[Video] How bad is the IT Job Market in 2023 + a few tips to improve your CV for cybersecurity jobs

Reddit thread: https://www.reddit.com/r/programare/comments/17u9vx8/numi_gasesc_job_de_4_luni_pareri_cv/ Resources to improve your CV: Practice in TryHackMe https://tryhackme.com/ Do Bug Bounty and GET IN THE HALL OF FAME of multiple companies. Money is also good but you need to get recognized to get hired. Automate parts of the process and publish your tools. https://hackerone.com/bug-bounty-programs https://www.bugcrowd.com/ https://www.intigriti.com/ https://yeswehack.com/ https://www.openbugbounty.org/ https://immunefi.com/ https://chaos.projectdiscovery.io https://github.com/arkadiyt/bounty-targets-data … Read more

Known Exploited Vulnerabilities Catalog

Ok so you know about vulnerabilities and want to patch them. But what to patch first?

CISA kind of has an answer: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

 

CVE Vendor/Project Product Vulnerability Name Date Added to Catalog Short Description Action Due Date Notes
CVE-2020-14864 Oracle Corporation Intelligence Enterprise Edition Oracle Corporation Business Intelligence Enterprise Edition Path Transversal Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file. Apply updates per vendor instructions.
CVE-2021-40870 Aviatrix Aviatrix Controller Aviatrix Controller Unrestricted Upload of File Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal. Apply updates per vendor instructions.
CVE-2020-11978 Apache Airflow Apache Airflow Command Injection A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow. Apply updates per vendor instructions.
CVE-2021-21975 VMware vRealize Operations Manager API VMware Server Side Request Forgery in vRealize Operations Manager API Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials. Apply updates per vendor instructions.
CVE-2021-25296 Nagios Nagios XI Nagios XI OS Command Injection Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server. Apply updates per vendor instructions.
CVE-2021-22991 F5 BIG-IP Traffic Management Microkernel F5 BIG-IP Traffic Management Microkernel Buffer Overflow The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls. Apply updates per vendor instructions.
CVE-2021-25298 Nagios Nagios XI Nagios XI OS Command Injection Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server. Apply updates per vendor instructions.
CVE-2020-13671 Drupal Drupal core Drupal core Un-restricted Upload of File Improper sanitization in the extension file names is present in Drupal core. Apply updates per vendor instructions.
CVE-2021-33766 Microsoft Exchange Servers Microsoft Exchange Server Information Disclosure Microsoft Exchange Servers contain an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target. Apply updates per vendor instructions.
CVE-2021-32648 October CMS October CMS October CMS Improper Authentication In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. Apply updates per vendor instructions.
CVE-2020-13927 Apache Airflow’s Experimental API Apache Airflow’s Experimental API Authentication Bypass The previous default setting for Airflow’s Experimental API was to allow all API requests without authentication. Apply updates per vendor instructions.
CVE-2021-21315 Npm package System Information Library for Node.JS System Information Library for Node.JS Command Injection In this vulnerability, an attacker can send a malicious payload that will exploit the name parameter. After successful exploitation, attackers can execute remote. Apply updates per vendor instructions.
CVE-2021-25297 Nagios Nagios XI Nagios XI OS Command Injection Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server. Apply updates per vendor instructions.
CVE-2021-27860 FatPipe WARP, IPVPN, and MPVPN software FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. Apply updates per vendor instructions.
CVE-2019-1579 Palo Alto Networks PAN-OS Palo Alto Networks PAN-OS Remote Code Execution Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled. Apply updates per vendor instructions.
CVE-2013-3900​ Windows WinVerifyTrust function Microsoft WinVerifyTrust function Remote Code Execution A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files. Apply updates per vendor instructions.
CVE-2015-7450 IBM WebSphere Application Server and Server Hypervisor Edition IBM WebSphere Application Server and Server Hypervisor Edition Code Injection. Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands Apply updates per vendor instructions.
CVE-2019-9670 Synacor Zimbra Collaboration Suite Synacor Zimbra Collaboration Suite Improper Restriction of XML External Entity Reference “Improper Restriction of XML External Entity Reference vulnerability affecting Synacor Zimbra Collaboration Suite.” Apply updates per vendor instructions.
CVE-2021-36260 Hikvision Security cameras web server Hikvision Improper Input Validation A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation. Apply updates per vendor instructions.
CVE-2019-7609 Elastic Kibana Kibana Arbitrary Code Execution Kibana contain an arbitrary code execution flaw in the Timelion visualizer. Apply updates per vendor instructions.
CVE-2018-13383 Fortinet FortiOS and FortiProxy Fortinet FortiOS and FortiProxy Out-of-bounds Write A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users. Apply updates per vendor instructions.
CVE-2019-1458 Windows Win32K Microsoft Win32K Elevation of Privilege An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k EoP’. Apply updates per vendor instructions.
CVE-2019-10149 Exim Mail Transfer Agent (MTA) Exim Mail Transfer Agent (MTA) Improper Input Validation Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. Apply updates per vendor instructions.
CVE-2019-2725 Oracle WebLogic Server Oracle WebLogic Server, Injection Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Apply updates per vendor instructions.
CVE-2021-22017 VMWare vCenter Server Vmware vCenter Server Improper Access Control Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. Apply updates per vendor instructions.
CVE-2017-1000486 Primetek Primefaces Application Primetek Primefaces Remote Code Execution Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution Apply updates per vendor instructions.
CVE-2018-13382 Fortinet FortiOS and FortiProxy Fortinet FortiOS and FortiProxy Improper Authorization An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password. Apply updates per vendor instructions.
CVE-2020-6572 Google Chrome Google Chrome Prior to 81.0.4044.92 Use-After-Free Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a Remote attacker to execute arbitrary code via a crafted HTML page. Apply updates per vendor instructions.
CVE-2021-4102 Google Chromium V8 Google Chromium V8 Engine Use-After-Free Vulnerability Google Chromium V8 Engine contains a use-after-free vulnerability which can allow a remote attacker to execute arbitrary code on the target system. Apply updates per vendor instructions.
CVE-2021-43890 Microsoft Windows AppX Installer Microsoft Windows AppX Installer Spoofing Vulnerability Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability. Apply updates per vendor instructions.
CVE-2020-17463​ Fuel CMS Fuel CMS SQL Injection Vulnerability FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. Apply updates per vendor instructions.
CVE-2019-0193​ Apache Solr Apache Solr DataImportHandler Code Injection Vulnerability The optional Apache Solr module DataImportHandler contains a code injection vulnerability. Apply updates per vendor instructions.
CVE-2019-10758 MongoDB mongo-express MongoDB mongo-express Remote Code Execution mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. Apply updates per vendor instructions.
CVE-2017-17562 Embedthis GoAhead Embedthis GoAhead Remote Code Execution Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. Apply updates per vendor instructions.
CVE-2019-13272 Linux Kernel Linux Kernel Improper Privilege Management Vulnerability Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability which allows local users to obtain root access. Apply updates per vendor instructions.
CVE-2010-1871 Red Hat JBoss Seam 2 Red Hat Linux JBoss Seam 2 Remote Code Execution JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured. Apply updates per vendor instructions.
CVE-2019-7238​ Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution. Apply updates per vendor instructions.
CVE-2020-8816​ Pi-hole AdminLTE Pi-Hole AdminLTE Remote Code Execution Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. Apply updates per vendor instructions.
CVE-2021-44168​ Fortinet FortiOS Fortinet FortiOS Arbitrary File Download Fortinet FortiOS “execute restore src-vis” downloads code without integrity checking, allowing an attacker to arbitrarily download files. Apply updates per vendor instructions.
CVE-2021-44515 Zoho Corporation Desktop Central Zoho Corp. Desktop Central Authentication Bypass Vulnerability Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server. Apply updates per vendor instructions.
CVE-2021-44228 Apache Log4j2 Apache Log4j2 Remote Code Execution Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution. Apply updates per vendor instructions.
CVE-2017-12149 Red Hat Jboss Application Server Red Hat Jboss Application Server Remote Code Execution The Jboss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data. Apply updates per vendor instructions.
CVE-2021-35394​ Realtek Jungle Software Development Kit (SDK) Realtek Jungle SDK Remote Code Execution RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution. Apply updates per vendor instructions.
CVE-2021-44077 Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus Zoho ManageEngine ServiceDesk Plus Remote Code Execution Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution Apply updates per vendor instructions.
