Active threat advisories and known exploited vulnerabilities.

Critical CVE-2022-26143 Mitel · MiCollab, MiVoice Business Express Added Mar 25, 2022

MiCollab, MiVoice Business Express Access Control Vulnerability

A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-21999 Microsoft · Windows Added Mar 25, 2022

Microsoft Windows Print Spooler Privilege Escalation Vulnerability

Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2021-42237 Sitecore · XP Added Mar 25, 2022

Sitecore XP Remote Command Execution Vulnerability

Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2021-22941 Citrix · ShareFile Added Mar 25, 2022

Citrix ShareFile Improper Access Control Vulnerability

Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2020-9377 D-Link · DIR-610 Devices Added Mar 25, 2022

D-Link DIR-610 Devices Remote Command Execution

D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2020-9054 Zyxel · Multiple Network-Attached Storage (NAS) Devices Added Mar 25, 2022

Zyxel Multiple NAS Devices OS Command Injection Vulnerability

Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2020-7247 OpenBSD · OpenSMTPD Added Mar 25, 2022

OpenSMTPD Remote Code Execution Vulnerability

smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2020-5410 VMware Tanzu · Spring Cloud Configuration (Config) Server Added Mar 25, 2022

VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability

Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2020-25223 Sophos · SG UTM Added Mar 25, 2022

Sophos SG UTM Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2020-2506 QNAP Systems · Helpdesk Added Mar 25, 2022

QNAP Helpdesk Improper Access Control Vulnerability

QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2020-2021 Palo Alto Networks · PAN-OS Added Mar 25, 2022

Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2020-1956 Apache · Kylin Added Mar 25, 2022

Apache Kylin OS Command Injection Vulnerability

Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2020-1631 Juniper · Junos OS Added Mar 25, 2022

Juniper Junos OS Path Traversal Vulnerability

A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-6340 Drupal · Core Added Mar 25, 2022

Drupal Core Remote Code Execution Vulnerability

In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-2616 Oracle · BI Publisher (Formerly XML Publisher) Added Mar 25, 2022

Oracle BI Publisher Unauthorized Access Vulnerability

Oracle BI Publisher, formerly XML Publisher, contains an unspecified vulnerability that allows for various unauthorized actions. Open-source reporting attributes this vulnerability to allowing for authentication bypass.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-16920 D-Link · Multiple Routers Added Mar 25, 2022

D-Link Multiple Routers Command Injection Vulnerability

Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system compromise.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-15107 Webmin · Webmin Added Mar 25, 2022

Webmin Command Injection Vulnerability

An issue was discovered in Webmin. The parameter old in password_change.cgi contains a command injection vulnerability.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-12991 Citrix · SD-WAN and NetScaler Added Mar 25, 2022

Citrix SD-WAN and NetScaler Command Injection Vulnerability

Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-12989 Citrix · SD-WAN and NetScaler Added Mar 25, 2022

Citrix SD-WAN and NetScaler SQL Injection Vulnerability

Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-11043 PHP · FastCGI Process Manager (FPM) Added Mar 25, 2022

PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability

In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-10068 Kentico · Xperience Added Mar 25, 2022

Kentico Xperience Deserialization of Untrusted Data Vulnerability

Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-1003030 Jenkins · Matrix Project Plugin Added Mar 25, 2022

Jenkins Matrix Project Plugin Remote Code Execution Vulnerability

Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-0903 Microsoft · Graphics Device Interface (GDI) Added Mar 25, 2022

Microsoft GDI Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2018-8414 Microsoft · Windows Added Mar 25, 2022

Microsoft Windows Shell Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2018-8373 Microsoft · Internet Explorer Scripting Engine Added Mar 25, 2022

Microsoft Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed