| CVE-2021-35211 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
SolarWinds Serv-U contains an unspecified memory escape vulnerability which can allow for remote code execution. |
| CVE-2021-34527 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation allows an atta… |
| CVE-2021-34523 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2021-34473 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. |
| CVE-2021-34448 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Microsoft Windows Scripting Engine contains an unspecified vulnerability that allows for memory corruption. |
| CVE-2021-33771 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2021-33742 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution. |
| CVE-2021-33739 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Microsoft Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2021-31979 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2021-31956 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Microsoft Windows New Technology File System (NTFS) contains an unspecified vulnerability that allows attackers to escalate privileges via a specially crafted application. |
| CVE-2021-31955 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Microsoft Windows Kernel contains an unspecified vulnerability that allows for information disclosure. Successful exploitation allows attackers to read the contents of kernel memory from a user-mode … |
| CVE-2021-31755 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Tenda AC11 devices contain a stack buffer overflow vulnerability in /goform/setmac which allows attackers to execute code via a crafted post request. |
| CVE-2021-31207 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass. |
| CVE-2021-31201 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2021-31199 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2021-30869 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Apple iOS, iPadOS, and macOS contain a type confusion vulnerability in the XNU which may allow a malicious application to execute code with kernel privileges. |
| CVE-2021-30860 |
unknown |
— |
1.5 |
KEV |
sles |
|
5y ago |
Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerability is also known … |
| CVE-2021-30807 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Apple iOS, iPadOS, macOS, and watchOS IOMobileFrameBuffer contain a memory corruption vulnerability which may allow an application to execute code with kernel privileges. |
| CVE-2021-30713 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Apple macOS Transparency, Consent, and Control (TCC) contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences. |
| CVE-2021-30657 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
Apple macOS contains an unspecified logic issue in System Preferences that may allow a malicious application to bypass Gatekeeper checks. |
| CVE-2021-30116 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Kaseya Virtual System/Server Administrator (VSA) contains an information disclosure vulnerability allowing an attacker to obtain the sessionId that can be used to execute further attacks against the … |
| CVE-2021-28664 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Arm Mali Graphics Processing Unit (GPU) kernel driver contains an unspecified vulnerability that may allow a non-privileged user to gain write access to read-only memory, gain root privilege, corrupt… |
| CVE-2021-28663 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Arm Mali Graphics Processing Unit (GPU) kernel driver contains a use-after-free vulnerability that may allow a non-privileged user to make improper operations on GPU memory to gain root privilege, an… |
| CVE-2021-28550 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user. |
| CVE-2021-28310 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Microsoft Windows Win32k contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2021-27562 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Arm Trusted Firmware contains an out-of-bounds write vulnerability allowing the non-secure (NS) world to trigger a system halt, overwrite secure data, or print out secure data when calling secure fun… |
| CVE-2021-27561 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Yealink Device Management contains a server-side request forgery (SSRF) vulnerability that allows for unauthenticated remote code execution. |
| CVE-2021-27104 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints. |
| CVE-2021-27103 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html. |
| CVE-2021-27102 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Accellion FTA contains an OS command injection vulnerability exploited via a local web service call. |
| CVE-2021-27101 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to document_root.html. |
| CVE-2021-27085 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Microsoft Internet Explorer contains an unspecified vulnerability that allows for remote code execution. |
| CVE-2021-27065 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain. |
| CVE-2021-27059 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Microsoft Office contains an unspecified vulnerability that allows for remote code execution. |
| CVE-2021-26858 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain. |
| CVE-2021-26857 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain. |
| CVE-2021-26855 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain. |
| CVE-2021-26411 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption. |
| CVE-2021-26084 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execute code. |
| CVE-2021-23874 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
McAfee Total Protection (MTP) contains an improper privilege management vulnerability that allows a local user to gain elevated privileges and execute code, bypassing MTP self-defense. |
| CVE-2021-22986 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
F5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers with network access to execute system co… |
| CVE-2021-22900 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the admin… |
| CVE-2021-22899 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles. |
| CVE-2021-22894 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciously crafted meeting ro… |
| CVE-2021-22893 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services. |
| CVE-2021-22506 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Micro Focus Access Manager contains an information leakage vulnerability resulting from a SAML service provider redirection issue when the Assertion Consumer Service URL is used. |
| CVE-2021-22502 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
Micro Focus Operation Bridge Report (OBR) contains an unspecified vulnerability that allows for remote code execution. |
| CVE-2021-22005 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
VMware vCenter Server contains a file upload vulnerability in the Analytics service that allows a user with network access to port 443 to execute code. |
| CVE-2021-21985 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code executio… |
| CVE-2021-21972 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute commands with unrest… |
| CVE-2021-21017 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user. |
| CVE-2021-20090 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Arcadyan Buffalo firmware contains a path traversal vulnerability that could allow unauthenticated, remote attackers to bypass authentication and access sensitive information. This vulnerability affe… |
| CVE-2021-20023 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Se… |
| CVE-2021-20022 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability ha… |
| CVE-2021-20021 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This… |
| CVE-2021-20016 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker. |
| CVE-2021-1906 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Multiple Qualcomm chipsets contain a detection of error condition without action vulnerability when improper handling of address deregistration on failure can lead to new GPU address allocation failu… |
| CVE-2021-1905 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Multiple Qualcomm Chipsets contain a use after free vulnerability due to improper handling of memory mapping of multiple processes simultaneously. |
| CVE-2021-1879 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Apple iOS, iPadOS, and watchOS WebKit contain an unspecified vulnerability that allows for universal cross-site scripting (XSS) when processing maliciously crafted web content. This vulnerability cou… |
| CVE-2021-1782 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condition vulnerability that may allow a malicious application to elevate privileges. |
| CVE-2021-1732 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2021-1675 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution. |
| CVE-2021-1647 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Microsoft Defender contains an unspecified vulnerability that allows for remote code execution. |
| CVE-2021-1498 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user. |
| CVE-2021-1497 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the root user. |
| CVE-2020-9859 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Apple iOS, iPadOS, macOS, watchOS, and tvOS contain an unspecified vulnerability that may allow an application to execute code with kernel privileges. |
| CVE-2020-9819 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Apple iOS, iPadOS, and watchOS Mail contains a memory corruption vulnerability that may allow heap corruption when processing a maliciously crafted mail message. |
| CVE-2020-9818 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Apple iOS, iPadOS, and watchOS Mail contains an out-of-bounds write vulnerability which may allow memory modification or application termination when processing a maliciously crafted mail message. |
| CVE-2020-8657 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
EyesOfNetwork contains a use of hard-coded credentials vulnerability, as it uses the same API key by default. Exploitation allows an attacker to calculate or guess the admin access token. |
| CVE-2020-8655 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
EyesOfNetwork contains an improper privilege management vulnerability that may allow a user to run commands as root via a crafted Nmap Scripting Engine (NSE) script to nmap7. |
| CVE-2020-8644 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
PlaySMS contains a server-side template injection vulnerability that allows for remote code execution. |
| CVE-2020-8599 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login. |
| CVE-2020-8515 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
DrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution. |
| CVE-2020-8468 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components. |
| CVE-2020-8467 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Trend Micro Apex One and OfficeScan contain an unspecified vulnerability within a migration tool component that allows for remote code execution. |
| CVE-2020-8260 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction. |
| CVE-2020-8243 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution. |
| CVE-2020-8196 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability. |
| CVE-2020-8195 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability. |
| CVE-2020-8193 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL endpoints. The attacke… |
| CVE-2020-6287 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
SAP NetWeaver Application Server Java Platforms contains a missing authentication for critical function vulnerability allowing unauthenticated access to execute configuration tasks and create adminis… |
| CVE-2020-6207 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
SAP Solution Manager User Experience Monitoring contains a missing authentication for critical function vulnerability which results in complete compromise of all SMDAgents connected to the Solution M… |
| CVE-2020-5902 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
F5 BIG-IP Traffic Management User Interface (TMUI) contains a remote code execution vulnerability in undisclosed pages. |
| CVE-2020-5849 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
Unraid contains an authentication bypass vulnerability that allows attackers to gain access to the administrative interface. This CVE is chainable with CVE-2020-5847 for remote code execution. |
| CVE-2020-5847 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable with CVE-2020-5849 for initial access. |
| CVE-2020-5735 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
Amcrest cameras and NVR contain a stack-based buffer overflow vulnerability through port 37777 that allows an unauthenticated, remote attacker to crash the device and possibly execute code. |
| CVE-2020-4430 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
IBM Data Risk Manager contains a directory traversal vulnerability that could allow a remote authenticated attacker to traverse directories and send a specially crafted URL request to download arbitr… |
| CVE-2020-4428 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
IBM Data Risk Manager contains an unspecified vulnerability which could allow a remote, authenticated attacker to execute commands on the system.� |
| CVE-2020-4427 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
IBM Data Risk Manager contains a security bypass vulnerability that could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially craf… |
| CVE-2020-4006 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative config… |
| CVE-2020-3992 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
VMware ESXi OpenSLP contains a use-after-free vulnerability that allows an attacker residing in the management network with access to port 427 to perform remote code execution. |
| CVE-2020-3952 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
VMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service (vmdir) when the Platform Services Controller (PSC) does not correctly implement access controls… |
| CVE-2020-3950 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
VMware Fusion, Remote Console (VMRC) for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries that allows attackers to escalate privileg… |
| CVE-2020-3580 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an insufficient input validation vulnerability for user-supplied input by the web services interface. Successful ex… |
| CVE-2020-3569 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to … |
| CVE-2020-3566 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to … |
| CVE-2020-3452 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an improper input validation vulnerability when HTTP requests process URLs. An attacker could exploit this vulnerab… |
| CVE-2020-3161 |
unknown |
— |
2.5 |
KEVEXP |
|
|
5y ago |
Cisco IP Phones contain an improper input validation vulnerability for HTTP requests. Exploitation could allow an attacker to execute code remotely with root privileges or cause a denial-of-service (… |
| CVE-2020-3118 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute code with administra… |
| CVE-2020-29583 |
unknown |
— |
1.5 |
KEV |
|
|
5y ago |
Zyxel firewalls (ATP, USG, VM) and AP Controllers (NXC2500 and NXC5500) contain a use of hard-coded credentials vulnerability in an undocumented account ("zyfwp") with an unchangeable password. |