CVE-2018-14847 MikroTik RouterOS MikroTik Router OS Directory Traversal Vulnerability MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface. Apply updates per vendor instructions.
CVE-2021-40438 Apache Apache Apache HTTP Server-Side Request Forgery (SSRF) A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. Apply updates per vendor instructions.
CVE-2020-11261 Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Qualcomm Multiple Chipsets Improper Input Validation Vulnerability Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Apply updates per vendor instructions.
CVE-2021-37415 Zoho ManageEngine ServiceDesk Plus (SDP) Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication Apply updates per vendor instructions.
CVE-2021-22204 Perl Exiftool Exiftool Remote Code Execution Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image. Apply updates per vendor instructions.
CVE-2021-42292 Microsoft Office Microsoft Excel Security Feature Bypass A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution. Apply updates per vendor instructions.
CVE-2021-40449 Microsoft Windows OS Microsoft Windows Win32k Elevation of Privilege Unspecified vulnerability allows for an authenticated user to escalate privileges. Apply updates per vendor instructions.
CVE-2021-42321 Microsoft Exchange Microsoft Exchange Server Remote Code Execution An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution. Apply updates per vendor instructions.
CVE-2021-42013 Apache HTTP Server Apache HTTP Server 2.4.49 and 2.4.50 Path Traversal Apache HTTP server vulnerabilities allow an attacker to use a path traversal attack to map URLs to files outside the expected document root and perform RCE. Apply updates per vendor instructions.
CVE-2019-3398​ Atlassian Confluence Atlassian Confluence Path Traversal Vulnerability Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has ‘Admin’ permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability. Apply updates per vendor instructions.
CVE-2020-8655​ EyesOfNetwork EyesOfNetwork EyesOfNetwork 5.3 Privilege Escalation Vulnerability Issue in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted NSE script for nmap 7. Apply updates per vendor instructions.
CVE-2021-23874​ McAfee McAfee Total Protection (MTP) McAfee Total Protection MTP Arbitrary Process Execution Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense. Apply updates per vendor instructions.
CVE-2021-26857​ Microsoft Microsoft Exchange Server Microsoft Unified Messaging Deserialization Vulnerability Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. Apply updates per vendor instructions. Reference CISA’s ED 21-02 (https://cyber.dhs.gov/ed/21-02/) for further guidance and requirements.
CVE-2020-14882 Oracle Oracle WebLogic Server Oracle WebLogic Server RCE Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Apply updates per vendor instructions.
CVE-2021-20016​ SonicWall SonicWall SSLVPN SMA100 SonicWall SSL VPN SMA100 SQL Injection Vulnerability Allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information in SMA100 build version 10.x. Apply updates per vendor instructions.
CVE-2019-0863​ Microsoft Windows Error Reporting (WER) Windows Error Reporting Vulnerability An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka ‘Windows Error Reporting Elevation of Privilege Vulnerability’. Apply updates per vendor instructions.
CVE-2020-3992 VMWare ESXi OpenSLP as used in VMware ESXi OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution. Apply updates per vendor instructions.
CVE-2021-28550​ Adobe Acrobat and Reader Adobe Acrobat and Reader Use-After-Free Vulnerability Acrobat Reader DC versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Apply updates per vendor instructions.
CVE-2021-30761​ Apple iOS Apple WebKit Browser Engine Memory Corruption Vulnerability Memory corruption issue. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Apply updates per vendor instructions.
CVE-2017-9822​ DNN DotNetNuke (DNN) DotNetNuke before 9.1.1 Remote Code Execution DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka “2017-08 (Critical) Possible remote code execution on DNN sites.” Apply updates per vendor instructions.
CVE-2019-1367 Microsoft Internet Explorer Scripting Engine Internet Explorer 9-11 Scripting Engine Memory Corruption Vulnerability A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. This CVE ID is unique from CVE-2019-1221. Apply updates per vendor instructions.
CVE-2021-26858 Microsoft Microsoft Exchange Server Microsoft OWA Exchange Control Panel (ECP) Exploit Chain Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-27078. Apply updates per vendor instructions. Reference CISA’s ED 21-02 (https://cyber.dhs.gov/ed/21-02/) for further guidance and requirements.
CVE-2020-2555​ Oracle Oracle Coherence Oracle Coherence Deserialization RCE Allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence Apply updates per vendor instructions.
CVE-2016-3643​ SolarWinds SolarWinds Virtualization Manager SolarWinds Virtualization Manager Privilege Escalation Vulnerability SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by “sudo cat /etc/passwd.” Apply updates per vendor instructions.
CVE-2021-21985​ VMWare vCenter Server VMWare vCenter Server Remote Code Execution The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. Apply updates per vendor instructions.
CVE-2018-11776 Apache Struts Apache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16 Remote Code Execution Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 contain a vulnerability which can allow for remote code execution. Apply updates per vendor instructions.
CVE-2021-27104​ Accellion FTA Accellion FTA OS Command Injection Vulnerability Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. Apply updates per vendor instructions.
CVE-2021-30666​ Apple iOS Apple iOS12.x Buffer Overflow Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Apply updates per vendor instructions.
CVE-2020-25506​ D-Link DNS-320 D-Link DNS-320 Command Injection RCE Vulnerability D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution. Apply updates per vendor instructions.
CVE-2019-4716​ IBM IBM Planning Analytics IBM Planning Analytics configuration overwrite vulnerability IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as “admin”, and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094. Apply updates per vendor instructions.
CVE-2015-1641​ Microsoft Microsoft Office Microsoft Office Memory Corruption vulnerability Allows remote attackers to execute arbitrary code via a crafted RTF document, aka “Microsoft Office Memory Corruption Vulnerability.” Apply updates per vendor instructions.
CVE-2019-15949​ Nagios Nagios XI Nagios XI Remote Code Execution The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios user. Apply updates per vendor instructions.
CVE-2020-6207​ SAP SAP Solution Manager (User Experience Monitoring) SAP Solution Manager Missing Authentication Check Complete Compromise of SMD Agents vulnerability SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager. Apply updates per vendor instructions.
CVE-2020-17496 vBulletin vBulletin vBulletin PHP Module RCE vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. Apply updates per vendor instructions.
CVE-2020-1054 Microsoft Windows Win32k Microsoft Windows Win32k Privilege Escalation Vulnerability An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. Apply updates per vendor instructions.
CVE-2021-35395​ Realtek Jungle Software Development Kit (SDK) Realtek SDK Arbitrary Code Execution Realtek Jungle SDK version v2.x up to v3.4.14B arbitrary code execution. Apply updates per vendor instructions.
CVE-2021-1782 Apple iOS Apple iOS Privilege Escalation and Code Execution Chain A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited. Apply updates per vendor instructions.
CVE-2020-8193 Citrix Application Delivery Controller (ADC), Gateway, and SDWAN WANOP Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP Unauthenticated Authorization Bypass Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints. Apply updates per vendor instructions.
CVE-2021-21206​ Google Chromium Blink Chromium Blink Use-After-Free Vulnerability Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Apply updates per vendor instructions.
CVE-2021-31207​ Microsoft Microsoft Exchange Server Microsoft Exchange Server Security Feature Bypass Vulnerability Microsoft Exchange Server Security Feature Bypass Vulnerability Apply updates per vendor instructions.
CVE-2020-6819​ Mozilla nsDocShell destructor Mozilla Firefox 74 and Firefox ESR 68.6 nsDocShell vulnerability A race condition can cause a use-after-free when running the nsDocShell destructor. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. Apply updates per vendor instructions.
CVE-2020-11651​ SaltStack Salt SaltStack Salt Authentication Bypass The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. Apply updates per vendor instructions.
CVE-2021-36741 Trend Micro Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security Trend Micro Systems Multiple Products Buffer Overflow – Arbitrary File Upload An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product’s management console in order to exploit this vulnerability. Apply updates per vendor instructions.
CVE-2021-40539​ Zoho ManageEngine ADSelfServicePlus Zoho Corp. ManageEngine ADSelfService Plus Version 6113 and Earlier Authentication Bypass Zoho ManageEngine ADSelfService Plus versions 6113 and earlier contain an authentication bypass vulnerability which allows for RCE. Apply updates per vendor instructions.
CVE-2021-37976 Google Chrome Google Chrome Information Leakage Information disclosure in Google Chrome that exists due to excessive data output in core. Apply updates per vendor instructions.
CVE-2021-30807​ Apple iOS and macOS Apple iOS and macOS IOMobileFrameBuffer Memory Corruption Vulnerability A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Apply updates per vendor instructions.
