Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 22-01 to remediate vulnerabilities that are actively being exploited by known adversaries. To support this, CISA has published a catalog of known exploited vulnerabilities. CISA also said, the catalog will receive regular updates as new vulnerabilities will found. We recommend to sign up this service to receive notifications when new vulnerabilities are added.
Table of Contents
What Is There Is The Known Exploited Vulnerabilities Catalog?
The catalog has a list of 291 vulnerabilities at the time of publishing this post. Vulnerabilities from Microsoft, Apple, Google, Cisco, Apache, VMWare, Pulse, Oracle, SAP, and Trend Micro topes the list. The list may keeps change as new vulnerabilities were added to the catalog. Out of the 291 vulnerabilities, 176 vulnerabilities from 2017 to 2020, and there are more than 100 vulnerabilities just from 2021 alone. We recommend to download the csv version of the catalog, prioritise the vulnerabilities as per to your business strategy and try addressing the vulnerabilities.
Click here to access the Catalog of Known Exploited Vulnerabilities
Subscribe to the Known Exploited Vulnerabilities Catalog Update Bulletin
| CVE | Vendor/Project | Product | Vulnerability Name |
| CVE-2021-27104 | Accellion | FTA | Accellion FTA OS Command Injection Vulnerability |
| CVE-2021-27102 | Accellion | FTA | Accellion FTA OS Command Injection Vulnerability |
| CVE-2021-27101 | Accellion | FTA | Accellion FTA SQL Injection Vulnerability |
| CVE-2021-27103 | Accellion | FTA | Accellion FTA SSRF Vulnerability |
| CVE-2021-21017 | Adobe | Acrobat and Reader | Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability |
| CVE-2021-28550 | Adobe | Acrobat and Reader | Adobe Acrobat and Reader Use-After-Free Vulnerability |
| CVE-2018-4939 | Adobe | ColdFusion | Adobe ColdFusion Deserialization of Untrusted Data vulnerability |
| CVE-2018-15961 | Adobe | ColdFusion | Adobe ColdFusion RCE |
| CVE-2018-4878 | Adobe | Flash Player | Adobe Flash Player Use after Free vulnerability |
| CVE-2020-5735 | Amcrest | Cameras and Network Video Recorder (NVR) | Amcrest Camera and NVR Buffer Overflow Vulnerability |
| CVE-2019-2215 | Android | Android OS | Android “AbstractEmu” Root Access Vulnerabilities |
| CVE-2020-0041 | Android | Android OS | Android “AbstractEmu” Root Access Vulnerabilities |
| CVE-2020-0069 | Android | Android OS | Android “AbstractEmu” Root Access Vulnerabilities |
| CVE-2017-9805 | Apache | Struts | Apache Struts Multiple Versions Remote Code Execution |
| CVE-2021-42013 | Apache | HTTP Server | Apache HTTP Server 2.4.49 and 2.4.50 Path Traversal |
| CVE-2021-41773 | Apache | HTTP Server | Apache HTTP Server Path Traversal Vulnerability |
| CVE-2019-0211 | Apache | HTTP Server | Apache HTTP Server scoreboard vulnerability |
| CVE-2016-4437 | Apache | Shiro | Apache Shiro 1.2.4 Cookie RememberME Deserial RCE |
| CVE-2019-17558 | Apache | Solr | Apache Solr 5.0.0-8.3.1 Remote Code Execution |
| CVE-2020-17530 | Apache | Struts | Apache Struts Forced OGNL Double Evaluation RCE |
| CVE-2017-5638 | Apache | Struts | Apache Struts Jakarta Multipart parser exception handling vulnerability |
| CVE-2018-11776 | Apache | Struts | Apache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16 Remote Code Execution |
| CVE-2021-30858 | Apple | iOS and iPadOS | Apple Apple iOS and iPadOS Use-After-Free |
| CVE-2019-6223 | Apple | FaceTime | Apple FaceTime Vulnerability |
| CVE-2021-30860 | Apple | iOS | Apple iOS “FORCEDENTRY” Remote Code Execution |
| CVE-2020-27930 | Apple | iOS and macOS | Apple iOS and macOS FontParser RCE |
| CVE-2021-30807 | Apple | iOS and macOS | Apple iOS and macOS IOMobileFrameBuffer Memory Corruption Vulnerability |
| CVE-2020-27950 | Apple | iOS and macOS | Apple iOS and macOS Kernel Memory Initialization Vulnerability |
| CVE-2020-27932 | Apple | iOS and macOS | Apple iOS and macOS Kernel Type Confusion Vulnerability |
| CVE-2021-30860 | Apple | iOS | Apple iOS iMessage Zero-click vulnerability |
| CVE-2020-9818 | Apple | iOS Mail | Apple iOS Mail OOB Vulnerability |
| CVE-2020-9819 | Apple | iOS Mail | Apple iOS Mail Heap Overflow Vulnerability |
| CVE-2021-30762 | Apple | iOS | Apple WebKit Browser Engine Use After Free Vulnerability |
| CVE-2021-1782 | Apple | iOS | Apple iOS Privilege Escalation and Code Execution Chain |
| CVE-2021-1870 | Apple | iOS | Apple iOS Privilege Escalation and Code Execution Chain |
| CVE-2021-1871 | Apple | iOS | Apple iOS Privilege Escalation and Code Execution Chain |
| CVE-2021-1879 | Apple | iOS | Apple iOS Webkit Browser Engine XSS |
| CVE-2021-30661 | Apple | iOS | Apple iOS Webkit Storage Use-After-Free RCE |
| CVE-2021-30666 | Apple | iOS | Apple iOS12.x Buffer Overflow |
| CVE-2021-30713 | Apple | macOS | Apple macOS Input Validation Error |
| CVE-2021-30657 | Apple | macOS | Apple macOS Policy Subsystem Gatekeeper Bypass |
| CVE-2021-30665 | Apple | Safari | Apple Safari Webkit Browser Engine Buffer Overflow Vulnerability |
| CVE-2021-30663 | Apple | Safari | Apple Safari Webkit Browser Engine Integer Overflow Vulnerability |
| CVE-2021-30761 | Apple | iOS | Apple WebKit Browser Engine Memory Corruption Vulnerability |
| CVE-2021-30869 | Apple | iOS, macOS, and iPadOS | Apple XNU Kernel Type Confusion |
| CVE-2020-9859 | Apple | iOS and iPadOS | Apple 11-13.5 XNU Kernel Vulnerability |
| CVE-2021-20090 | Arcadyan | Buffalo WSR-2533DHPL2 and WSR-2533DHP3 firmware | Arcadyan Buffalo Firmware Multiple Versions Path Traversal |
| CVE-2021-27562 | Arm | Arm Trusted Firmware | Arm Trusted Firmware M through 1.2 Denial of Service |
| CVE-2021-28664 | Arm | Mali Graphics Processing Unit (GPU) | Arm Mali GPU Kernel Boundary Error Vulnerability |
| CVE-2021-28663 | Arm | Mali Graphics Processing Unit (GPU) | Arm Mali GPU Kernel Use-After-Free Vulnerability |
| CVE-2019-3398 | Atlassian | Confluence | Atlassian Confluence Path Traversal Vulnerability |
| CVE-2021-26084 | Atlassian | Confluence Server | Atlassian Confluence Server < 6.13.23, 6.14.0 – 7.12.5 Arbitrary Code Execution |
| CVE-2019-11580 | Atlassian | Crowd and Crowd Data Center | Atlassian Crowd and Crowd Data Center RCE |
| CVE-2019-3396 | Atlassian | Atlassian Confluence Server | Remote code execution via Widget Connector macro Vulnerability |
| CVE-2021-42258 | BQE | BillQuick Web Suite | BQE BillQuick Web Suite Versions Prior to 22.0.9.1 (from 2018 through 2021) Remote Code Execution |
| CVE-2020-3452 | Cisco | Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) | Cisco Adaptive Security Appliance and Cisco Fire Power Threat Defense directory traversal sensitive file read |
| CVE-2020-3580 | Cisco | Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) | Cisco ASA and FTD XSS Vulnerabilities |
| CVE-2021-1497 | Cisco | HyperFlex HX | Cisco HyperFlex HX Command Injection Vulnerabilities |
| CVE-2021-1498 | Cisco | HyperFlex HX | Cisco HyperFlex HX Command Injection Vulnerabilities |
| CVE-2018-0171 | Cisco | IOS and IOS XE | Cisco IOS and IOS XE Software Smart Install Remote Code Execution |
| CVE-2020-3118 | Cisco | IOS XR | Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability |
| CVE-2020-3566 | Cisco | IOS XR | Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability |
| CVE-2020-3569 | Cisco | IOS XR | Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability |
| CVE-2020-3161 | Cisco | IP Phones | Cisco IP Phones Web Server DoS and RCE |
| CVE-2019-1653 | Cisco | RV320 and RV325 Routers | Cisco RV320 and RV325 Routers Improper Access Control Vulnerability (COVID-19-CTI list) |
| CVE-2018-0296 | Cisco | Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) | Cisco Adaptive Security Appliance Firepower Threat Defense DoS/Directory Traversal vulnerability |
| CVE-2019-13608 | Citrix | StoreFront Server | Citrix StoreFront Server Multiple Versions XML External Entity (XXE) |
| CVE-2020-8193 | Citrix | Application Delivery Controller (ADC), Gateway, and SDWAN WANOP | Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP Unauthenticated Authorization Bypass |
| CVE-2020-8195 | Citrix | Application Delivery Controller (ADC), Gateway, and SDWAN WANOP | Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP Unauthenticated Authorization Bypass |
| CVE-2020-8196 | Citrix | Application Delivery Controller (ADC), Gateway, and SDWAN WANOP | Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP Unauthenticated Authorization Bypass |
| CVE-2019-19781 | Citrix | Application Delivery Controller (ADC) and Gateway | Citrix Application Delivery Controller and Citrix Gateway Vulnerability |
| CVE-2019-11634 | Citrix | Workspace (for Windows) | Citrix Workspace (for Windows) Prior to 1904 Improper Access Control |
| CVE-2020-29557 | D-Link | DIR-825 R1 | D-Link DIR-825 R1 Through 3.0.1 Before 11/2020 Buffer Overflow |
| CVE-2020-25506 | D-Link | DNS-320 | D-Link DNS-320 Command Injection RCE Vulnerability |
| CVE-2018-15811 | DNN | DotNetNuke | DotNetNuke 9.2-9.2.2 Encryption Algorithm Vulnerability |
| CVE-2018-18325 | DNN | DotNetNuke | DotNetNuke 9.2-9.2.2 Encryption Algorithm Vulnerability |
| CVE-2017-9822 | DNN | DotNetNuke (DNN) | DotNetNuke before 9.1.1 Remote Code Execution |
| CVE-2019-15752 | Docker | Desktop Community Edition | Docker Desktop Community Edition Privilege Escalation |
| CVE-2020-8515 | DrayTek | Vigor Router(s) | DrayTek Vigor Router Vulnerability |
| CVE-2018-7600 | Drupal | Drupal | Drupal module configuration vulnerability |
| CVE-2021-22205 | ExifTool | ExifTool | GitLab Community and Enterprise Editions From 11.9 Remote Code Execution |
| CVE-2018-6789 | Exim | Exim | Exim Buffer Overflow Vulnerability |
| CVE-2020-8657 | EyesOfNetwork | EyesOfNetwork | EyesOfNetwork 5.3 Insufficient Credential Protection |
| CVE-2020-8655 | EyesOfNetwork | EyesOfNetwork | EyesOfNetwork 5.3 Privilege Escalation Vulnerability |
| CVE-2020-5902 | F5 | BIG IP | F5 BIG IP Traffic Management User Interface RCE |
