Search
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-2773 | unknown | — | 2.5 | KEVEXP | 4y ago | HP OpenView Network Node Manager could allow a remote attacker to execute arbitrary commands on the system. | ||
| CVE-2019-1405 | unknown | — | 2.5 | KEVEXP | 4y ago | A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation. | ||
| CVE-2019-1322 | unknown | — | 2.5 | KEVEXP | 4y ago | A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated conte… | ||
| CVE-2019-1253 | unknown | — | 2.5 | KEVEXP | 4y ago | A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions. | ||
| CVE-2019-1132 | unknown | — | 2.5 | KEVEXP | 4y ago | A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. | ||
| CVE-2019-0841 | unknown | — | 2.5 | KEVEXP | 4y ago | A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. | ||
| CVE-2019-0543 | unknown | — | 2.5 | KEVEXP | 4y ago | A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated conte… | ||
| CVE-2018-8120 | unknown | — | 2.5 | KEVEXP | 4y ago | A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. | ||
| CVE-2018-13405 | high | — | 9.0 | EXPFIX | sles rocky debian | 4y ago | The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certai… | |
| CVE-2017-0101 | unknown | — | 2.5 | KEVEXP | 4y ago | A privilege escalation vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. | ||
| CVE-2016-3309 | unknown | — | 2.5 | KEVEXP | 4y ago | A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in k… | ||
| CVE-2022-22942 | high | — | 9.0 | EXPFIX | sles rocky debian | 4y ago | The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer. | |
| CVE-2022-0492 | high | 7.8 | 10.0 | KEVEXPFIX | sles rocky debian | redhatnetapp | 4y ago | Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 release_agent feature. |
| CVE-2017-6077 | unknown | — | 2.5 | KEVEXP | 4y ago | NETGEAR DGN2200 wireless routers contain a vulnerability that allows for remote code execution. | ||
| CVE-2016-6277 | unknown | — | 2.5 | KEVEXP | 4y ago | NETGEAR confirmed multiple routers allow unauthenticated web pages to pass form input directly to the command-line interface, permitting remote code execution. | ||
| CVE-2013-0629 | unknown | — | 2.5 | KEVEXP | 4y ago | Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories. | ||
| CVE-2013-0625 | unknown | — | 2.5 | KEVEXP | 4y ago | Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access. | ||
| CVE-2009-3960 | unknown | — | 2.5 | KEVEXP | 4y ago | Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure. | ||
| CVE-2022-22947 | unknown | — | 2.5 | KEVEXP | 4y ago | Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. | ||
| CVE-2022-20699 | unknown | — | 2.5 | KEVEXP | 4y ago | A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary … | ||
| CVE-2019-1652 | unknown | — | 2.5 | KEVEXP | 4y ago | A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges… | ||
| CVE-2017-8540 | unknown | — | 2.5 | KEVEXP | 4y ago | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and… | ||
| CVE-2017-6736 | unknown | — | 2.5 | KEVEXP | 4y ago | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code. | ||
| CVE-2016-5195 | high | — | 10.0 | KEVEXPFIX | sles arch debian | 4y ago | Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges. | |
| CVE-2016-4117 | unknown | — | 2.5 | KEVEXP | sles | 4y ago | An access of resource using incompatible type vulnerability exists within Adobe Flash Player that allows an attacker to perform remote code execution. | |
| CVE-2016-0099 | unknown | — | 2.5 | KEVEXP | 4y ago | A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who successfully exploited this… | ||
| CVE-2015-7645 | unknown | — | 2.5 | KEVEXP | 4y ago | Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file. | ||
| CVE-2015-5119 | unknown | — | 2.5 | KEVEXP | 4y ago | A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution. | ||
| CVE-2015-3043 | unknown | — | 2.5 | KEVEXP | 4y ago | A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution. | ||
| CVE-2015-1701 | unknown | — | 2.5 | KEVEXP | 4y ago | An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privileges. | ||
| CVE-2014-4114 | unknown | — | 2.5 | KEVEXP | 4y ago | A vulnerability exists in Windows Object Linking & Embedding (OLE) that could allow remote code execution if a user opens a file that contains a specially crafted OLE object. | ||
| CVE-2013-5065 | unknown | — | 2.5 | KEVEXP | 4y ago | Microsoft Windows NDProxy.sys in the kernel contains an improper input validation vulnerability which can allow a local attacker to escalate privileges. | ||
| CVE-2013-3897 | unknown | — | 2.5 | KEVEXP | 4y ago | A use-after-free vulnerability exists within CDisplayPointer in Microsoft Internet Explorer that allows an attacker to remotely execute arbitrary code. | ||
| CVE-2013-3346 | unknown | — | 2.5 | KEVEXP | 4y ago | Adobe Reader and Acrobat contain a memory corruption vulnerability which can allow attackers to execute arbitrary code or cause a denial of service. | ||
| CVE-2013-1347 | unknown | — | 2.5 | KEVEXP | 4y ago | This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. | ||
| CVE-2013-0640 | unknown | — | 2.5 | KEVEXP | 4y ago | An memory corruption vulnerability exists in the acroform.dll in Adobe Reader that allows an attacker to perform remote code execution. | ||
| CVE-2013-0632 | unknown | — | 2.5 | KEVEXP | 4y ago | An authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access. | ||
| CVE-2012-4681 | unknown | — | 2.5 | KEVEXP | 4y ago | The Java Runtime Environment (JRE) component in Oracle Java SE allow for remote code execution. | ||
| CVE-2012-1723 | unknown | — | 2.5 | KEVEXP | 4y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related … | ||
| CVE-2012-1535 | unknown | — | 2.5 | KEVEXP | 4y ago | Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content. | ||
| CVE-2012-0507 | unknown | — | 2.5 | KEVEXP | 4y ago | An incorrect type vulnerability exists in the Concurrency component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code. | ||
| CVE-2011-3544 | unknown | — | 2.5 | KEVEXP | 4y ago | An access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code. | ||
| CVE-2011-0611 | unknown | — | 2.5 | KEVEXP | 4y ago | Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content. | ||
| CVE-2010-3333 | unknown | — | 2.5 | KEVEXP | 4y ago | A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution. | ||
| CVE-2010-0232 | unknown | — | 2.5 | KEVEXP | 4y ago | The kernel in Microsoft Windows, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges. | ||
| CVE-2010-0188 | unknown | — | 2.5 | KEVEXP | 4y ago | Unspecified vulnerability in Adobe Reader and Acrobat allows attackers to cause a denial of service or possibly execute arbitrary code. | ||
| CVE-2009-3129 | unknown | — | 2.5 | KEVEXP | 4y ago | Microsoft Office Excel allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset. | ||
| CVE-2008-3431 | unknown | — | 2.5 | KEVEXP | 4y ago | An input validation vulnerability exists in the VBoxDrv.sys driver of Sun xVM VirtualBox which allows attackers to locally execute arbitrary code. | ||
| CVE-2008-2992 | unknown | — | 2.5 | KEVEXP | 4y ago | Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution. | ||
| CVE-2004-0210 | unknown | — | 2.5 | KEVEXP | 4y ago | A privilege elevation vulnerability exists in the POSIX subsystem. This vulnerability could allow a logged on user to take complete control of the system. | ||
| CVE-2002-0367 | unknown | — | 2.5 | KEVEXP | 4y ago | smss.exe debugging subsystem in Microsoft Windows does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges. | ||
| CVE-2017-8570 | unknown | — | 2.5 | KEVEXP | 4y ago | A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. | ||
| CVE-2014-6352 | unknown | — | 2.5 | KEVEXP | 4y ago | Microsoft Windows allow remote attackers to execute arbitrary code via a crafted OLE object. | ||
| CVE-2020-13379 | high | — | 9.0 | EXP | sles rhel | 4y ago | RHSA-2020:2641: grafana security update (Important) | |
| CVE-2019-0752 | unknown | — | 2.5 | KEVEXP | 4y ago | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer | ||
| CVE-2018-8174 | unknown | — | 2.5 | KEVEXP | 4y ago | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution" | ||
| CVE-2018-20250 | unknown | — | 2.5 | KEVEXP | 4y ago | WinRAR Absolute Path Traversal vulnerability leads to Remote Code Execution | ||
| CVE-2018-15982 | unknown | — | 2.5 | KEVEXP | 4y ago | Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free Vulnerability | ||
| CVE-2014-1761 | unknown | — | 2.5 | KEVEXP | 4y ago | Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution. | ||
| CVE-2013-3906 | unknown | — | 2.5 | KEVEXP | 4y ago | Microsoft Graphics Component contains a memory corruption vulnerability which can allow for remote code execution. | ||
| CVE-2020-27955 | unknown | — | 1.0 | EXPFIX | debian | 4y ago | Git LFS 2.12.0 allows Remote Code Execution. | |
| CVE-2020-13951 | unknown | — | 1.0 | EXP | 4y ago | Denial of service in Apache OpenMeetings | ||
| CVE-2021-36934 | unknown | — | 2.5 | KEVEXP | 4y ago | If a Volume Shadow Copy (VSS) shadow copy of the system drive is available, users can read the SAM file which would allow any user to escalate privileges to SYSTEM level. | ||
| CVE-2020-0796 | unknown | — | 2.5 | KEVEXP | 4y ago | A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerabili… | ||
| CVE-2017-8464 | unknown | — | 2.5 | KEVEXP | 4y ago | Windows Shell in multiple versions of Microsoft Windows allows local users or remote attackers to execute arbitrary code via a crafted .LNK file | ||
| CVE-2017-10271 | unknown | — | 2.5 | KEVEXP | 4y ago | Oracle Corporation WebLogic Server contains a vulnerability that allows for remote code execution. | ||
| CVE-2017-0263 | unknown | — | 2.5 | KEVEXP | 4y ago | Microsoft Win32k contains a privilege escalation vulnerability due to the Windows kernel-mode driver failing to properly handle objects in memory. | ||
| CVE-2017-0145 | unknown | — | 2.5 | KEVEXP | 4y ago | The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets. | ||
| CVE-2017-0144 | unknown | — | 2.5 | KEVEXP | 4y ago | The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets. | ||
| CVE-2015-2051 | unknown | — | 2.5 | KEVEXP | 4y ago | D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface. | ||
| CVE-2015-1635 | unknown | — | 2.5 | KEVEXP | 4y ago | Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability that allows for remote code execution. | ||
| CVE-2015-1130 | unknown | — | 2.5 | KEVEXP | 4y ago | The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges. | ||
| CVE-2014-4404 | unknown | — | 2.5 | KEVEXP | 4y ago | Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context. | ||
| CVE-2020-17530 | unknown | — | 2.5 | KEVEXP | sles | 4y ago | Forced Object-Graph Navigation Language (OGNL) evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution. | |
| CVE-2022-21882 | unknown | — | 2.5 | KEVEXP | 4y ago | Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. | ||
| CVE-2020-5722 | unknown | — | 2.5 | KEVEXP | 4y ago | Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. Exploitation can allow for code execution as root. | ||
| CVE-2020-0787 | unknown | — | 2.5 | KEVEXP | 4y ago | Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this vulnerability to execute arbitrary code with system-l… | ||
| CVE-2017-5689 | unknown | — | 2.5 | KEVEXP | 4y ago | Intel products contain a vulnerability which can allow attackers to perform privilege escalation. | ||
| CVE-2014-7169 | unknown | — | 2.5 | KEVEXPFIX | debian | 4y ago | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. This CVE correctly remediates the vul… | |
| CVE-2014-6271 | unknown | — | 2.5 | KEVEXPFIX | sles debian | 4y ago | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. | |
| CVE-2021-44790 | high | — | 9.0 | EXPFIX | debian sles rocky | 4y ago | A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerab… | |
| CVE-2018-8453 | unknown | — | 2.5 | KEVEXP | 4y ago | Microsoft Windows Win32k contains a vulnerability that allows an attacker to escalate privileges. | ||
| CVE-2021-25298 | unknown | — | 2.5 | KEVEXP | 4y ago | Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server. | ||
| CVE-2021-25297 | unknown | — | 2.5 | KEVEXP | 4y ago | Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server. | ||
| CVE-2021-25296 | unknown | — | 2.5 | KEVEXP | 4y ago | Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server. | ||
| CVE-2021-21975 | unknown | — | 2.5 | KEVEXP | 4y ago | Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to s… | ||
| CVE-2020-14864 | unknown | — | 2.5 | KEVEXP | 4y ago | Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file. | ||
| CVE-2021-36260 | unknown | — | 2.5 | KEVEXP | 5y ago | A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation. | ||
| CVE-2019-9670 | unknown | — | 2.5 | KEVEXP | 5y ago | Synacor Zimbra Collaboration Suite (ZCS) contains an improper restriction of XML external entity (XXE) vulnerability in the mailboxd component. | ||
| CVE-2019-7609 | unknown | — | 2.5 | KEVEXP | sles | 5y ago | Kibana contain an arbitrary code execution flaw in the Timelion visualizer. | |
| CVE-2019-2725 | unknown | — | 2.5 | KEVEXP | 5y ago | Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). | ||
| CVE-2019-1458 | unknown | — | 2.5 | KEVEXP | 5y ago | A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP. | ||
| CVE-2018-13382 | unknown | — | 2.5 | KEVEXP | 5y ago | An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password. | ||
| CVE-2015-7450 | unknown | — | 2.5 | KEVEXP | 5y ago | Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands | ||
| CVE-2021-45046 | unknown | — | 2.5 | KEVEXPFIX | debian sles | 5y ago | Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in… | |
| CVE-2020-8816 | unknown | — | 2.5 | KEVEXP | 5y ago | Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. | ||
| CVE-2019-13272 | high | — | 10.0 | KEVEXPFIX | sles debian rhel | 5y ago | Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability that allows local users to obtain root access. | |
| CVE-2017-17562 | unknown | — | 2.5 | KEVEXP | 5y ago | Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. | ||
| CVE-2017-12149 | unknown | — | 2.5 | KEVEXP | 5y ago | The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data. | ||
| CVE-2010-1871 | unknown | — | 2.5 | KEVEXP | 5y ago | JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when … |