CVE-2020-3118​ Cisco IOS XR Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Apply updates per vendor instructions.
CVE-2020-16013 Google Chromium V8 Chromium V8 Engine Incorrect Implementation vulnerabililty Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Apply updates per vendor instructions.
CVE-2021-31201 Microsoft Microsoft Enhanced Cryptographic Provider Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerabilities Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2021-31199. Apply updates per vendor instructions.
CVE-2016-7255​ Microsoft Windows, Windows Server Microsoft Windows Vista, 7, 8.1, 10 and Windows Server 2008, 2012, and 2016 Win32k Privilege Escalation Vulnerability The kernel-mode drivers allow local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability” Apply updates per vendor instructions.
CVE-2021-1905​ Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Qualcomm Use-After-Free Vulnerability Possible use after free due to improper handling of memory mapping of multiple processes simultaneously Apply updates per vendor instructions.
CVE-2020-8467​ Trend Micro Trend Micro Apex One and OfficeScan XG Trend Micro Apex One (2019) and OfficeScan XG migration tool remote code execution vulnerability A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). Apply updates per vendor instructions.
CVE-2020-25213​ WordPress File Manager WordPress File Manager RCE The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. Apply updates per vendor instructions.
CVE-2020-9859 Apple iOS and iPadOS Apple 11-13.5 XNU Kernel Vulnerability A memory consumption issue was addressed with improved memory handling. An application may be able to execute arbitrary code with kernel privileges. Apply updates per vendor instructions.
CVE-2020-3452​ Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Cisco Adaptive Security Appliance and Cisco Fire Power Threat Defense directory traversal sensitive file read A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. Apply updates per vendor instructions.
CVE-2020-16010 Google Chrome for Android Google Chrome for Android Heap Overflow Vulnerability Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Apply updates per vendor instructions.
CVE-2020-0878​ Microsoft Microsoft Edge, Internet Explorer Microsoft Browser Memory Corruption Vulnerability A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. Apply updates per vendor instructions.
CVE-2021-33742​ Microsoft Windows MSHTML Platform Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability Windows MSHTML Platform Remote Code Execution Vulnerability. Apply updates per vendor instructions.
CVE-2021-22894​ Pulse Pulse Connect Secure Pulse Connect Secure Collaboration Suite Remote Code Execution A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room. Apply updates per vendor instructions. Reference CISA’s ED 21-03 (https://cyber.dhs.gov/ed/21-03/) for further guidance and requirements.
CVE-2020-10987​ Tenda Tenda AC15 AC1900 Tenda Router Code Execution The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter. Apply updates per vendor instructions.
CVE-2020-1464​ Microsoft Windows Windows Spoofing Vulnerability A spoofing vulnerability exists when Windows incorrectly validates file signatures. Apply updates per vendor instructions.
CVE-2021-38000 Google Chromium V8 Engine Google Chromium V8 Insufficient Input Validation Vulnerability Apply updates per vendor instructions.
CVE-2019-0211​ Apache HTTP Server Apache HTTP Server scoreboard vulnerability In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected. Apply updates per vendor instructions.
CVE-2019-11580​ Atlassian Crowd and Crowd Data Center Atlassian Crowd and Crowd Data Center RCE Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5, from version 3.1.0 before 3.1.6, from version 3.2.0 before 3.2.8, from version 3.3.0 before 3.3.5, and from version 3.4.0 before 3.4.4 are affected by this vulnerability. Apply updates per vendor instructions.
CVE-2021-22986​ F5 BIG-IP F5 iControl REST unauthenticated RCE The iControl REST interface has an unauthenticated remote command execution vulnerability. Apply updates per vendor instructions.
CVE-2021-22502​ Micro Focus Micro Focus Operation Bridge Reporter (OBR) Micro Focus Operation Bridge Report (OBR) Server RCE Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server. Apply updates per vendor instructions.
CVE-2021-36955​ Microsoft Windows Common Log File System Driver Microsoft Windows Common Log File System Driver Privilege Escalation Microsoft Windows Common Log File System Driver contains an unspecified vulnerability which allows for privilege escalation. Apply updates per vendor instructions.
CVE-2020-8644​ PlaySMS PlaySMS PlaySMS Remote Code Execution PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. Apply updates per vendor instructions.
CVE-2020-10181​ Sumavision Sumavision Enhanced Multimedia Router (EMR) Sumavision EMR 3.0 CSRF Vulnerability goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges (administrator) on a device, as demonstrated by a setString=new_user<*1*>administrator<*1*>123456 request. Apply updates per vendor instructions.
CVE-2021-33771​ Microsoft Windows Kernel Windows Kernel Elevation of Privilege Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31979, CVE-2021-34514. Apply updates per vendor instructions.
CVE-2020-0041 Android Android OS Android “AbstractEmu” Root Access Vulnerabilities In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel Apply updates per vendor instructions.
CVE-2017-11882 Microsoft Microsoft Office Microsoft Office memory corruption vulnerability Allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka “Microsoft Office Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11884. Apply updates per vendor instructions.
CVE-2018-15961​ Adobe ColdFusion Adobe ColdFusion RCE Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. Apply updates per vendor instructions.
CVE-2021-20090​ Arcadyan Buffalo WSR-2533DHPL2 and WSR-2533DHP3 firmware Arcadyan Buffalo Firmware Multiple Versions Path Traversal A path traversal vulnerability in Arcadyan firmware could allow unauthenticated remote attackers to bypass authentication. It impacts many routers. Apply updates per vendor instructions.
CVE-2018-7600​ Drupal Drupal Drupal module configuration vulnerability Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. Apply updates per vendor instructions.
CVE-2020-0968​ Microsoft Internet Explorer Scripting Engine Internet Explorer Scripting Engine Memory Corruption Vulnerability A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. This CVE ID is unique from CVE-2020-0970. Apply updates per vendor instructions.
CVE-2021-1675 Microsoft Windows Print Spooler Microsoft Print Spooler Remote Code Execution Windows Print Spooler Elevation of Privilege Vulnerability Apply updates per vendor instructions.
CVE-2020-14871​ Oracle Oracle Solaris Oracle Solaris Pluggable Authentication Module vulnerability Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. Apply updates per vendor instructions.
CVE-2021-20022 SonicWall SonicWall Email Security SonicWall Email Security Privilege Escalation Exploit Chain SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. Apply updates per vendor instructions.
CVE-2020-0601​ Microsoft Windows CryptoAPI Windows 10 API/ECC Vulnerability A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka ‘Windows CryptoAPI Spoofing Vulnerability’. Apply updates per vendor instructions. Reference CISA’s ED 20-02 (https://cyber.dhs.gov/ed/20-02/) for further guidance and requirements.
CVE-2017-9805 Apache Struts Apache Struts Multiple Versions Remote Code Execution The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 contains a vulnerability which can lead to RCE. Apply updates per vendor instructions.
CVE-2021-27101​ Accellion FTA Accellion FTA SQL Injection Vulnerability Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. Apply updates per vendor instructions.
CVE-2021-30657​ Apple macOS Apple macOS Policy Subsystem Gatekeeper Bypass  A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited.. Apply updates per vendor instructions.
CVE-2019-15752​ Docker Desktop Community Edition Docker Desktop Community Edition Privilege Escalation Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run ‘docker login’ to force the command. Apply updates per vendor instructions.
CVE-2016-3718​ ImageMagick ImageMagick ImageMagick SSRF Vulnerability The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. Apply updates per vendor instructions.
CVE-2017-0199​ Microsoft Windows, Windows Server, Microsoft Office Microsoft Office/WordPad Remote Code Execution Vulnerability with Windows API Allows remote attackers to execute arbitrary code via a crafted document, aka “Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API.” Apply updates per vendor instructions.
CVE-2019-19356​ Netis Netis WF2419 Netis WF2419 Router Tracert RCE vulnerability Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123 Apply updates per vendor instructions.
CVE-2019-16256​ SIMalliance SIMalliance Toolbox (S@T) Browser SIMalliance Toolbox (S@T) Browser Command and Control Vulnerability Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker. Apply updates per vendor instructions.
CVE-2021-22005​ VMWare vCenter Server VMWare vCenter Server File Upload VMWare vCenter Server file upload vulnerability in the vmware-analytics service that allows to execute code on vCenter Server. Apply updates per vendor instructions.
CVE-2019-7481 SonicWall SMA1000 SonicWall SMA100 9.0.0.3 and Earlier SQL Injection Vulnerability in SonicWall SMA100 versions 9.0.0.3 and earlier allow an unauthenticated user to gain read-only access to unauthorized resources. Apply updates per vendor instructions.
CVE-2021-34527 Microsoft Windows “PrintNightmare” – Microsoft Windows Print Spooler Remote Code Execution Vulnerability Windows Print Spooler Remote Code Execution Vulnerability Apply updates per vendor instructions. Reference CISA’s ED 21-04 (https://cyber.dhs.gov/ed/21-04) for further guidance and requirements.
CVE-2021-1871​ Apple iOS Apple iOS Privilege Escalation and Code Execution Chain A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Apply updates per vendor instructions.
CVE-2020-8196 Citrix Application Delivery Controller (ADC), Gateway, and SDWAN WANOP Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP Unauthenticated Authorization Bypass Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users. Apply updates per vendor instructions.
CVE-2020-4430​ IBM IBM Data Risk Manager IBM Data Risk Manager Arbritary File Download IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535. Apply updates per vendor instructions.
CVE-2018-8653​ Microsoft Internet Explorer Scripting Engine Microsoft Internet Explorer Scripting Engine JScript Memory Corruption Vulnerability A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka “Scripting Engine Memory Corruption Vulnerability.” This CVE ID is unique from CVE-2018-8643. Apply updates per vendor instructions.
CVE-2019-17026​ Mozilla IonMonkey JIT compiler Mozilla Firefox IonMonkey JIT compiler Type Confusion Vulnerability Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1 Apply updates per vendor instructions.
CVE-2010-5326​ SAP SAP NetWeaver Application Server Java platforms SAP NetWeaver AS JAVA RCE The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request. Apply updates per vendor instructions.
CVE-2020-5849​ Unraid Unraid Unraid 6.8.0 Authentication Bypass Unraid 6.8.0 allows authentication bypass. Apply updates per vendor instructions.
CVE-2019-8394​ Zoho ManageEngine ServiceDesk Plus (SDP) Zoho ManageEngine ServiceDesk Plus Arbitrary File Upload Vulnerability Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization. Apply updates per vendor instructions.
CVE-2021-30633​ Google Chrome Google Chrome Use-After-Free Google Chrome Use-After-Free vulnerability. Apply updates per vendor instructions.
CVE-2020-27932​ Apple iOS and macOS Apple iOS and macOS Kernel Type Confusion Vulnerability A malicious application may be able to execute arbitrary code with kernel privileges. Apply updates per vendor instructions.
CVE-2020-3569 Cisco IOS XR Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other processes that are running on the device. These vulnerabilities are due to the incorrect handling of IGMP packets. An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to immediately crash the IGMP process or cause memory exhaustion, resulting in other processes becoming unstable. These processes may include, but are not limited to, interior and exterior routing protocols. Apply updates per vendor instructions.
CVE-2021-30551​ Google Chromium V8 Chromium V8 Engine Type Confusion Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Apply updates per vendor instructions.
CVE-2021-34523​ Microsoft Microsoft Exchange Server Microsoft Exchange Server Elevation of Privilege Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2021-33768, CVE-2021-34470. Apply updates per vendor instructions.
CVE-2021-28310​ Microsoft Windows Win32k Microsoft Windows Win32k Privilege Escalation Vulnerability Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-27072. Apply updates per vendor instructions.
CVE-2019-3396​ Atlassian Atlassian Confluence Server Remote code execution via Widget Connector macro Vulnerability Allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection. Apply updates per vendor instructions.
CVE-2020-24557​ Trend Micro Trend Micro Apex One and Worry-Free Business Security Trend Micro Apex One and OfficeScan XG Improper Access Control Privilege Escalation A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation Apply updates per vendor instructions.
CVE-2019-9978​ WordPress Social-Warfare WordPress Social-Warfare plugin XSS The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro. Apply updates per vendor instructions.
CVE-2019-6223 Apple FaceTime Apple FaceTime Vulnerability A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. The initiator of a Group FaceTime call may be able to cause the recipient to answer. Apply updates per vendor instructions.
CVE-2021-1497 Cisco HyperFlex HX Cisco HyperFlex HX Command Injection Vulnerabilities Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. Apply updates per vendor instructions.
CVE-2021-21166​ Google Chrome Google Chrome Heap Buffer Overflow in WebAudio Vulnerability Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Apply updates per vendor instructions.
CVE-2021-33739​ Microsoft Microsoft Desktop Window Manager (DWM) Microsoft DWM Core Library Elevation of Privilege Vulnerability Microsoft Desktop Window Manager (DWM) Core Library Elevation of Privilege Vulnerability. Apply updates per vendor instructions.
CVE-2020-0938 Microsoft Windows, Windows Adobe Type Manager Library Microsoft Windows Type 1 Font Parsing Remote Code Execution Vulnerability A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format. This CVE ID is unique from CVE-2020-1020. Apply updates per vendor instructions.
CVE-2021-22899​ Pulse Pulse Connect Secure Pulse Connect Secure Remote Code Execution Allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature. Apply updates per vendor instructions. Reference CISA’s ED 21-03 (https://cyber.dhs.gov/ed/21-03/) for further guidance and requirements.
CVE-2018-20062 ThinkPHP NoneCms ThinkPHP Remote Code Execution Issue in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string. Apply updates per vendor instructions.
CVE-2019-0859​ Microsoft Windows Win32k Windows win32k Escalation Kernel Vulnerability An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803. Apply updates per vendor instructions.
CVE-2019-17558​ Apache Solr Apache Solr 5.0.0-8.3.1 Remote Code Execution Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user). Apply updates per vendor instructions.
CVE-2021-21193​ Google Chromium V8 Chromium V8 Engine Use-After-Free Vulnerability Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Apply updates per vendor instructions.
CVE-2020-12812​ Fortinet FortiOS Fortinet FortiOS SSL VPN 2FA Authentication Vulnerability An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username. Apply updates per vendor instructions.
CVE-2020-1147​ Microsoft Microsoft .NET Framework, Microsoft SharePoint, Visual Studio Microsoft .NET Framework, SharePoint Server, and Visual Studio RCE A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. Apply updates per vendor instructions.
CVE-2016-0167​ Microsoft Windows Kernel Microsoft Windows Kernel ‘Win32k.sys’ Local Privilege Escalation Vulnerability The kernel-mode driver allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0143 and CVE-2016-0165. Apply updates per vendor instructions.
CVE-2021-22893​ Pulse Pulse Connect Secure Pulse Connect Secure (PCS) Remote Code Execution Vulnerability to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. Apply updates per vendor instructions. Reference CISA’s ED 21-03 (https://cyber.dhs.gov/ed/21-03/) for further guidance and requirements.
CVE-2019-18988​ TeamViewer TeamViewer Desktop TeamViewer Desktop Bypass Remote Login Allows a bypass of remote-login access control because the same key is used for different customers’ installations. Apply updates per vendor instructions.
CVE-2020-0986​ Microsoft Windows Kernel Windows Kernel Elevation of Privilege vulnerability An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. Apply updates per vendor instructions.
CVE-2021-38645 Microsoft Microsoft Azure Open Management Infrastructure (OMI) Microsoft Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability Open Management Infrastructure Elevation of Privilege Vulnerability Apply updates per vendor instructions.
CVE-2020-5735​ Amcrest Cameras and Network Video Recorder (NVR) Amcrest Camera and NVR Buffer Overflow Vulnerability Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code. Apply updates per vendor instructions.
CVE-2021-28663​ Arm Mali Graphics Processing Unit (GPU) Arm Mali GPU Kernel Use-After-Free Vulnerability The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0. Apply updates per vendor instructions.
CVE-2020-8657​ EyesOfNetwork EyesOfNetwork EyesOfNetwork 5.3 Insufficient Credential Protection Issue in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token. Apply updates per vendor instructions.
CVE-2020-7961​ LifeRay Liferay Portal Liferay Portal prior to 7.2.1 CE GA2 RCE Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS). Apply updates per vendor instructions.
CVE-2019-0604​ Microsoft SharePoint Microsoft SharePoint Remote Code Execution Vulnerability A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0594. Apply updates per vendor instructions.
CVE-2020-14750 Oracle Oracle WebLogic Server Oracle WebLogic Server RCE Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Apply updates per vendor instructions.
​CVE-2016-3976 SAP SAP NetWeaver AS Java SAP NetWeaver AS Java 7.1 – 7.5 Directory Traversal Vulnerability Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971. Apply updates per vendor instructions.
CVE-2019-1214​ Microsoft Windows Common Log File System (CLFS) driver Windows CLFS vulnerability An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka ‘Windows Common Log File System Driver Elevation of Privilege Vulnerability’. Apply updates per vendor instructions.
CVE-2019-5544 VMWare ESXi, Horizon DaaS Appliances VMWare ESXi/Horizon DaaS Appliances Heap-Overwrite Vulnerability OpenSLP as used in ESXi and the Horizon DaaS appliances have a heap overwrite issue. A malicious actor with network access to port 427 on an ESXi host or on any Horizon DaaS management appliance may be able to overwrite the heap of the OpenSLP service resulting in remote code execution. Apply updates per vendor instructions.
CVE-2021-21017​ Adobe Acrobat and Reader Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Apply updates per vendor instructions.
CVE-2021-30663​ Apple Safari Apple Safari Webkit Browser Engine Integer Overflow Vulnerability Integer overflow. Processing maliciously crafted web content may lead to arbitrary code execution. Apply updates per vendor instructions.
CVE-2018-18325 DNN DotNetNuke DotNetNuke 9.2-9.2.2 Encryption Algorithm Vulnerability DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811. Apply updates per vendor instructions.
CVE-2020-0674 Microsoft Internet Explorer Scripting Engine Internet Explorer 9-11 Scripting Engine Memory Corruption Vulnerability A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767. Apply updates per vendor instructions.
CVE-2021-26855 Microsoft Microsoft Exchange Server Microsoft OWA Exchange Control Panel (ECP) Exploit Chain Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. Apply updates per vendor instructions. Reference CISA’s ED 21-02 (https://cyber.dhs.gov/ed/21-02/) for further guidance and requirements.
CVE-2020-10199​ Sonatype Sonatype Nexus Repository Nexus Repository Manager 3 Remote Code Execution Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2). Apply updates per vendor instructions.
CVE-2021-35211​ SolarWinds SolarWinds nServ-U SolarWinds Serv-U Remote Memory Escape Vulnerability Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. Apply updates per vendor instructions.
CVE-2021-21972​ VMWare vCenter Server VMWare vCenter Server RCE The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. Apply updates per vendor instructions.
CVE-2019-11539 Pulse Secure Connect Secure, Policy Secure Pulse Secure Connect and Policy Secure Multiple Versions Code Execution Pulse Secure’s Connect and Policy secure platforms contain a vulnerability in the admin web interface which allows an attacker to inject and execute commands. Apply updates per vendor instructions.
CVE-2017-8759 Microsoft Microsoft .NET Framework .NET Framework Remote Code Execution vulnerability Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application. Apply updates per vendor instructions.
CVE-2021-30661 Apple iOS Apple iOS Webkit Storage Use-After-Free RCE Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Apply updates per vendor instructions.
CVE-2020-29557​ D-Link DIR-825 R1 D-Link DIR-825 R1 Through 3.0.1 Before 11/2020 Buffer Overflow D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20 contain a vulnerability in the web interface allowing for remote code execution. Apply updates per vendor instructions.
CVE-2020-4428​ IBM IBM Data Risk Manager IBM Data Risk Manager Command Injection IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533. Apply updates per vendor instructions.
CVE-2018-0802​ Microsoft Microsoft Office Microsoft Office 2007 – 2016 Backdoor Exploitation Chain Allows a remote code execution vulnerability due to the way objects are handled in memory, aka “Microsoft Office Memory Corruption Vulnerability”. This CVE is unique from CVE-2018-0797 and CVE-2018-0812. Apply updates per vendor instructions.
CVE-2019-0541​ Microsoft MSHTML engine Microsoft MSHTML Engine Remote Code Execution Vulnerability A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input, aka “MSHTML Engine Remote Code Execution Vulnerability. Apply updates per vendor instructions.
CVE-2020-6287​ SAP SAP NetWeaver AS JAVA (LM Configuration Wizard) SAP Netweaver JAVA remote unauthenticated access vulnerability SAP NetWeaver AS JAVA (LM Configuration Wizard), versions – 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system. Apply updates per vendor instructions.
CVE-2019-16759 vBulletin vBulletin vBulletin PHP Module RCE vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. Apply updates per vendor instructions.
CVE-2020-16846​ SaltStack Salt SaltStack Through 3002 Shell Injection Vulnerability An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection. Apply updates per vendor instructions.
CVE-2021-37975​ Google Chrome Google Chrome Use-After-Free Google Chrome use-after-free error within the V8 browser engine. Apply updates per vendor instructions.
CVE-2020-9819 Apple iOS Mail Apple iOS Mail Heap Overflow Vulnerability Processing a maliciously crafted mail message may lead to heap corruption. Apply updates per vendor instructions.
CVE-2019-1653​ Cisco RV320 and RV325 Routers Cisco RV320 and RV325 Routers Improper Access Control Vulnerability (COVID-19-CTI list) A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Apply updates per vendor instructions.
CVE-2021-30554​ Google Chrome Google Chrome WebGL Use after Free Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Apply updates per vendor instructions.
CVE-2021-34473​ Microsoft Microsoft Exchange Server Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206. Apply updates per vendor instructions.
CVE-2020-15505​ Ivanti MobileIron Core & Connector MobileIron Core, Connector, Sentry, and RDM RCE A remote code execution vulnerability that allows remote attackers to execute arbitrary code via unspecified vectors. Apply updates per vendor instructions.
CVE-2020-11652​ SaltStack Salt SaltStack directory traversal failure to sanitize untrusted input The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users. Apply updates per vendor instructions.
CVE-2021-36742 Trend Micro Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security Trend Micro Systems Multiple Products Buffer Overflow – Arbitrary File Upload An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Apply updates per vendor instructions.
CVE-2021-27561​ Yealink Device Management Platform Yealink Device Management Server Pre-Authorization SSRF Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication Apply updates per vendor instructions.
CVE-2020-27930 Apple iOS and macOS Apple iOS and macOS FontParser RCE A memory corruption issue was addressed with improved input validation. Processing a maliciously crafted font may lead to arbitrary code execution. Apply updates per vendor instructions.
CVE-2018-0171​ Cisco IOS and IOS XE Cisco IOS and IOS XE Software Smart Install Remote Code Execution A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, Causing an indefinite loop on the affected device that triggers a watchdog crash. Cisco Bug IDs: CSCvg76186. Apply updates per vendor instructions.
CVE-2020-16009​ Google Chromium V8 Chromium V8 Implementation Vulnerability Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Apply updates per vendor instructions.
CVE-2021-31199 Microsoft Microsoft Enhanced Cryptographic Provider Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerabilities Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2021-31201. Apply updates per vendor instructions.
CVE-2021-36948​ Microsoft Windows Update Medic Service Microsoft Windows Update Medic Service Elevation of Privilege Windows Update Medic Service Elevation of Privilege Vulnerability Apply updates per vendor instructions.
CVE-2021-1906​ Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Qualcomm Improper Error Handling Vulnerability Improper handling of address deregistration on failure can lead to new GPU address allocation failure. Apply updates per vendor instructions.
CVE-2019-18187​ Trend Micro Trend Micro OfficeScan Trend Micro Antivirus 0day Traversal Vulnerability Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). Apply updates per vendor instructions.
CVE-2019-1215​ Microsoft Windows Winsock Windows Winsock (ws2ifsl.sys) vulnerability An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303. Apply updates per vendor instructions.
CVE-2017-5638​ Apache Struts Apache Struts Jakarta Multipart parser exception handling vulnerability The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. Apply updates per vendor instructions.
CVE-2018-0296 Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Cisco Adaptive Security Appliance Firepower Threat Defense DoS/Directory Traversal vulnerability A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029. Apply updates per vendor instructions.
CVE-2021-30563​ Google Chrome Google Chrome Browser V8 Arbitrary Code Execution Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Apply updates per vendor instructions.
CVE-2021-38647​ Microsoft Microsoft Azure Open Management Infrastructure (OMI) Microsoft Azure Open Management Infrastructure (OMI) Remote Code Execution Azure Open Management Infrastructure Remote Code Execution Vulnerability. Apply updates per vendor instructions.
CVE-2016-0185​ Microsoft Windows Media Center Microsoft Windows Media Center RCE vulnerability Media Center allows remote attackers to execute arbitrary code via a crafted Media Center link (aka .mcl) file, aka “Windows Media Center Remote Code Execution Vulnerability.” Apply updates per vendor instructions.
CVE-2021-22900​ Pulse Pulse Connect Secure Pulse Connect Secure Arbitrary File Upload Vulnerability A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. Apply updates per vendor instructions. Reference CISA’s ED 21-03 (https://cyber.dhs.gov/ed/21-03/) for further guidance and requirements.
CVE-2021-31755​ Tenda Tenda AC11 devices Tenda AC11 Up to 02.03.01.104_CN Stack Buffer Overflow Tenda AC11 devices with firmware through 02.03.01.104_CN contain a stack buffer overflow vulnerability in /goform/setmac which allows for arbitrary execution. Apply updates per vendor instructions.
CVE-2017-0143​ Microsoft SMBv1 server Windows SMBv1 Remote Code Execution Vulnerability The SMBv1 server allows remote attackers to execute arbitrary code via crafted packets, aka “Windows SMB Remote Code Execution Vulnerability.” This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148. Apply updates per vendor instructions.
CVE-2021-30762​ Apple iOS Apple WebKit Browser Engine Use After Free Vulnerability Use after free issue. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Apply updates per vendor instructions.
CVE-2021-41773 Apache HTTP Server Apache HTTP Server Path Traversal Vulnerability A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration “require all denied”, these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013. Apply updates per vendor instructions.
CVE-2021-26084​ Atlassian Confluence Server Atlassian Confluence Server < 6.13.23, 6.14.0 – 7.12.5 Arbitrary Code Execution Atlassian Confluence Server The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5 contains an OGNL injection vulnerability which allows an attacker to execute arbitrary code. Apply updates per vendor instructions.
CVE-2020-5902​ F5 BIG IP F5 BIG IP Traffic Management User Interface RCE In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. Apply updates per vendor instructions.
CVE-2021-22506​ Micro Focus Micro Focus Access Manager Micro Focus Access Manager Earlier Than 5.0 Information Leakage Micro Focus Access Manager versions prior to 5.0 contain a vulnerability which allows for information leakage. Apply updates per vendor instructions.
CVE-2016-3235​ Microsoft Microsoft Visio/Office Microsoft Visio/Office OLE DLL Side Loading vulnerability Allows local users to gain privileges via a crafted application, aka “Microsoft Office OLE DLL Side Loading Vulnerability.” Apply updates per vendor instructions.
CVE-2020-14883 Oracle Oracle WebLogic Server Oracle WebLogic Server RCE Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Apply updates per vendor instructions.
CVE-2020-12271​ Sophos Sophos XG Firewall devices Sophos XG Firewall SQL Injection Vulnerability A SQL injection issue that causes affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. Apply updates per vendor instructions.
CVE-2020-17087​ Microsoft Windows Kernel Windows Kernel Cryptography Driver Privilege Escalation Windows Kernel Local Elevation of Privilege Vulnerability Apply updates per vendor instructions.
CVE-2019-2215 Android Android OS Android “AbstractEmu” Root Access Vulnerabilities A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095 Apply updates per vendor instructions.
CVE-2018-0798 Microsoft Microsoft Office Microsoft Office 2007 – 2016 Backdoor Exploitation Chain Allows a remote code execution vulnerability due to the way objects are handled in memory, aka “Microsoft Office Memory Corruption Vulnerability”. Apply updates per vendor instructions.
CVE-2018-4939​ Adobe ColdFusion Adobe ColdFusion Deserialization of Untrusted Data vulnerability Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution. Apply updates per vendor instructions.
CVE-2021-30869​ Apple iOS, macOS, and iPadOS Apple XNU Kernel Type Confusion Apple XNU kernel contains a type confusion vulnerability which allows a malicious application to execute arbitrary code with kernel privileges. Apply updates per vendor instructions.
CVE-2020-8515​ DrayTek Vigor Router(s) DrayTek Vigor Router Vulnerability DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. Apply updates per vendor instructions.
CVE-2019-1429 Microsoft Internet Explorer Scripting Engine Internet Explorer 9-11 Scripting Engine Memory Corruption Vulnerability A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428. Apply updates per vendor instructions.
CVE-2021-27065​ Microsoft Microsoft Exchange Server Microsoft OWA Exchange Control Panel (ECP) Exploit Chain Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27078. Apply updates per vendor instructions. Reference CISA’s ED 21-02 (https://cyber.dhs.gov/ed/21-02/) for further guidance and requirements.
CVE-2012-3152​ Oracle Oracle Reports Developer Oracle Reports Developer Arbitrary File Read and Upload vulnerability Allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. Apply updates per vendor instructions.
CVE-2021-20021 SonicWall SonicWall Email Security SonicWall Email Security Privilege Escalation Exploit Chain A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. Apply updates per vendor instructions.
CVE-2020-4006​ VMWare VMWare Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector VMWare Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector Command Injection vulnerability VMWare Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. Apply updates per vendor instructions.
CVE-2021-22205 ExifTool ExifTool GitLab Community and Enterprise Editions From 11.9 Remote Code Execution Anyone with the ability to upload an image that goes through the GitLab Workhorse could achieve RCE via a specially crafted file. Apply updates per vendor instructions.
CVE-2021-27102​ Accellion FTA Accellion FTA OS Command Injection Vulnerability Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. Apply updates per vendor instructions.
CVE-2021-30713​ Apple macOS Apple macOS Input Validation Error A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.. Apply updates per vendor instructions.
CVE-2019-5591​ Fortinet FortiOS Fortinet FortiOS Default Configuration Vulnerability A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server. Apply updates per vendor instructions.
CVE-2016-3715​ ImageMagick ImageMagick ImageMagick Ephemeral Coder Arbitrary File Deletion Vulnerability The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. Apply updates per vendor instructions.
CVE-2021-27059​ Microsoft Microsoft Office Microsoft Office RCE Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24108, CVE-2021-27057. Apply updates per vendor instructions.
CVE-2020-26919​ Netgear NETGEAR JGS516PE devices Netgear ProSAFE Plus JGS516PE RCE vulnerability NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level. Apply updates per vendor instructions.
CVE-2020-1380​ Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1555, CVE-2020-1570. Apply updates per vendor instructions.
CVE-2020-3950​ VMWare VMWare Fusion, VMware Remote Console for Mac, and Horizon Client for Mac VMWare Privilege escalation vulnerability Privilege escalation vulnerability due to improper use of setuid binaries. Apply updates per vendor instructions.
CVE-2021-42258 BQE BillQuick Web Suite BQE BillQuick Web Suite Versions Prior to 22.0.9.1 (from 2018 through 2021) Remote Code Execution BQE BillQuick Web Suite 2018 through 2021 prior to 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. Apply updates per vendor instructions.
CVE-2019-0708​ Microsoft Remote Desktop Services “BlueKeep” Windows Remote Desktop RCE Vulnerability A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. Apply updates per vendor instructions.
CVE-2021-1870 Apple iOS Apple iOS Privilege Escalation and Code Execution Chain A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Apply updates per vendor instructions.
CVE-2020-8195 Citrix Application Delivery Controller (ADC), Gateway, and SDWAN WANOP Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP Unauthenticated Authorization Bypass Application Delivery Controller (ADC), Gateway, and SDWAN WANOP Apply updates per vendor instructions.
CVE-2020-1040 Microsoft Hyper-V RemoteFX vGPU Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043. Apply updates per vendor instructions.
CVE-2021-26411​ Microsoft Microsoft Edge, Internet Explorer Microsoft Internet Explorer and Edge Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Apply updates per vendor instructions.
CVE-2020-6820​ Mozilla ReadableStream Mozilla Firefox 74 and Firefox ESR 68.6 ReadableStream vulnerability A race condition can cause a use-after-free when handling a ReadableStream. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. Apply updates per vendor instructions.
CVE-2018-2380​ SAP SAP CRM SAP NetWeaver AS JAVA CRM RCE SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing “traverse to parent directory” are passed through to the file APIs. Apply updates per vendor instructions.
CVE-2019-20085​ TVT NVMS-1000 TVT NVMS-1000 Directory Traversal TVT NVMS-1000 devices allow GET /.. Directory Traversal Apply updates per vendor instructions.
CVE-2020-10189​ Zoho ManageEngine Desktop Central Zoho ManageEngine Desktop Central Remote Code Execution Vulnerability Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets. Apply updates per vendor instructions.
CVE-2021-30632 Google Chrome Google Chrome Out-of-bounds write Google Chrome out-of-bounds write that allows to execute arbitrary code on the target system. Apply updates per vendor instructions.
CVE-2020-27950​ Apple iOS and macOS Apple iOS and macOS Kernel Memory Initialization Vulnerability A malicious application may be able to disclose kernel memory. Apply updates per vendor instructions.
CVE-2020-3566 Cisco IOS XR Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols. Apply updates per vendor instructions.
CVE-2021-21148​ Google Chromium V8 Chromium V8 JavaScript Rendering Engine Heap Buffer Overflow Vulnerability Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Apply updates per vendor instructions.
CVE-2020-17144 Microsoft Microsoft Exchange Server Microsoft Exchange RCE Microsoft Exchange Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142. Apply updates per vendor instructions.
CVE-2021-1732​ Microsoft Windows Win32k Microsoft Windows Win32k Privilege Escalation Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1698. Apply updates per vendor instructions.
CVE-2020-10221​ rConfig rConfig rConfig RCE lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter. Apply updates per vendor instructions.
CVE-2020-8468​ Trend Micro Trend Micro Apex One, OfficeScan XG and Worry-Free Business Security Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agent content validation escape vulnerability Agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. Apply updates per vendor instructions.
CVE-2020-11738​ WordPress Snap Creek Duplicator WordPress Snap Creek Duplicator and Duplicator Pro plugins Directory Traversal The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init. Apply updates per vendor instructions.
CVE-2021-30858​ Apple iOS and iPadOS Apple Apple iOS and iPadOS Use-After-Free Apple iOS and iPadOS Arbitrary Code Execution Apply updates per vendor instructions.
CVE-2020-3580 Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Cisco ASA and FTD XSS Vulnerabilities Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. Apply updates per vendor instructions.
CVE-2020-15999 Google Chrome Google Chrome FreeType Memory Corruption Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Apply updates per vendor instructions.
CVE-2021-1647​ Microsoft Microsoft Defender Microsoft Defender RCE Microsoft Defender Remote Code Execution Vulnerability. Apply updates per vendor instructions.
CVE-2021-31956​ Microsoft Windows NTFS Microsoft Windows NTFS Elevation of Privilege Vulnerability Windows NTFS Elevation of Privilege Vulnerability Apply updates per vendor instructions.
CVE-2020-8260​ Pulse Pulse Connect Secure Pulse Connect Secure RCE A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction. Apply updates per vendor instructions. Reference CISA’s ED 21-03 (https://cyber.dhs.gov/ed/21-03/) for further guidance and requirements.
CVE-2018-14558​ Tenda Tenda AC7, AC9, and AC10 devices Tenda Router Command Injection Vulnerability Issue on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the “formsetUsbUnload” function executes a dosystemCmd function with untrusted input. Apply updates per vendor instructions.
CVE-2019-0803​ Microsoft Windows Win32k Windows win32k Escalation Kernel Vulnerability An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0685, CVE-2019-0859. Apply updates per vendor instructions.
CVE-2021-38003 Google Chromium V8 Engine Google Chromium V8 Incorrect Implementation Vulnerability Apply updates per vendor instructions.
CVE-2016-4437​ Apache Shiro Apache Shiro 1.2.4 Cookie RememberME Deserial RCE Apache Shiro before 1.2.5, when a cipher key has not been configured for the “remember me” feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter. Apply updates per vendor instructions.
CVE-2021-21224​ Google Chromium V8 Chromium V8 JavaScript Engine Remote Code Execution Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Apply updates per vendor instructions.
CVE-2021-35464​ ForgeRock Access Management server ForgeRock Access Management Remote Code Execution ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server. Apply updates per vendor instructions.
CVE-2020-0646​ Microsoft Microsoft .NET Framework Microsoft .NET Framework RCE A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ‘.NET Framework Remote Code Execution Injection Vulnerability’. Apply updates per vendor instructions.
CVE-2014-1812​ Microsoft Windows Group Policy Microsoft Windows Group Policy Privilege Escalation Allows remote authenticated users to obtain sensitive credential information and consequently gain privileges by leveraging access to the SYSVOL share, as exploited in the wild in May 2014, aka “Group Policy Preferences Password Elevation of Privilege Vulnerability.” Apply updates per vendor instructions.
CVE-2019-18935​ Progess ASP.NET AJAX Progress Telerik UI for ASP.NET deserialization bug Contains a .NET deserialization vulnerability in the RadAsyncUpload function that can result in remote code execution. Apply updates per vendor instructions.
CVE-2017-6327​ Symantec Symantec Messaging Gateway Symantec Messaging Gateway RCE The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution. Apply updates per vendor instructions.
CVE-2021-31979​ Microsoft Windows Kernel Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33771, CVE-2021-34514. Apply updates per vendor instructions.
CVE-2020-0069 Android Android OS Android “AbstractEmu” Root Access Vulnerabilities In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754 Apply updates per vendor instructions.
CVE-2018-4878​ Adobe Flash Player Adobe Flash Player Use after Free vulnerability A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018. Apply updates per vendor instructions.
CVE-2021-28664​ Arm Mali Graphics Processing Unit (GPU) Arm Mali GPU Kernel Boundary Error Vulnerability The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r8p0 through r30p0. Apply updates per vendor instructions.
CVE-2018-6789​ Exim Exim Exim Buffer Overflow Vulnerability Issue in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely. Apply updates per vendor instructions.
CVE-2021-30116 Kaseya Kaseya VSA Kaseya VSA Remote Code Execution Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. Apply updates per vendor instructions.
CVE-2021-34448​ Microsoft Scripting Engine Microsoft Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability Apply updates per vendor instructions.
CVE-2015-4852​ Oracle Oracle WebLogic Server Oracle WebLogic Server RCE Allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. Apply updates per vendor instructions.
CVE-2021-20023 SonicWall SonicWall Email Security SonicWall Email Security Privilege Escalation Exploit Chain SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host. Apply updates per vendor instructions.
CVE-2019-0808​ Microsoft Windows Win32k Windows 7 win32k.sys Driver Vulnerability An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0797. Apply updates per vendor instructions.
CVE-2019-13608 Citrix StoreFront Server Citrix StoreFront Server Multiple Versions XML External Entity (XXE) Citrix StoreFront Server contains a XXE processing vulnerability that could allow an unauthenticated attacker to retrieve potentially sensitive information. Apply updates per vendor instructions.
CVE-2021-27103​ Accellion FTA Accellion FTA SSRF Vulnerability Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. Apply updates per vendor instructions.
CVE-2021-30665​ Apple Safari Apple Safari Webkit Browser Engine Buffer Overflow Vulnerability Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Apply updates per vendor instructions.
CVE-2018-15811 DNN DotNetNuke DotNetNuke 9.2-9.2.2 Encryption Algorithm Vulnerability DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters. Apply updates per vendor instructions.
CVE-2021-27085​ Microsoft Internet Explorer Internet Explorer 11 RCE Internet Explorer Remote Code Execution Vulnerability Apply updates per vendor instructions.
CVE-2017-11774​ Microsoft Microsoft Outlook Microsoft Outlook Security Feature Bypass Vulnerability Allows an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka “Microsoft Outlook Security Feature Bypass Vulnerability.” Apply updates per vendor instructions.
CVE-2020-1472​ Microsoft Netlogon Remote Protocol (MS-NRPC) NetLogon Elevation of Privilege Vulnerability An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka ‘Netlogon Elevation of Privilege Vulnerability’. Apply updates per vendor instructions. Reference CISA’s ED 20-04 (https://cyber.dhs.gov/ed/20-04/) for further guidance and requirements.
CVE-2020-10148​ SolarWinds SolarWinds Orion Platform SolarWinds Orion API Authentication Bypass Vulnerability The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected. Apply updates per vendor instructions.
CVE-2020-3952​ VMWare vCenter Server VMWare vCenter Server Info Disclosure Vulnerability Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls. Apply updates per vendor instructions.
CVE-2019-11634 Citrix Workspace (for Windows) Citrix Workspace (for Windows) Prior to 1904 Improper Access Control Citrix Workspace app and Receiver for Windows prior to version 1904 contains an incorrect access control vulnerability which allows for code execution. Apply updates per vendor instructions.
CVE-2020-1350​ Microsoft Windows Domain Name System Server “SigRed” – Windows DNS Server Remote Code Execution Vulnerability A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. Apply updates per vendor instructions. Reference CISA’s ED 20-03 (https://cyber.dhs.gov/ed/20-03/) for further guidance and requirements.
CVE-2021-1879​ Apple iOS Apple iOS Webkit Browser Engine XSS This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited. Apply updates per vendor instructions.
CVE-2019-19781​ Citrix Application Delivery Controller (ADC) and Gateway Citrix Application Delivery Controller and Citrix Gateway Vulnerability Issue in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0 allowing Directory Traversal. Apply updates per vendor instructions.
CVE-2020-4427​ IBM IBM Data Risk Manager IBM Data Risk Manager Authentication Bypass IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532. Apply updates per vendor instructions.
CVE-2021-36942​ Microsoft Windows Local Security Authority (LSA) Microsoft LSA Spoofing Windows Local Security Authority (LSA) Spoofing Vulnerability “PetitPotam” Apply updates per vendor instructions.
CVE-2012-0158​ Microsoft MSCOMCTL.OCX Microsoft MSCOMCTL.OCX RCE Vulnerability Allows remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers “system state” corruption, as exploited in the wild in April 2012, aka “MSCOMCTL.OCX RCE Vulnerability. Apply updates per vendor instructions.
CVE-2016-9563​ SAP SAP NetWeaver AS JAVA SAP NetWeaver AS JAVA XXE Vulnerability BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909. Apply updates per vendor instructions.
CVE-2020-5847​ Unraid Unraid Unraid 6.8.0 Remote Code Execution Unraid through 6.8.0 allows Remote Code Execution. Apply updates per vendor instructions.
CVE-2020-29583​ ZyXEL Unified Security Gateway (USG) ZyXEL Unified Security Gateway Undocumented Administrator Account with Default Credentials Firmware version 4.60 of ZyXEL USG devices contains an undocumented account (zyfwp) with an unchangeable password. Apply updates per vendor instructions.
CVE-2021-37973​ Google Chrome Google Chrome Use-After-Free Use-after-free weakness in Portals, Google’s new web page navigation system for Chrome. Successful exploitation can let attackers to execute code. Apply updates per vendor instructions.
CVE-2020-9818 Apple iOS Mail Apple iOS Mail OOB Vulnerability Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination. Apply updates per vendor instructions.
CVE-2020-3161​ Cisco IP Phones Cisco IP Phones Web Server DoS and RCE A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition. Apply updates per vendor instructions.
CVE-2020-6418​ Google Chromium V8 Chromium V8 Engine Type Confusion Vulnerability Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Apply updates per vendor instructions.
CVE-2020-0688​ Microsoft Microsoft Exchange Server Microsoft Exchange Server Key Validation Vulnerability A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka ‘Microsoft Exchange Memory Corruption Vulnerability’. Apply updates per vendor instructions.
CVE-2021-40444​ Microsoft Microsoft MSHTML Microsoft Windows, Server (spec. IE) All Arbitrary Code Execution Microsoft MSHTML Remote Code Execution Vulnerability Apply updates per vendor instructions.
CVE-2017-16651​ Roundcube Roundcube Webmail Roundcube Webmail File Disclosure Vulnerability Allows unauthorized access to arbitrary files on the host’s filesystem, including configuration files. The issue is related to file-based attachment plugins and _task=settings&_action=upload-display&_from=timezone requests. Apply updates per vendor instructions.
CVE-2020-8599​ Trend Micro Trend Micro Apex One and OfficeScan XG server Trend Micro Apex One and OfficeScan XG Vulnerability Server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Apply updates per vendor instructions.
CVE-2021-27562​ Arm Arm Trusted Firmware Arm Trusted Firmware M through 1.2 Denial of Service In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode. This vulnerability has known active exploitation against Yealink Device Management servers. It is assessed this product utilizes the affected Arm firmware. Apply updates per vendor instructions.
CVE-2021-30860​ Apple iOS Apple iOS “FORCEDENTRY” Remote Code Execution An integer overflow was addressed with improved input validation vulnerability affecting iOS devices that allows for remote code execution. Apply updates per vendor instructions.
CVE-2021-1498 Cisco HyperFlex HX Cisco HyperFlex HX Command Injection Vulnerabilities Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. Apply updates per vendor instructions.
CVE-2020-16017 Google Chrome Google Chrome Site Isolation Component Use-After-Free RCE vulnerability Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Apply updates per vendor instructions.
CVE-2020-0683​ Microsoft Windows Installer Microsoft Elevation of Privilege Installer Vulnerability An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka ‘Windows Installer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0686. Apply updates per vendor instructions.
CVE-2020-1020 Microsoft Windows, Windows Adobe Type Manager Library Microsoft Windows Type 1 Font Parsing Remote Code Execution Vulnerability A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format. This CVE ID is unique from CVE-2020-0938. Apply updates per vendor instructions.
CVE-2019-11510​ Pulse Pulse Secure Pulse Connect Secure (PCS) Pulse Secure VPN arbitrary file reading vulnerability (COVID-19-CTI list) An unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability. Apply updates per vendor instructions. Reference CISA’s ED 21-03 (https://cyber.dhs.gov/ed/21-03/) for further guidance and requirements.
CVE-2019-9082 ThinkPHP ThinkPHP ThinkPHP Remote Code Execution ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command. Apply updates per vendor instructions.
CVE-2019-0797​ Microsoft Windows Win32k Windows win32k.sys Driver Vulnerability An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0808. Apply updates per vendor instructions.
CVE-2020-17530 Apache Struts Apache Struts Forced OGNL Double Evaluation RCE Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 – Struts 2.5.25. Apply updates per vendor instructions.
CVE-2021-21220​ Google Chromium V8 Chromium V8 Engine Input Validation Vulnerability Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Apply updates per vendor instructions.
CVE-2018-13379​ Fortinet FortiOS Fortinet FortiOS SSL VPN credential exposure vulnerability An Improper Limitation of a Pathname to a Restricted Directory (“Path Traversal”) in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests. Apply updates per vendor instructions.
CVE-2021-38648 Microsoft Microsoft Azure Open Management Infrastructure (OMI) Microsoft Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability Open Management Infrastructure Elevation of Privilege Vulnerability Apply updates per vendor instructions.
CVE-2021-31955​ Microsoft Windows Kernel Microsoft Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability. Apply updates per vendor instructions.
CVE-2020-8243​ Pulse Pulse Connect Secure Pulse Connect Secure Arbitrary Code Execution A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution. Apply updates per vendor instructions. Reference CISA’s ED 21-03 (https://cyber.dhs.gov/ed/21-03/) for further guidance and requirements.
CVE-2017-9248​ Telerik ASP.NET AJAX and Sitefinity Telerik UI for ASP.NET AJAX and Progress Sitefinity Cryptographic Weakness Vuln Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey. Apply updates per vendor instructions.
CVE-2017-7269​ Microsoft Internet Information Services (IIS) Windows Server 2003 R2 IIS WEBDAV buffer overflow RCE vulnerability (COVID-19-CTI list) Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with “If: <http://” in a PROPFIND request. Apply updates per vendor instructions.
CVE-2021-38649 Microsoft Microsoft Azure Open Management Infrastructure (OMI) Microsoft Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability Open Management Infrastructure Elevation of Privilege Vulnerability Apply updates per vendor instructions.

Read more

Federal Government Cybersecurity Incident & Vulnerability Response Playbooks.

CISA published the Cybersecurity Incident and Vulnerability Response Playbooks that provide federal civilian agencies with operational procedures for planning and conducting cybersecurity incident and vulnerability response activities. The Incident Response Playbook applies to incidents that involve confirmed malicious cyber activity and for which a major incident has been declared or not yet been reasonably ruled … Read more

Top 10 web hacking techniques of 2020

PortSwigger (the company behind BurpSuite) launched it’s yearly community vote for the Top 10 Web Hacking Techniques of 2020. Visit https://portswigger.net/polls/top-10-web-hacking-techniques-2020 and vote for your favorites. Exploiting POST-based XSSI XSS fun with animated SVG Attacking MS Exchange Web Interfaces Code injection in Workflows leading to SharePoint RCE Researching Polymorphic Images for XSS on Google Scholar … Read more

“Pay What You Can” Cyber Training.

Wild West Hackin’ Fest offers 3 great “hands-on” courses where you can Pay What You Can. The students will have the opportunity to do hands-on work, in virtual labs provided by the organizers. SOC Core Skills w/ John Strand (Feb 2 – Feb 5 2021, 4 hours/day) This 16-hour (4-days, 4-hour sessions) information security training … Read more