| CVE-2021-22986 | F5 | BIG-IP | F5 iControl REST unauthenticated RCE |
| CVE-2021-35464 | ForgeRock | Access Management server | ForgeRock Access Management Remote Code Execution |
| CVE-2019-5591 | Fortinet | FortiOS | Fortinet FortiOS Default Configuration Vulnerability |
| CVE-2020-12812 | Fortinet | FortiOS | Fortinet FortiOS SSL VPN 2FA Authentication Vulnerability |
| CVE-2018-13379 | Fortinet | FortiOS | Fortinet FortiOS SSL VPN credential exposure vulnerability |
| CVE-2020-16010 | Chrome for Android | Google Chrome for Android Heap Overflow Vulnerability | |
| CVE-2020-15999 | Chrome | Google Chrome FreeType Memory Corruption | |
| CVE-2021-21166 | Chrome | Google Chrome Heap Buffer Overflow in WebAudio Vulnerability | |
| CVE-2020-16017 | Chrome | Google Chrome Site Isolation Component Use-After-Free RCE vulnerability | |
| CVE-2021-37976 | Chrome | Google Chrome Information Leakage | |
| CVE-2020-16009 | Chromium V8 | Chromium V8 Implementation Vulnerability | |
| CVE-2021-30632 | Chrome | Google Chrome Out-of-bounds write | |
| CVE-2020-16013 | Chromium V8 | Chromium V8 Engine Incorrect Implementation vulnerabililty | |
| CVE-2021-30633 | Chrome | Google Chrome Use-After-Free | |
| CVE-2021-21148 | Chromium V8 | Chromium V8 JavaScript Rendering Engine Heap Buffer Overflow Vulnerability | |
| CVE-2021-37973 | Chrome | Google Chrome Use-After-Free | |
| CVE-2021-30551 | Chromium V8 | Chromium V8 Engine Type Confusion | |
| CVE-2021-37975 | Chrome | Google Chrome Use-After-Free | |
| CVE-2020-6418 | Chromium V8 | Chromium V8 Engine Type Confusion Vulnerability | |
| CVE-2021-30554 | Chrome | Google Chrome WebGL Use after Free | |
| CVE-2021-21206 | Chromium Blink | Chromium Blink Use-After-Free Vulnerability | |
| CVE-2021-38000 | Chromium V8 Engine | Google Chromium V8 Insufficient Input Validation Vulnerability | |
| CVE-2021-38003 | Chromium V8 Engine | Google Chromium V8 Incorrect Implementation Vulnerability | |
| CVE-2021-21224 | Chromium V8 | Chromium V8 JavaScript Engine Remote Code Execution | |
| CVE-2021-21193 | Chromium V8 | Chromium V8 Engine Use-After-Free Vulnerability | |
| CVE-2021-21220 | Chromium V8 | Chromium V8 Engine Input Validation Vulnerability | |
| CVE-2021-30563 | Chrome | Google Chrome Browser V8 Arbitrary Code Execution | |
| CVE-2020-4430 | IBM | IBM Data Risk Manager | IBM Data Risk Manager Arbritary File Download |
| CVE-2020-4427 | IBM | IBM Data Risk Manager | IBM Data Risk Manager Authentication Bypass |
| CVE-2020-4428 | IBM | IBM Data Risk Manager | IBM Data Risk Manager Command Injection |
| CVE-2019-4716 | IBM | IBM Planning Analytics | IBM Planning Analytics configuration overwrite vulnerability |
| CVE-2016-3715 | ImageMagick | ImageMagick | ImageMagick Ephemeral Coder Arbitrary File Deletion Vulnerability |
| CVE-2016-3718 | ImageMagick | ImageMagick | ImageMagick SSRF Vulnerability |
| CVE-2020-15505 | Ivanti | MobileIron Core & Connector | MobileIron Core, Connector, Sentry, and RDM RCE |
| CVE-2021-30116 | Kaseya | Kaseya VSA | Kaseya VSA Remote Code Execution |
| CVE-2020-7961 | LifeRay | Liferay Portal | Liferay Portal prior to 7.2.1 CE GA2 RCE |
| CVE-2021-23874 | McAfee | McAfee Total Protection (MTP) | McAfee Total Protection MTP Arbitrary Process Execution |
| CVE-2021-22506 | Micro Focus | Micro Focus Access Manager | Micro Focus Access Manager Earlier Than 5.0 Information Leakage |
| CVE-2021-22502 | Micro Focus | Micro Focus Operation Bridge Reporter (OBR) | Micro Focus Operation Bridge Report (OBR) Server RCE |
| CVE-2014-1812 | Microsoft | Windows Group Policy | Microsoft Windows Group Policy Privilege Escalation |
| CVE-2021-38647 | Microsoft | Microsoft Azure Open Management Infrastructure (OMI) | Microsoft Azure Open Management Infrastructure (OMI) Remote Code Execution |
| CVE-2016-0167 | Microsoft | Windows Kernel | Microsoft Windows Kernel ‘Win32k.sys’ Local Privilege Escalation Vulnerability |
| CVE-2020-0878 | Microsoft | Microsoft Edge, Internet Explorer | Microsoft Browser Memory Corruption Vulnerability |
| CVE-2021-31955 | Microsoft | Windows Kernel | Microsoft Windows Kernel Information Disclosure Vulnerability |
| CVE-2021-1647 | Microsoft | Microsoft Defender | Microsoft Defender RCE |
| CVE-2021-33739 | Microsoft | Microsoft Desktop Window Manager (DWM) | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2016-0185 | Microsoft | Windows Media Center | Microsoft Windows Media Center RCE vulnerability |
| CVE-2020-0683 | Microsoft | Windows Installer | Microsoft Elevation of Privilege Installer Vulnerability |
| CVE-2020-17087 | Microsoft | Windows Kernel | Windows Kernel Cryptography Driver Privilege Escalation |
| CVE-2021-33742 | Microsoft | Windows MSHTML Platform | Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability |
| CVE-2021-31199 | Microsoft | Microsoft Enhanced Cryptographic Provider | Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerabilities |
| CVE-2021-33771 | Microsoft | Windows Kernel | Windows Kernel Elevation of Privilege |
| CVE-2021-31956 | Microsoft | Windows NTFS | Microsoft Windows NTFS Elevation of Privilege Vulnerability |
| CVE-2021-31201 | Microsoft | Microsoft Enhanced Cryptographic Provider | Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerabilities |
| CVE-2021-31979 | Microsoft | Windows Kernel | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2020-0938 | Microsoft | Windows, Windows Adobe Type Manager Library | Microsoft Windows Type 1 Font Parsing Remote Code Execution Vulnerability |
| CVE-2020-17144 | Microsoft | Microsoft Exchange Server | Microsoft Exchange RCE |
| CVE-2020-0986 | Microsoft | Windows Kernel | Windows Kernel Elevation of Privilege vulnerability |
| CVE-2020-1020 | Microsoft | Windows, Windows Adobe Type Manager Library | Microsoft Windows Type 1 Font Parsing Remote Code Execution Vulnerability |
| CVE-2021-38645 | Microsoft | Microsoft Azure Open Management Infrastructure (OMI) | Microsoft Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability |
| CVE-2021-34523 | Microsoft | Microsoft Exchange Server | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| CVE-2017-7269 | Microsoft | Internet Information Services (IIS) | Windows Server 2003 R2 IIS WEBDAV buffer overflow RCE vulnerability (COVID-19-CTI list) |
| CVE-2021-36948 | Microsoft | Windows Update Medic Service | Microsoft Windows Update Medic Service Elevation of Privilege |
| CVE-2021-38649 | Microsoft | Microsoft Azure Open Management Infrastructure (OMI) | Microsoft Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability |
| CVE-2020-0688 | Microsoft | Microsoft Exchange Server | Microsoft Exchange Server Key Validation Vulnerability |
| CVE-2017-0143 | Microsoft | SMBv1 server | Windows SMBv1 Remote Code Execution Vulnerability |
| CVE-2016-7255 | Microsoft | Windows, Windows Server | Microsoft Windows Vista, 7, 8.1, 10 and Windows Server 2008, 2012, and 2016 Win32k Privilege Escalation Vulnerability |
| CVE-2019-0708 | Microsoft | Remote Desktop Services | “BlueKeep” Windows Remote Desktop RCE Vulnerability |
| CVE-2021-34473 | Microsoft | Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2020-1464 | Microsoft | Windows | Windows Spoofing Vulnerability |
| CVE-2021-1732 | Microsoft | Windows Win32k | Microsoft Windows Win32k Privilege Escalation |
| CVE-2021-34527 | Microsoft | Windows | “PrintNightmare” – Microsoft Windows Print Spooler Remote Code Execution Vulnerability |
| CVE-2021-31207 | Microsoft | Microsoft Exchange Server | Microsoft Exchange Server Security Feature Bypass Vulnerability |
| CVE-2019-0803 | Microsoft | Windows Win32k | Windows win32k Escalation Kernel Vulnerability |
| CVE-2020-1040 | Microsoft | Hyper-V RemoteFX vGPU | Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability |
| CVE-2021-28310 | Microsoft | Windows Win32k | Microsoft Windows Win32k Privilege Escalation Vulnerability |
| CVE-2020-1350 | Microsoft | Windows Domain Name System Server | “SigRed” – Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2021-26411 | Microsoft | Microsoft Edge, Internet Explorer | Microsoft Internet Explorer and Edge Memory Corruption Vulnerability |
| CVE-2019-0859 | Microsoft | Windows Win32k | Windows win32k Escalation Kernel Vulnerability |
| CVE-2021-40444 | Microsoft | Microsoft MSHTML | Microsoft Windows, Server (spec. IE) All Arbitrary Code Execution |
| CVE-2017-8759 | Microsoft | Microsoft .NET Framework | .NET Framework Remote Code Execution vulnerability |
| CVE-2018-8653 | Microsoft | Internet Explorer Scripting Engine | Microsoft Internet Explorer Scripting Engine JScript Memory Corruption Vulnerability |
| CVE-2019-0797 | Microsoft | Windows Win32k | Windows win32k.sys Driver Vulnerability |
| CVE-2021-36942 | Microsoft | Windows Local Security Authority (LSA) | Microsoft LSA Spoofing |
| CVE-2019-1215 | Microsoft | Windows Winsock | Windows Winsock (ws2ifsl.sys) vulnerability |
| CVE-2017-11882 | Microsoft | Microsoft Office | Microsoft Office 2007 – 2016 Backdoor Exploitation Chain |
| CVE-2018-0798 | Microsoft | Microsoft Office | Microsoft Office 2007 – 2016 Backdoor Exploitation Chain |
| CVE-2018-0802 | Microsoft | Microsoft Office | Microsoft Office 2007 – 2016 Backdoor Exploitation Chain |
| CVE-2012-0158 | Microsoft | MSCOMCTL.OCX | Microsoft MSCOMCTL.OCX RCE Vulnerability |
| CVE-2015-1641 | Microsoft | Microsoft Office | Microsoft Office Memory Corruption vulnerability |
| CVE-2021-27085 | Microsoft | Internet Explorer | Internet Explorer 11 RCE |
| CVE-2019-0541 | Microsoft | MSHTML engine | Microsoft MSHTML Engine Remote Code Execution Vulnerability |
| CVE-2017-11882 | Microsoft | Microsoft Office | Microsoft Office memory corruption vulnerability |
| CVE-2020-0674 | Microsoft | Internet Explorer Scripting Engine | Internet Explorer 9-11 Scripting Engine Memory Corruption Vulnerability |
| CVE-2021-27059 | Microsoft | Microsoft Office | Microsoft Office RCE |
| CVE-2019-1367 | Microsoft | