2022-04-15  
CVE-2018-0125 Cisco
VPN Routers Cisco VPN Routers Remote Code Execution Vulnerability 2022-03-25 A vulnerability in the web interface of the Cisco VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as root and gain full control of an affected system. Apply updates per vendor instructions. 2022-04-15  
CVE-2017-6334 NETGEAR
DGN2200 Devices NETGEAR DGN2200 Devices OS Command Injection Vulnerability 2022-03-25 dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands The impacted product is end-of-life and should be disconnected if still in use. 2022-04-15  
CVE-2017-6316 Citrix
NetScaler SD-WAN Enterprise, CloudBridge Virtual WAN, and XenMobile Server Citrix Multiple Products Remote Code Execution Vulnerability 2022-03-25 A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could result in an unauthenticated, remote attacker being able to execute arbitrary code as a root user. This vulnerability also affects XenMobile Server. Apply updates per vendor instructions. 2022-04-15  
CVE-2017-3881 Cisco
IOS and IOS XE Cisco IOS and IOS XE Remote Code Execution Vulnerability 2022-03-25 A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. Apply updates per vendor instructions. 2022-04-15  
CVE-2017-12617 Apache
Tomcat Apache Tomcat Remote Code Execution Vulnerability 2022-03-25 When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. Apply updates per vendor instructions. 2022-04-15  
CVE-2017-12615 Apache
Tomcat Apache Tomcat on Windows Remote Code Execution Vulnerability 2022-03-25 When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. Apply updates per vendor instructions. 2022-04-15  
CVE-2017-0146 Microsoft
Windows Microsoft Windows SMB Remote Code Execution Vulnerability 2022-03-25 The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution. Apply updates per vendor instructions. 2022-04-15  
CVE-2016-7892 Adobe
Flash Player Adobe Flash Player Use-After-Free Vulnerability 2022-03-25 Adobe Flash Player has an exploitable use-after-free vulnerability in the TextField class. The impacted product is end-of-life and should be disconnected if still in use. 2022-04-15  
CVE-2016-4171 Adobe
Flash Player Adobe Flash Player Remote Code Execution Vulnerability 2022-03-25 Unspecified vulnerability in Adobe Flash Player allows for remote code execution. The impacted product is end-of-life and should be disconnected if still in use. 2022-04-15  
CVE-2016-1555 NETGEAR
Wireless Access Point (WAP) Devices NETGEAR Multiple WAP Devices Command Injection Vulnerability 2022-03-25 Multiple NETGEAR Wireless Access Point devices allows unauthenticated web pages to pass form input directly to the command-line interface. Exploitation allows for arbitrary code execution. Apply updates per vendor instructions. 2022-04-15  
CVE-2016-11021 D-Link
DCS-930L Devices D-Link DCS-930L Devices OS Command Injection Vulnerability 2022-03-25 setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command. The impacted product is end-of-life and should be disconnected if still in use. 2022-04-15  
CVE-2016-10174 NETGEAR
WNR2000v5 Router NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability 2022-03-25 The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution. Apply updates per vendor instructions. 2022-04-15  
CVE-2016-0752 Rails
Ruby on Rails Ruby on Rails Directory Traversal Vulnerability 2022-03-25 Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files. Apply updates per vendor instructions. 2022-04-15  
CVE-2015-4068 Arcserve
Unified Data Protection (UDP) Arcserve Unified Data Protection (UDP) Directory Traversal Vulnerability 2022-03-25 Directory traversal vulnerability in Arcserve UDP allows remote attackers to obtain sensitive information or cause a denial of service. Apply updates per vendor instructions. 2022-04-15  
CVE-2015-3035 TP-Link
Multiple Archer Devices TP-Link Multiple Archer Devices Directory Traversal Vulnerability 2022-03-25 Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/. Apply updates per vendor instructions. 2022-04-15  
CVE-2015-1427 Elastic
Elasticsearch Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability 2022-03-25 The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands. Apply updates per vendor instructions. 2022-04-15  
CVE-2015-1187 D-Link and TRENDnet
Multiple Devices D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability 2022-03-25 The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution. The impacted product is end-of-life and should be disconnected if still in use. 2022-04-15  
CVE-2015-0666 Cisco
Prime Data Center Network Manager (DCNM) Cisco Prime Data Center Network Manager (DCNM) Directory Traversal Vulnerability 2022-03-25 Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) allows remote attackers to read arbitrary files. Apply updates per vendor instructions. 2022-04-15  
CVE-2014-6332 Microsoft
Windows Microsoft Windows Object Linking & Embedding (OLE) Automation Array Remote Code Execution Vulnerability 2022-03-25 OleAut32.dll in OLE in Microsoft Windows allows remote attackers to remotely execute code via a crafted web site. Apply updates per vendor instructions. 2022-04-15  
CVE-2014-6324 Microsoft
Kerberos Key Distribution Center (KDC) Microsoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerability 2022-03-25 The Kerberos Key Distribution Center (KDC) in Microsoft allows remote authenticated domain users to obtain domain administrator privileges. Apply updates per vendor instructions. 2022-04-15  
CVE-2014-6287 Rejetto
HTTP File Server (HFS) Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability 2022-03-25 The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (HFS or HttpFileServer) allows remote attackers to execute arbitrary programs. Apply updates per vendor instructions. 2022-04-15  
CVE-2014-3120 Elastic
Elasticsearch Elasticsearch Remote Code Execution Vulnerability 2022-03-25 Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code. Apply updates per vendor instructions. 2022-04-15  
CVE-2014-0130 Rails
Ruby on Rails Ruby on Rails Directory Traversal Vulnerability 2022-03-25 Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted request. Apply updates per vendor instructions. 2022-04-15  
CVE-2013-5223 D-Link
DSL-2760U D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability 2022-03-25 A cross-site scripting (XSS) vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML. Apply updates per vendor instructions. 2022-04-15  
CVE-2013-4810 Hewlett Packard (HP)
ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management HP Multiple Products Remote Code Execution Vulnerability 2022-03-25 HP ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet. Apply updates per vendor instructions. 2022-04-15  
CVE-2013-2251 Apache
Struts Apache Struts Improper Input Validation Vulnerability 2022-03-25 Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions. Apply updates per vendor instructions. 2022-04-15  
CVE-2012-1823 PHP
PHP PHP-CGI Query String Parameter Vulnerability 2022-03-25 sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code. Apply updates per vendor instructions. 2022-04-15  
CVE-2010-4345 Exim
Exim Exim Privilege Escalation Vulnerability 2022-03-25 Exim allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands. Apply updates per vendor instructions. 2022-04-15  
CVE-2010-4344 Exim
Exim Exim Heap-Based Buffer Overflow Vulnerability 2022-03-25 Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session. Apply updates per vendor instructions. 2022-04-15  
CVE-2010-3035 Cisco
IOS XR Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability 2022-03-25 Cisco IOS XR, when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service. Apply updates per vendor instructions. 2022-04-15  
CVE-2010-2861 Adobe
ColdFusion Adobe ColdFusion Directory Traversal Vulnerability 2022-03-25 A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files. Apply updates per vendor instructions. 2022-04-15  
CVE-2009-2055 Cisco
IOS XR Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability 2022-03-25 Cisco IOS XR,when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service. Apply updates per vendor instructions. 2022-04-15  
CVE-2009-1151 phpMyAdmin
phpMyAdmin phpMyAdmin Remote Code Execution Vulnerability 2022-03-25 Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Apply updates per vendor instructions. 2022-04-15  
CVE-2009-0927 Adobe
Reader and Acrobat Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability 2022-03-25 Stack-based buffer overflow in Adobe Reader and Adobe Acrobat allows remote attackers to execute arbitrary code. Apply updates per vendor instructions. 2022-04-15  
CVE-2005-2773 Hewlett Packard (HP)
OpenView Network Node Manager HP OpenView Network Node Manager Remote Code Execution Vulnerability 2022-03-25 HP OpenView Network Node Manager could allow a remote attacker to execute arbitrary commands on the system. Apply updates per vendor instructions. 2022-04-15  
CVE-2022-1096 Google
Chromium V8 Google Chromium V8 Type Confusion Vulnerability 2022-03-28 The vulnerability exists due to a type confusion error within the V8 component in Chromium, affecting all Chromium-based browsers. Apply updates per vendor instructions. 2022-04-18  
CVE-2022-0543 Redis
Debian-specific Redis Servers Debian-specific Redis Server Lua Sandbox Escape Vulnerability 2022-03-28 Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. Apply updates per vendor instructions. 2022-04-18  
CVE-2021-38646 Microsoft
Office Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability 2022-03-28 Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution. Apply updates per vendor instructions. 2022-04-18  
CVE-2021-34486 Microsoft
Windows Microsoft Windows Event Tracing Privilege Escalation Vulnerability 2022-03-28 Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation. Apply updates per vendor instructions. 2022-04-18  
CVE-2021-26085 Atlassian
Confluence Server Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability 2022-03-28 Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint. Apply updates per vendor instructions. 2022-04-18  
CVE-2021-20028 SonicWall
Secure Remote Access (SRA) SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability 2022-03-28 SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection. The impacted product is end-of-life and should be disconnected if still in use. 2022-04-18  
CVE-2019-7483 SonicWall
SMA100 SonicWall SMA100 Directory Traversal Vulnerability 2022-03-28 In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server. Apply updates per vendor instructions. 2022-04-18  
CVE-2018-8440 Microsoft
Windows Microsoft Windows Privilege Escalation Vulnerability 2022-03-28 An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). Apply updates per vendor instructions. 2022-04-18  
CVE-2018-8406 Microsoft
DirectX Graphics Kernel (DXGKRNL) Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability 2022-03-28 An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. Apply updates per vendor instructions. 2022-04-18  
CVE-2018-8405 Microsoft
DirectX Graphics Kernel (DXGKRNL) Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability 2022-03-28 An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. Apply updates per vendor instructions. 2022-04-18  
CVE-2017-0213 Microsoft
Windows Microsoft Windows Privilege Escalation Vulnerability 2022-03-28 Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application. Apply updates per vendor instructions. 2022-04-18  
CVE-2017-0059 Microsoft
Internet Explorer Microsoft Internet Explorer Information Disclosure Vulnerability 2022-03-28 Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site. Apply updates per vendor instructions. 2022-04-18  
CVE-2017-0037 Microsoft
Edge and Internet Explorer Microsoft Edge and Internet Explorer Type Confusion Vulnerability 2022-03-28 Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution. Apply updates per vendor instructions. 2022-04-18  
CVE-2016-7201 Microsoft
Edge Microsoft Edge Memory Corruption Vulnerability 2022-03-28 The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. Apply updates per vendor instructions. 2022-04-18  
CVE-2016-7200 Microsoft
Edge Microsoft Edge Memory Corruption Vulnerability 2022-03-28 The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. Apply updates per vendor instructions. 2022-04-18  
CVE-2016-0189 Microsoft
Internet Explorer Microsoft Internet Explorer Memory Corruption Vulnerability 2022-03-28 The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. Apply updates per vendor instructions. 2022-04-18  
CVE-2016-0151 Microsoft
Client-Server Run-time Subsystem (CSRSS) Microsoft Windows CSRSS Security Feature Bypass Vulnerability 2022-03-28 The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application. Apply updates per vendor instructions. 2022-04-18  
CVE-2016-0040 Microsoft
Windows Microsoft Windows Kernel Privilege Escalation Vulnerability 2022-03-28 The kernel in Microsoft Windows allows local users to gain privileges via a crafted application. Apply updates per vendor instructions. 2022-04-18  
CVE-2015-2426 Microsoft
Windows Microsoft Windows Adobe Type Manager Library Remote Code Execution Vulnerability 2022-03-28 A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. Apply updates per vendor instructions. 2022-04-18  
CVE-2015-2419 Microsoft
Internet Explorer Microsoft Internet Explorer Memory Corruption Vulnerability 2022-03-28 JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. Apply updates per vendor instructions. 2022-04-18  
CVE-2015-1770 Microsoft
Office Microsoft Office Uninitialized Memory Use Vulnerability 2022-03-28 Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document. Apply updates per vendor instructions. 2022-04-18  
CVE-2013-3660 Microsoft
Win32k Microsoft Win32k Privilege Escalation Vulnerability 2022-03-28 The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allows local users to gain privileges. Apply updates per vendor instructions. 2022-04-18  
CVE-2013-2729 Adobe
Reader and Acrobat Adobe Reader and Acrobat Arbitrary Integer Overflow Vulnerability 2022-03-28 Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code. Apply updates per vendor instructions. 2022-04-18  
CVE-2013-2551 Microsoft
Internet Explorer Microsoft Internet Explorer Use-After-Free Vulnerability 2022-03-28 Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object. Apply updates per vendor instructions. 2022-04-18  
CVE-2013-2465 Oracle
Java SE Oracle Java SE Unspecified Vulnerability 2022-03-28 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D Apply updates per vendor instructions. 2022-04-18  
CVE-2013-1690 Mozilla
Firefox and Thunderbird Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability 2022-03-28 Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service or possibly execute arbitrary code via a crafted web site. Apply updates per vendor instructions. 2022-04-18  
CVE-2012-5076 Oracle
Java SE Oracle Java SE Sandbox Bypass Vulnerability 2022-03-28 The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. Apply updates per vendor instructions. 2022-04-18  
CVE-2012-2539 Microsoft
Word Microsoft Word Remote Code Execution Vulnerability 2022-03-28 Microsoft Word allows attackers to execute remote code or cause a denial-of-service via crafted RTF data. Apply updates per vendor instructions. 2022-04-18  
CVE-2012-2034 Adobe
Flash Player Adobe Flash Player Memory Corruption Vulnerability 2022-03-28 Adobe Flash Player contains a memory corruption vulnerability which allows for remote code execution or denial-of-service. The impacted product is end-of-life and should be disconnected if still in use. 2022-04-18  
CVE-2012-0518 Oracle
Fusion Middleware Oracle Fusion Middleware Unspecified Vulnerability 2022-03-28 Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via unknown vectors Apply updates per vendor instructions. 2022-04-18  
CVE-2011-2005 Microsoft
Ancillary Function Driver (afd.sys) Microsoft Ancillary Function Driver (afd.sys) Improper Input Validation Vulnerability 2022-03-28 afd.sys in the Ancillary Function Driver in Microsoft Windows does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application. Apply updates per vendor instructions. 2022-04-18  
CVE-2010-4398 Microsoft
Windows Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability 2022-03-28 Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (UAC) feature. Apply updates per vendor instructions. 2022-04-21  
CVE-2022-26871 Trend Micro
Apex Central Trend Micro Apex Central Arbitrary File Upload Vulnerability 2022-03-31 An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution. Apply updates per vendor instructions. 2022-04-21  
CVE-2022-1040 Sophos
Firewall Sophos Firewall Authentication Bypass Vulnerability 2022-03-31 An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution. Apply updates per vendor instructions. 2022-04-21  
CVE-2021-34484 Microsoft
Windows Microsoft Windows User Profile Service Privilege Escalation Vulnerability 2022-03-31 Microsoft Windows User Profile Service contains an unspecified vulnerability which allows for privilege escalation. Apply updates per vendor instructions. 2022-04-21  
CVE-2021-28799 QNAP
Network Attached Storage (NAS) QNAP NAS Improper Authorization Vulnerability 2022-03-31 QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device. Apply updates per vendor instructions. 2022-04-21  
CVE-2021-21551 Dell
dbutil Driver Dell dbutil Driver Insufficient Access Control Vulnerability 2022-03-31 Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service, or information disclosure. Apply updates per vendor instructions. 2022-04-21  
CVE-2018-10562 Dasan
Gigabit Passive Optical Network (GPON) Routers Dasan GPON Routers Command Injection Vulnerability 2022-03-31 Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution. The impacted product is end-of-life and should be disconnected if still in use. 2022-04-21  
CVE-2018-10561 Dasan
Gigabit Passive Optical Network (GPON) Routers Dasan GPON Routers Authentication Bypass Vulnerability 2022-03-31 Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution. The impacted product is end-of-life and should be disconnected if still in use. 2022-04-21  
CVE-2022-22965 VMware
Spring Framework Spring Framework JDK 9+ Remote Code Execution Vulnerability 2022-04-04 Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Apply updates per vendor instructions. 2022-04-25  
CVE-2022-22675 Apple
macOS Apple macOS Out-of-Bounds Write Vulnerability 2022-04-04 macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges. Apply updates per vendor instructions. 2022-04-25  
CVE-2022-22674 Apple
macOS Apple macOS Out-of-Bounds Read Vulnerability 2022-04-04 macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory. Apply updates per vendor instructions. 2022-04-25  
CVE-2021-45382 D-Link
Multiple Routers D-Link Multiple Routers Remote Code Execution Vulnerability 2022-04-04 A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file. The impacted product is end-of-life and should be disconnected if still in use. 2022-04-25  
CVE-2021-3156 Sudo
Sudo Sudo Heap-Based Buffer Overflow Vulnerability 2022-04-06 Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation. Apply updates per vendor instructions. 2022-04-27  
CVE-2021-31166 Microsoft
HTTP Protocol Stack Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability 2022-04-06 Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution. Apply updates per vendor instructions. 2022-04-27  
CVE-2017-0148 Microsoft
SMBv1 server Microsoft SMBv1 Server Remote Code Execution Vulnerability 2022-04-06 The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets. Apply updates per vendor instructions. 2022-04-27  
CVE-2022-23176 WatchGuard
Firebox and XTM WatchGuard Firebox and XTM Privilege Escalation Vulnerability 2022-04-11 WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. Apply updates per vendor instructions. 2022-05-02  
CVE-2021-42287 Microsoft
Active Directory Microsoft Active Directory Domain Services Privilege Escalation Vulnerability 2022-04-11 Microsoft Active Directory Domain Services contains an unspecified vulnerability which allows for privilege escalation. Apply updates per vendor instructions. 2022-05-02  
CVE-2021-42278 Microsoft
Active Directory Microsoft Active Directory Domain Services Privilege Escalation Vulnerability 2022-04-11 Microsoft Active Directory Domain Services contains an unspecified vulnerability which allows for privilege escalation. Apply updates per vendor instructions. 2022-05-02  
CVE-2021-39793 Google
Pixel Google Pixel Out-of-Bounds Write Vulnerability 2022-04-11 Google Pixel contains a possible out-of-bounds write due to a logic error in the code that could lead to local escalation of privilege. Apply updates per vendor instructions. 2022-05-02  
CVE-2021-27852 Checkbox
Checkbox Survey Checkbox Survey Deserialization of Untrusted Data Vulnerability 2022-04-11 Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. Versions 6 and earlier for this product are end-of-life and must be removed from agency networks. Versions 7 and later are not considered vulnerable. 2022-05-02  
CVE-2021-22600 Linux
Kernel Linux Kernel Privilege Escalation Vulnerability 2022-04-11 Linux Kernel contains a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service or possibly for privilege escalation. Apply updates per vendor instructions. 2022-05-02  
CVE-2020-2509 QNAP
QNAP Network-Attached Storage (NAS) QNAP Network-Attached Storage (NAS) Command Injection Vulnerability 2022-04-11 QNAP NAS devices contain a command injection vulnerability which could allow attackers to perform remote code execution. Apply updates per vendor instructions. 2022-05-02  
CVE-2017-11317 Telerik
User Interface (UI) for ASP.NET AJAX Telerik UI for ASP.NET AJAX Unrestricted File Upload Vulnerability 2022-04-11 Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code. Apply updates per vendor instructions. 2022-05-02  
CVE-2022-24521 Microsoft
Windows Microsoft Windows CLFS Driver Privilege Escalation Vulnerability 2022-04-13 Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation. Apply updates per vendor instructions. 2022-05-04  
CVE-2018-7602 Drupal
Core Drupal Core Remote Code Execution Vulnerability 2022-04-13 A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site. Apply updates per vendor instructions. 2022-05-04  
CVE-2018-20753 Kaseya
Virtual System/Server Administrator (VSA) Kaseya VSA Remote Code Execution Vulnerability 2022-04-13 Kaseya VSA RMM allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. Apply updates per vendor instructions. 2022-05-04  
CVE-2015-5123 Adobe
Flash Player Adobe Flash Player Use-After-Free Vulnerability 2022-04-13 Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service. The impacted product is end-of-life and should be disconnected if still in use. 2022-05-04  
CVE-2015-5122 Adobe
Flash Player Adobe Flash Player Use-After-Free Vulnerability 2022-04-13 Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service. The impacted product is end-of-life and should be disconnected if still in use. 2022-05-04  
CVE-2015-3113 Adobe
Flash Player Adobe Flash Player Heap-Based Buffer Overflow Vulnerability 2022-04-13 Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code. The impacted product is end-of-life and should be disconnected if still in use. 2022-05-04  
CVE-2015-2502 Microsoft
Internet Explorer Microsoft Internet Explorer Memory Corruption Vulnerability 2022-04-13 Microsoft Internet Explorer contains a memory corruption vulnerability which allows an attacker to execute code or cause a denial-of-service. Apply updates per vendor instructions. 2022-05-04  
CVE-2015-0313 Adobe
Flash Player Adobe Flash Player Use-After-Free Vulnerability 2022-04-13 Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code. The impacted product is end-of-life and should be disconnected if still in use. 2022-05-04  
CVE-2015-0311 Adobe
Flash Player Adobe Flash Player Remote Code Execution Vulnerability 2022-04-13 Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code. The impacted product is end-of-life and should be disconnected if still in use. 2022-05-04  
CVE-2014-9163 Adobe
Flash Player Adobe Flash Player Stack-Based Buffer Overflow Vulnerability 2022-04-13 Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely. The impacted product is end-of-life and should be disconnected if still in use. 2022-05-04  
CVE-2022-22954 VMware
Workspace ONE Access and Identity Manager VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability 2022-04-14 VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection. Apply updates per vendor instructions. 2022-05-05  
CVE-2022-22960 VMware
Multiple Products VMware Multiple Products Privilege Escalation Vulnerability 2022-04-15 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. Apply updates per vendor instructions. 2022-05-06  
CVE-2022-1364 Google
Chromium V8 Engine Google Chromium V8 Type Confusion Vulnerability 2022-04-15 Google Chromium V8 engine contains a type confusion vulnerability. Apply updates per vendor instructions. 2022-05-06  
CVE-2019-3929 Crestron
Multiple Products Crestron Multiple Products Command Injection Vulnerability 2022-04-15 Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root. Apply updates per vendor instructions. 2022-05-06  
CVE-2019-16057 D-Link
DNS-320 Storage Device D-Link DNS-320 Remote Code Execution Vulnerability 2022-04-15 The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution. The impacted product is end-of-life and should be disconnected if still in use. 2022-05-06  
CVE-2018-7841 Schneider Electric
U.motion Builder Schneider Electric U.motion Builder SQL Injection Vulnerability 2022-04-15 A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered. The impacted product is end-of-life and should be disconnected if still in use. 2022-05-06  
CVE-2016-4523 Trihedral
VTScada (formerly VTS) Trihedral VTScada (formerly VTS) Denial-of-Service Vulnerability 2022-04-15 The WAP interface in Trihedral VTScada (formerly VTS) allows remote attackers to cause a denial-of-service. Apply updates per vendor instructions. 2022-05-06  
CVE-2014-0780 InduSoft
Web Studio InduSoft Web Studio NTWebServer Directory Traversal Vulnerability 2022-04-15 InduSoft Web Studio NTWebServer contains a directory traversal vulnerability which allows remote attackers to read administrative passwords in APP files, allowing for remote code execution. Apply updates per vendor instructions. 2022-05-06  
CVE-2010-5330 Ubiquiti
AirOS Ubiquiti AirOS Command Injection Vulnerability 2022-04-15 Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi. Apply updates per vendor instructions. 2022-05-06  
CVE-2007-3010 Alcatel
OmniPCX Enterprise Alcatel OmniPCX Enterprise Remote Code Execution Vulnerability 2022-04-15 masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands. Apply updates per vendor instructions. 2022-05-06  
CVE-2018-6882 Zimbra
Collaboration Suite (ZCS) Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability 2022-04-19 Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that might allow remote attackers to inject arbitrary web script or HTML. Apply updates per vendor instructions. 2022-05-10  
CVE-2019-3568 Meta Platforms
WhatsApp WhatsApp VOIP Stack Buffer Overflow Vulnerability 2022-04-19 A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. Apply updates per vendor instructions. 2022-05-10  
CVE-2022-22718 Microsoft
Windows Microsoft Windows Print Spooler Privilege Escalation Vulnerability 2022-04-19 Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation. Apply updates per vendor instructions. 2022-05-10  
CVE-2022-29464 WSO2
Multiple Products WSO2 Multiple Products Unrestrictive Upload of File Vulnerability 2022-04-25 Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution. Apply updates per vendor instructions. 2022-05-16  
CVE-2022-26904 Microsoft
Windows Microsoft Windows User Profile Service Privilege Escalation Vulnerability 2022-04-25 Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation. Apply updates per vendor instructions. 2022-05-16  
CVE-2022-21919 Microsoft
Windows Microsoft Windows User Profile Service Privilege Escalation Vulnerability 2022-04-25 Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation. Apply updates per vendor instructions. 2022-05-16  
CVE-2022-0847 Linux
Kernel Linux Kernel Privilege Escalation Vulnerability 2022-04-25 Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe." Apply updates per vendor instructions. 2022-05-16  
CVE-2021-41357 Microsoft
Win32k Microsoft Win32k Privilege Escalation Vulnerability 2022-04-25 Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. Apply updates per vendor instructions. 2022-05-16  
CVE-2021-40450 Microsoft
Win32k Microsoft Win32k Privilege Escalation Vulnerability 2022-04-25 Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. Apply updates per vendor instructions. 2022-05-16  
CVE-2019-1003029 Jenkins
Script Security Plugin Jenkins Script Security Plugin Sandbox Bypass Vulnerability 2022-04-25 Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox. Apply updates per vendor instructions. 2022-05-16  
CVE-2021-1789 Apple
Multiple Products Apple Multiple Products Type Confusion Vulnerability 2022-05-04 A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution. Apply updates per vendor instructions. 2022-05-25  
CVE-2019-8506 Apple
Multiple Products Apple Multiple Products Type Confusion Vulnerability 2022-05-04 A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution. Apply updates per vendor instructions. 2022-05-25  
CVE-2014-4113 Microsoft
Win32k Microsoft Win32k Privilege Escalation Vulnerability 2022-05-04 Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. Apply updates per vendor instructions. 2022-05-25  
CVE-2014-0322 Microsoft
Internet Explorer Microsoft Internet Explorer Use-After-Free Vulnerability 2022-05-04 Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code. Apply updates per vendor instructions. 2022-05-25  
CVE-2014-0160 OpenSSL
OpenSSL OpenSSL Information Disclosure Vulnerability 2022-05-04 The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information. Apply updates per vendor instructions. 2022-05-25  
CVE-2022-1388 F5
BIG-IP F5 BIG-IP Missing Authentication Vulnerability 2022-05-10 F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services. Apply updates per vendor instructions. 2022-05-31  
CVE-2022-30525 Zyxel
Multiple Firewalls Zyxel Multiple Firewalls OS Command Injection Vulnerability 2022-05-16 A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device. Apply updates per vendor instructions. 2022-06-06  
CVE-2022-22947 VMware
Spring Cloud Gateway VMware Spring Cloud Gateway Code Injection Vulnerability 2022-05-16 Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. Apply updates per vendor instructions. 2022-06-06  
CVE-2022-20821 Cisco
IOS XR Cisco IOS XR Open Port Vulnerability 2022-05-23 Cisco IOS XR software health check opens TCP port 6379 by default on activation. An attacker can connect to the Redis instance on the open port and allow access to the Redis instance that is running within the NOSi container. Apply updates per vendor instructions. 2022-06-13  
CVE-2021-1048 Android
Kernel Android Kernel Use-After-Free Vulnerability 2022-05-23 Android kernel contains a use-after-free vulnerability that allows for privilege escalation. Apply updates per vendor instructions. 2022-06-13  
CVE-2021-0920 Android
Kernel Android Kernel Race Condition Vulnerability 2022-05-23 Android kernel contains a race condition, which allows for a use-after-free vulnerability. Exploitation can allow for privilege escalation. Apply updates per vendor instructions. 2022-06-13  
CVE-2021-30883 Apple
Multiple Products Apple Multiple Products Memory Corruption Vulnerability 2022-05-23 Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for remote code execution. Apply updates per vendor instructions. 2022-06-13  
CVE-2020-1027 Microsoft
Windows Microsoft Windows Kernel Privilege Escalation Vulnerability 2022-05-23 An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. Apply updates per vendor instructions. 2022-06-13  
CVE-2020-0638 Microsoft
Update Notification Manager Microsoft Update Notification Manager Privilege Escalation Vulnerability 2022-05-23 Microsoft Update Notification Manager contains an unspecified vulnerability that allows for privilege escalation. Apply updates per vendor instructions. 2022-06-13  
CVE-2019-7286 Apple
Multiple Products Apple Multiple Products Memory Corruption Vulnerability 2022-05-23 Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for privilege escalation. Apply updates per vendor instructions. 2022-06-13  
CVE-2019-7287 Apple
iOS Apple iOS Memory Corruption Vulnerability 2022-05-23 Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution. Apply updates per vendor instructions. 2022-06-13  
CVE-2019-0676 Microsoft
Internet Explorer Microsoft Internet Explorer Information Disclosure Vulnerability 2022-05-23 An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk. Apply updates per vendor instructions. 2022-06-13  
CVE-2019-5786 Google
Chrome Google Chrome Use-After-Free Vulnerability 2022-05-23 Google Chrome contains a heap use-after-free vulnerability which allows an attacker to potentially perform out of bounds memory access. Apply updates per vendor instructions. 2022-06-13  
CVE-2019-0703 Microsoft
Windows Microsoft Windows SMB Information Disclosure Vulnerability 2022-05-23 An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, which could lead to information disclosure from the server. Apply updates per vendor instructions. 2022-06-13  
CVE-2019-0880 Microsoft
Windows Microsoft Windows Privilege Escalation Vulnerability 2022-05-23 A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity. Apply updates per vendor instructions. 2022-06-13  
CVE-2019-13720 Google
Chrome Google Chrome Use-After-Free Vulnerability 2022-05-23 Use-after-free in WebAudio in Google Chrome allows a remote attacker to potentially exploit heap corruption. Apply updates per vendor instructions. 2022-06-13  
CVE-2019-11707 Mozilla
Firefox and Thunderbird Mozilla Firefox and Thunderbird Type Confusion Vulnerability 2022-05-23 Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash. Apply updates per vendor instructions. 2022-06-13  
CVE-2019-11708 Mozilla
Firefox and Thunderbird Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability 2022-05-23 Mozilla Firefox and Thunderbird contain a sandbox escape vulnerability that could result in remote code execution. Apply updates per vendor instructions. 2022-06-13  
CVE-2019-8720 WebKitGTK
WebKitGTK WebKitGTK Memory Corruption Vulnerability 2022-05-23 WebKitGTK contains a memory corruption vulnerability which can allow an attacker to perform remote code execution. Apply updates per vendor instructions. 2022-06-13  
CVE-2019-18426 Meta Platforms
WhatsApp WhatsApp Cross-Site Scripting Vulnerability 2022-05-23 A vulnerability in WhatsApp Desktop when paired with WhatsApp for iPhone allows cross-site scripting and local file reading. Apply updates per vendor instructions. 2022-06-13  
CVE-2019-1385 Microsoft
Windows Microsoft Windows AppX Deployment Extensions Privilege Escalation Vulnerability 2022-05-23 A privilege escalation vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. Apply updates per vendor instructions. 2022-06-13  
CVE-2019-1130 Microsoft
Windows Microsoft Windows AppX Deployment Service Privilege Escalation Vulnerability 2022-05-23 A privilege escalation vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. Apply updates per vendor instructions. 2022-06-13  
CVE-2018-5002 Adobe
Flash Player Adobe Flash Player Stack-based Buffer Overflow Vulnerability 2022-05-23 Adobe Flash Player have a stack-based buffer overflow vulnerability that could lead to remote code execution. The impacted product is end-of-life and should be disconnected if still in use. 2022-06-13  
CVE-2018-8589 Microsoft
Win32k Microsoft Win32k Privilege Escalation Vulnerability 2022-05-23 A privilege escalation vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited this vulnerability could run remote code in the security context of the local system. Apply updates per vendor instructions. 2022-06-13  
CVE-2018-8611 Microsoft
Windows Microsoft Windows Kernel Privilege Escalation Vulnerability 2022-05-24 A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. Apply updates per vendor instructions. 2022-06-14  
CVE-2018-19953 QNAP
Network Attached Storage (NAS) QNAP NAS File Station Cross-Site Scripting Vulnerability 2022-05-24 A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code. Apply updates per vendor instructions. 2022-06-14  
CVE-2018-19949 QNAP
Network Attached Storage (NAS) QNAP NAS File Station Command Injection Vulnerability 2022-05-24 A command injection vulnerability affecting QNAP NAS File Station could allow remote attackers to run commands. Apply updates per vendor instructions. 2022-06-14  
CVE-2018-19943 QNAP
Network Attached Storage (NAS) QNAP NAS File Station Cross-Site Scripting Vulnerability 2022-05-24 A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code. Apply updates per vendor instructions. 2022-06-14  
CVE-2017-0147 Microsoft
SMBv1 server Microsoft Windows SMBv1 Information Disclosure Vulnerability 2022-05-24 The SMBv1 server in Microsoft Windows allows remote attackers to obtain sensitive information from process memory via a crafted packet. Apply updates per vendor instructions. 2022-06-14  
CVE-2017-0022 Microsoft
XML Core Services Microsoft XML Core Services Information Disclosure Vulnerability 2022-05-24 Microsoft XML Core Services (MSXML) improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site. Apply updates per vendor instructions. 2022-06-14  
CVE-2017-0005 Microsoft
Windows Microsoft Windows Graphics Device Interface (GDI) Privilege Escalation Vulnerability 2022-05-24 The Graphics Device Interface (GDI) in Microsoft Windows allows local users to gain privileges via a crafted application. Apply updates per vendor instructions. 2022-06-14  
CVE-2017-0149 Microsoft
Internet Explorer Microsoft Internet Explorer Memory Corruption Vulnerability 2022-05-24 Microsoft Internet Explorer allows remote attackers to execute code or cause a denial-of-service (memory corruption) via a crafted web site. Apply updates per vendor instructions. 2022-06-14  
CVE-2017-0210 Microsoft
Internet Explorer Microsoft Internet Explorer Privilege Escalation Vulnerability 2022-05-24 A privilege escalation vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information. Apply updates per vendor instructions. 2022-06-14  
CVE-2017-8291 Artifex
Ghostscript Artifex Ghostscript Type Confusion Vulnerability 2022-05-24 Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile. Apply updates per vendor instructions. 2022-06-14  
CVE-2017-8543 Microsoft
Windows Microsoft Windows Search Remote Code Execution Vulnerability 2022-05-24 Microsoft Windows allows an attacker to take control of the affected system when Windows Search fails to handle objects in memory. Apply updates per vendor instructions. 2022-06-14  
CVE-2017-18362 Kaseya
Virtual System/Server Administrator (VSA) Kaseya VSA SQL Injection Vulnerability 2022-05-24 ConnectWise ManagedITSync integration for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. The impacted product is end-of-life and should be disconnected if still in use. 2022-06-14  
CVE-2016-0162 Microsoft
Internet Explorer Microsoft Internet Explorer Information Disclosure Vulnerability 2022-05-24 An information disclosure vulnerability exists when Internet Explorer does not properly handle JavaScript. The vulnerability could allow an attacker to detect specific files on the user's computer. Apply updates per vendor instructions. 2022-06-14  
CVE-2016-3351 Microsoft
Internet Explorer and Edge Microsoft Internet Explorer and Edge Information Disclosure Vulnerability 2022-05-24 An information disclosure vulnerability exists in the way that certain functions in Internet Explorer and Edge handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer. Apply updates per vendor instructions. 2022-06-14  
CVE-2016-4655 Apple
iOS Apple iOS Information Disclosure Vulnerability 2022-05-24 The Apple iOS kernel allows attackers to obtain sensitive information from memory via a crafted application. Apply updates per vendor instructions. 2022-06-14  
CVE-2016-4656 Apple
iOS Apple iOS Memory Corruption Vulnerability 2022-05-24 A memory corruption vulnerability in Apple iOS kernel allows attackers to execute code in a privileged context or cause a denial-of-service via a crafted application. Apply updates per vendor instructions. 2022-06-14  
CVE-2016-4657 Apple
iOS Apple iOS Webkit Memory Corruption Vulnerability 2022-05-24 WebKit in Apple iOS contains a memory corruption vulnerability which allows attackers to execute remote code or cause a denial-of-service via a crafted web site. Apply updates per vendor instructions. 2022-06-14  
CVE-2016-6366 Cisco
Adaptive Security Appliance (ASA) Cisco Adaptive Security Appliance (ASA) SNMP Buffer Overflow Vulnerability 2022-05-24 A buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco ASA software could allow an attacker to cause a reload of the affected system or to remotely execute code. Apply updates per vendor instructions. 2022-06-14  
CVE-2016-6367 Cisco
Adaptive Security Appliance (ASA) Cisco Adaptive Security Appliance (ASA) CLI Remote Code Execution Vulnerability 2022-05-24 A vulnerability in the command-line interface (CLI) parser of Cisco ASA software could allow an authenticated, local attacker to create a denial-of-service condition or potentially execute code. Apply updates per vendor instructions. 2022-06-14  
CVE-2016-3298 Microsoft
Internet Explorer Microsoft Internet Explorer Messaging API Information Disclosure Vulnerability 2022-05-24 An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could allow the attacker to test for the presence of files on disk. Apply updates per vendor instructions. 2022-06-14  
CVE-2019-3010 Oracle
Solaris Oracle Solaris Privilege Escalation Vulnerability 2022-05-25 Oracle Solaris component: XScreenSaver contains an unspecified vulnerability which allows for privilege escalation. Apply updates per vendor instructions. 2022-06-15  
CVE-2016-3393 Microsoft
Windows Microsoft Windows Graphics Device Interface (GDI) Remote Code Execution Vulnerability 2022-05-25 A remote code execution vulnerability exists due to the way the Windows GDI component handles objects in the memory. An attacker who successfully exploits this vulnerability could take control of the affected system. Apply updates per vendor instructions. 2022-06-15  
CVE-2016-7256 Microsoft
Windows Microsoft Windows Open Type Font Remote Code Execution Vulnerability 2022-05-25 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits this vulnerability could take control of the affected system. Apply updates per vendor instructions. 2022-06-15  
CVE-2016-1010 Adobe
Flash Player and AIR Adobe Flash Player and AIR Integer Overflow Vulnerability 2022-05-25 Integer overflow vulnerability in Adobe Flash Player and AIR allows attackers to execute code. The impacted products are end-of-life and should be disconnected if still in use. 2022-06-15  
CVE-2016-0984 Adobe
Flash Player and AIR Adobe Flash Player and AIR Use-After-Free Vulnerability 2022-05-25 Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows attackers to execute code. The impacted products are end-of-life and should be disconnected if still in use. 2022-06-15  
CVE-2016-0034 Microsoft
Silverlight Microsoft Silverlight Runtime Remote Code Execution Vulnerability 2022-05-25 Microsoft Silverlight mishandles negative offsets during decoding, which allows attackers to execute remote code or cause a denial-of-service. The impacted products are end-of-life and should be disconnected if still in use. 2022-06-15  
CVE-2015-0310 Adobe
Flash Player Adobe Flash Player ASLR Bypass Vulnerability 2022-05-25 Adobe Flash Player does not properly restrict discovery of memory addresses, which allows attackers to bypass the address space layout randomization (ASLR) protection mechanism. The impacted product is end-of-life and should be disconnected if still in use. 2022-06-15  
CVE-2015-0016 Microsoft
Windows Microsoft Windows TS WebProxy Directory Traversal Vulnerability 2022-05-25 Directory traversal vulnerability in the TS WebProxy (TSWbPrxy) component in Microsoft Windows allows remote attackers to escalate privileges. Apply updates per vendor instructions. 2022-06-15  
CVE-2015-0071 Microsoft
Internet Explorer Microsoft Internet Explorer ASLR Bypass Vulnerability 2022-05-25 Microsoft Internet Explorer allows remote attackers to bypass the address space layout randomization (ASLR) protection mechanism via a crafted web site. Apply updates per vendor instructions. 2022-06-15  
CVE-2015-2360 Microsoft
Win32k Microsoft Win32k Privilege Escalation Vulnerability 2022-05-25 Win32k.sys in the kernel-mode drivers in Microsoft Windows allows local users to gain privileges or cause denial-of-service. Apply updates per vendor instructions. 2022-06-15  
CVE-2015-2425 Microsoft
Internet Explorer Microsoft Internet Explorer Memory Corruption Vulnerability 2022-05-25 Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service. Apply updates per vendor instructions. 2022-06-15  
CVE-2015-1769 Microsoft
Windows Microsoft Windows Mount Manager Privilege Escalation Vulnerability 2022-05-25 A privilege escalation vulnerability exists when the Windows Mount Manager component improperly processes symbolic links. Apply updates per vendor instructions. 2022-06-15  
CVE-2015-4495 Mozilla
Firefox Mozilla Firefox Security Feature Bypass Vulnerability 2022-05-25 Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges. Apply updates per vendor instructions. 2022-06-15  
CVE-2015-8651 Adobe
Flash Player Adobe Flash Player Integer Overflow Vulnerability 2022-05-25 Integer overflow in Adobe Flash Player allows attackers to execute code. The impacted product is end-of-life and should be disconnected if still in use. 2022-06-15  
CVE-2015-6175 Microsoft
Windows Microsoft Windows Kernel Privilege Escalation Vulnerability 2022-05-25 The kernel in Microsoft Windows contains a vulnerability that allows local users to gain privileges via a crafted application. Apply updates per vendor instructions. 2022-06-15  
CVE-2015-1671 Microsoft
Windows Microsoft Windows Remote Code Execution Vulnerability 2022-05-25 A remote code execution vulnerability exists when components of Windows, .NET Framework, Office, Lync, and Silverlight fail to properly handle TrueType fonts. Apply updates per vendor instructions. 2022-06-15  
CVE-2014-4148 Microsoft
Windows Microsoft Windows Remote Code Execution Vulnerability 2022-05-25 A remote code execution vulnerability exists when the Windows kernel-mode driver improperly handles TrueType fonts. Apply updates per vendor instructions. 2022-06-15  
CVE-2014-8439 Adobe
Flash Player Adobe Flash Player Dereferenced Pointer Vulnerability 2022-05-25 Adobe Flash Player has a vulnerability in the way it handles a dereferenced memory pointer which could lead to code execution. The impacted product is end-of-life and should be disconnected if still in use. 2022-06-15  
CVE-2014-4123 Microsoft
Internet Explorer Microsoft Internet Explorer Privilege Escalation Vulnerability 2022-05-25 Microsoft Internet Explorer contains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site. Apply updates per vendor instructions. 2022-06-15  
CVE-2014-0546 Adobe
Acrobat and Reader Adobe Acrobat and Reader Sandbox Bypass Vulnerability 2022-05-25 Adobe Acrobat and Reader on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context. Apply updates per vendor instructions. 2022-06-15  
CVE-2014-2817 Microsoft
Internet Explorer Microsoft Internet Explorer Privilege Escalation Vulnerability 2022-05-25 Microsoft Internet Explorer cotains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site. Apply updates per vendor instructions. 2022-06-15  
CVE-2014-4077 Microsoft
Input Method Editor (IME) Japanese Microsoft IME Japanese Privilege Escalation Vulnerability 2022-05-25 Microsoft Input Method Editor (IME) Japanese is a keyboard with Japanese characters that can be enabled on Windows systems as it is included by default (with the default set as disabled). IME Japanese contains an unspecified vulnerability when IMJPDCT.EXE (IME for Japanese) is installed which allows attackers to bypass a sandbox and perform privilege escalation. Apply updates per vendor instructions. 2022-06-15  
CVE-2014-3153 Linux
Kernel Linux Kernel Privilege Escalation Vulnerability 2022-05-25 The futex_requeue function in kernel/futex.c in Linux kernel does not ensure that calls have two different futex addresses, which allows local users to gain privileges. Apply updates per vendor instructions. 2022-06-15  
CVE-2013-7331 Microsoft
Internet Explorer Microsoft Internet Explorer Information Disclosure Vulnerability 2022-05-25 An information disclosure vulnerability exists in Internet Explorer which allows resources loaded into memory to be queried. This vulnerability could allow an attacker to detect anti-malware applications. Apply updates per vendor instructions. 2022-06-15  
CVE-2013-3993 IBM
InfoSphere BigInsights IBM InfoSphere BigInsights Invalid Input Vulnerability 2022-05-25 Certain APIs within BigInsights can take invalid input that might allow attackers unauthorized access to read, write, modify, or delete data. The impacted product is end-of-life and should be disconnected if still in use. 2022-06-15  
CVE-2013-3896 Microsoft
Silverlight Microsoft Silverlight Information Disclosure Vulnerability 2022-05-25 Microsoft Silverlight does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application. The impacted product is end-of-life and should be disconnected if still in use. 2022-06-15  
CVE-2013-2423 Oracle
Java Runtime Environment (JRE) Oracle JRE Unspecified Vulnerability 2022-05-25 Unspecified vulnerability in hotspot for Java Runtime Environment (JRE) allows remote attackers to affect integrity. Apply updates per vendor instructions. 2022-06-15  
CVE-2013-0431 Oracle
Java Runtime Environment (JRE) Oracle JRE Sandbox Bypass Vulnerability 2022-05-25 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox. Apply updates per vendor instructions. 2022-06-15  
CVE-2013-0422 Oracle
Java Runtime Environment (JRE) Oracle JRE Remote Code Execution Vulnerability 2022-05-25 A vulnerability in the way Java restricts the permissions of Java applets could allow an attacker to execute commands on a vulnerable system. Apply updates per vendor instructions. 2022-06-15  
CVE-2013-0074 Microsoft
Silverlight Microsoft Silverlight Double Dereference Vulnerability 2022-05-25 Microsoft Silverlight does not properly validate pointers during HTML object rendering, which allows remote attackers to execute code via a crafted Silverlight application. The impacted product is end-of-life and should be disconnected if still in use. 2022-06-15  
CVE-2012-1710 Oracle
Fusion Middleware Oracle Fusion Middleware Unspecified Vulnerability 2022-05-25 Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer. Apply updates per vendor instructions. 2022-06-15  
CVE-2010-1428 Red Hat
JBoss Red Hat JBoss Information Disclosure Vulnerability 2022-05-25 Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker could use this flaw to gain access to sensitive information. Apply updates per vendor instructions. 2022-06-15  
CVE-2010-0840 Oracle
Java Runtime Environment (JRE) Oracle JRE Unspecified Vulnerability 2022-05-25 Unspecified vulnerability in the Java Runtime Environment (JRE) in Java SE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Apply updates per vendor instructions. 2022-06-15  
CVE-2010-0738 Red Hat
JBoss Red Hat JBoss Authentication Bypass Vulnerability 2022-05-25 The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method. Apply updates per vendor instructions. 2022-06-15  
CVE-2022-26134 Atlassian
Confluence Server/Data Center Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability 2022-06-02 Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code execution. Immediately block all internet traffic to and from affected products AND apply the update per vendor instructions [https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html] OR remove the affected products by the due date on the right. Note: Once the update is successfully deployed, agencies can reassess the internet blocking rules. 2022-06-06  
CVE-2022-31460 Owl Labs
Meeting Owl Pro and Whiteboard Owl Meeting Owl Pro and Whiteboard Owl Hard-Coded Credentials Vulnerability 2022-06-08 Owl Labs Meeting Owl and Whiteboard Owl allow attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value. Apply updates per vendor instructions. 2022-06-22  
CVE-2019-7195 QNAP
Photo Station QNAP Photo Station Path Traversal Vulnerability 2022-06-08 QNAP devices running Photo Station contains an external control of file name or path vulnerability allowing remote attackers to access or modify system files. Apply updates per vendor instructions. 2022-06-22  
CVE-2019-7194 QNAP
Photo Station QNAP Photo Station Path Traversal Vulnerability 2022-06-08 QNAP devices running Photo Station contains an external control of file name or path vulnerability allowing remote attackers to access or modify system files. Apply updates per vendor instructions. 2022-06-22  
CVE-2019-7193 QNAP
QTS QNAP QTS Improper Input Validation Vulnerability 2022-06-08 QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system. Apply updates per vendor instructions. 2022-06-22  
CVE-2019-7192 QNAP
Photo Station QNAP Photo Station Improper Access Control Vulnerability 2022-06-08 QNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system. Apply updates per vendor instructions. 2022-06-22  
CVE-2019-5825 Google
Chromium V8 Engine Google Chromium V8 Out-of-Bounds Write Vulnerability 2022-06-08 Google Chromium V8 contains an out-of-bounds write vulnerability which allows a remote attacker to potentially exploit heap corruption. Apply updates per vendor instructions. 2022-06-22  
CVE-2019-15271 Cisco
RV Series Routers Cisco RV Series Routers Deserialization of Untrusted Data Vulnerability 2022-06-08 A deserialization of untrusted data vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an attacker to execute code with root privileges. Apply updates per vendor instructions. 2022-06-22  
CVE-2018-6065 Google
Chromium V8 Engine Google Chromium V8 Integer Overflow Vulnerability 2022-06-08 Google Chromium V8 Engine contains an integer overflow vulnerability which allows a remote attacker to potentially exploit heap corruption. Apply updates per vendor instructions. 2022-06-22  
CVE-2018-4990 Adobe
Acrobat and Reader Adobe Acrobat and Reader Double Free Vulnerability 2022-06-08 Adobe Acrobat and Reader have a double free vulnerability that could lead to remote code execution. Apply updates per vendor instructions. 2022-06-22  
CVE-2018-17480 Google
Chromium V8 Engine Google Chromium V8 Out-of-Bounds Write Vulnerability 2022-06-08 Google Chromium V8 contains an out-of-bounds write vulnerability which allows a remote attacker to execute code inside a sandbox. Apply updates per vendor instructions. 2022-06-22  
CVE-2018-17463 Google
Chromium V8 Engine Google Chromium V8 Remote Code Execution Vulnerability 2022-06-08 Google Chromium V8 contains an unspecified vulnerability which allows for remote code execution. Apply updates per vendor instructions. 2022-06-22  
CVE-2017-6862 NETGEAR
Multiple Devices NETGEAR Multiple Devices Buffer Overflow Vulnerability 2022-06-08 Multiple NETGEAR devices contain a buffer overflow vulnerability that allow for authentication bypass and remote code execution. Apply updates per vendor instructions. 2022-06-22  
CVE-2017-5070 Google
Chromium V8 Engine Google Chromium V8 Type Confusion Vulnerability 2022-06-08 Google Chromium V8 Engine contains a type confusion vulnerability which allows a remote attacker to execute code inside a sandbox. Apply updates per vendor instructions. 2022-06-22  
CVE-2017-5030 Google
Chromium V8 Engine Google Chromium V8 Memory Corruption Vulnerability 2022-06-08 Google Chromium V8 Engine contains a memory corruption vulnerability which allows a remote attacker to execute code. Apply updates per vendor instructions. 2022-06-22  
CVE-2016-5198 Google
Chromium V8 Engine Google Chromium V8 Out-of-Bounds Memory Vulnerability 2022-06-08 Google Chromium V8 Engine contains an out-of-bounds memory vulnerability. Apply updates per vendor instructions. 2022-06-22  
CVE-2016-1646 Google
Chromium V8 Engine Google Chromium V8 Out-of-Bounds Read Vulnerability 2022-06-08 Google Chromium V8 contains an out-of-bounds read vulnerability. Apply updates per vendor instructions. 2022-06-22  
CVE-2013-1331 Microsoft
Office Microsoft Office Buffer Overflow Vulnerability 2022-06-08 Microsoft Office contains a buffer overflow vulnerability which allows remote attackers to execute code via crafted PNG data in an Office document. Apply updates per vendor instructions. 2022-06-22  
CVE-2012-5054 Adobe
Flash Player Adobe Flash Player Integer Overflow Vulnerability 2022-06-08 Adobe Flash Player contains an integer overflow vulnerability which allows remote attackers to execute code via malformed arguments. The impacted product is end-of-life and should be disconnected if still in use. 2022-06-22  
CVE-2012-4969 Microsoft
Internet Explorer Microsoft Internet Explorer Use-After-Free Vulnerability 2022-06-08 Microsoft Internet Explorer contains a use-after-free vulnerability which allows remote attackers to execute code via a crafted web site. Apply updates per vendor instructions. 2022-06-22  
CVE-2012-1889 Microsoft
XML Core Services Microsoft XML Core Services Memory Corruption Vulnerability 2022-06-08 Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution. Apply updates per vendor instructions. 2022-06-22  
CVE-2012-0767 Adobe
Flash Player Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability 2022-06-08 Adobe Flash Player contains a XSS vulnerability which allows remote attackers to inject web script or HTML. The impacted product is end-of-life and should be disconnected if still in use. 2022-06-22  
CVE-2012-0754 Adobe
Flash Player Adobe Flash Player Memory Corruption Vulnerability 2022-06-08 Adobe Flash Player contains a memory corruption vulnerability which allows remote attackers to execute code or cause denial-of-service. The impacted product is end-of-life and should be disconnected if still in use. 2022-06-22  
CVE-2012-0151 Microsoft
Windows Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability 2022-06-08 The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute code. Apply updates per vendor instructions. 2022-06-22  
CVE-2011-2462 Adobe
Acrobat and Reader Adobe Acrobat and Reader Universal 3D Memory Corruption Vulnerability 2022-06-08 The Universal 3D (U3D) component in Adobe Acrobat and Reader contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service. Apply updates per vendor instructions. 2022-06-22  
CVE-2011-0609 Adobe
Flash Player Adobe Flash Player Unspecified Vulnerability 2022-06-08 Adobe Flash Player contains an unspecified vulnerability which allows remote attackers to execute code or cause denial-of-service. The impacted product is end-of-life and should be disconnected if still in use. 2022-06-22  
CVE-2010-2883 Adobe
Reader and Acrobat Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability 2022-06-08 Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability which allows remote attackers to execute code or cause denial-of-service. Apply updates per vendor instructions. 2022-06-22  
CVE-2010-2572 Microsoft
PowerPoint Microsoft PowerPoint Buffer Overflow Vulnerability 2022-06-08 Microsoft PowerPoint contains a buffer overflow vulnerability that alllows for remote code execution. Apply updates per vendor instructions. 2022-06-22  
CVE-2010-1297 Adobe
Flash Player Adobe Flash Player Memory Corruption Vulnerability 2022-06-08 Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service. The impacted product is end-of-life and should be disconnected if still in use. 2022-06-22  
CVE-2009-4324 Adobe
Acrobat and Reader Adobe Acrobat and Reader Use-After-Free Vulnerability 2022-06-08 Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file. Apply updates per vendor instructions. 2022-06-22  
CVE-2009-3953 Adobe
Acrobat and Reader Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability 2022-06-08 Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution. Apply updates per vendor instructions. 2022-06-22  
CVE-2009-1862 Adobe
Acrobat and Reader, Flash Player Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability 2022-06-08 Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service. For Adobe Acrobat and Reader, apply updates per vendor instructions. For Adobe Flash Player, the impacted product is end-of-life and should be disconnected if still in use. 2022-06-22  
CVE-2009-0563 Microsoft
Office Microsoft Office Buffer Overflow Vulnerability 2022-06-08 Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via a Word document with a crafted tag containing an invalid length field. Apply updates per vendor instructions. 2022-06-22  
CVE-2009-0557 Microsoft
Office Microsoft Office Object Record Corruption Vulnerability 2022-06-08 Microsoft Office contains an object record corruption vulnerability which allows remote attackers to execute code via a crafted Excel file with a malformed record object. Apply updates per vendor instructions. 2022-06-22  
CVE-2008-0655 Adobe
Acrobat and Reader Adobe Acrobat and Reader Unspecified Vulnerability 2022-06-08 Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times. Apply updates per vendor instructions. 2022-06-22  
CVE-2007-5659 Adobe
Acrobat and Reader Adobe Acrobat and Reader Buffer Overflow Vulnerability 2022-06-08 Adobe Acrobat and Reader contain a buffer overflow vulnerability which allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods. Apply updates per vendor instructions. 2022-06-22  
CVE-2006-2492 Microsoft
Word Microsoft Word Malformed Object Pointer Vulnerability 2022-06-08 Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code. Apply updates per vendor instructions. 2022-06-22  
CVE-2021-38163 SAP
NetWeaver SAP NetWeaver Unrestricted File Upload Vulnerability 2022-06-09 SAP NetWeaver contains a vulnerability that allows unrestricted file upload. Apply updates per vendor instructions. 2022-06-30  
CVE-2016-2386 SAP
NetWeaver SAP NetWeaver SQL Injection Vulnerability 2022-06-09 SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Apply updates per vendor instructions. 2022-06-30  
CVE-2016-2388 SAP
NetWeaver SAP NetWeaver Information Disclosure Vulnerability 2022-06-09 The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request. Apply updates per vendor instructions. 2022-06-30  
CVE-2022-30190 Microsoft
Windows Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability 2022-06-14 A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application. Apply updates per vendor instructions. 2022-07-05  
Back to top