Active threat advisories and known exploited vulnerabilities.

Critical CVE-2014-6287 Rejetto · HTTP File Server (HFS) Added Mar 25, 2022

Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (HFS or HttpFileServer) allows remote attackers to execute arbitrary programs.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2014-3120 Elastic · Elasticsearch Added Mar 25, 2022

Elasticsearch Remote Code Execution Vulnerability

Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2014-0130 Rails · Ruby on Rails Added Mar 25, 2022

Ruby on Rails Directory Traversal Vulnerability

Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted request.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2013-5223 D-Link · DSL-2760U Added Mar 25, 2022

D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2013-4810 Hewlett Packard (HP) · ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management Added Mar 25, 2022

HP Multiple Products Remote Code Execution Vulnerability

HP ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2013-2251 Apache · Struts Added Mar 25, 2022

Apache Struts Improper Input Validation Vulnerability

Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2012-1823 PHP · PHP Added Mar 25, 2022

PHP-CGI Query String Parameter Vulnerability

sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2010-4345 Exim · Exim Added Mar 25, 2022

Exim Privilege Escalation Vulnerability

Exim allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2010-4344 Exim · Exim Added Mar 25, 2022

Exim Heap-Based Buffer Overflow Vulnerability

Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2010-3035 Cisco · IOS XR Added Mar 25, 2022

Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability

Cisco IOS XR, when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2010-2861 Adobe · ColdFusion Added Mar 25, 2022

Adobe ColdFusion Directory Traversal Vulnerability

A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2009-2055 Cisco · IOS XR Added Mar 25, 2022

Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability

Cisco IOS XR,when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2009-1151 phpMyAdmin · phpMyAdmin Added Mar 25, 2022

phpMyAdmin Remote Code Execution Vulnerability

Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2009-0927 Adobe · Reader and Acrobat Added Mar 25, 2022

Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability

Stack-based buffer overflow in Adobe Reader and Adobe Acrobat allows remote attackers to execute arbitrary code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2005-2773 Hewlett Packard (HP) · OpenView Network Node Manager Added Mar 25, 2022

HP OpenView Network Node Manager Remote Code Execution Vulnerability

HP OpenView Network Node Manager could allow a remote attacker to execute arbitrary commands on the system.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2020-5135 SonicWall · SonicOS Added Mar 15, 2022

SonicWall SonicOS Buffer Overflow Vulnerability

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-1405 Microsoft · Windows Added Mar 15, 2022

Microsoft Windows Universal Plug and Play (UPnP) Service Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-1322 Microsoft · Windows Added Mar 15, 2022

Microsoft Windows Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-1315 Microsoft · Windows Added Mar 15, 2022

Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-1253 Microsoft · Windows Added Mar 15, 2022

Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-1132 Microsoft · Win32k Added Mar 15, 2022

Microsoft Win32k Privilege Escalation Vulnerability

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-1129 Microsoft · Windows Added Mar 15, 2022

Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-1069 Microsoft · Task Scheduler Added Mar 15, 2022

Microsoft Task Scheduler Privilege Escalation Vulnerability

A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-1064 Microsoft · Windows Added Mar 15, 2022

Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-0841 Microsoft · Windows Added Mar 15, 2022

Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed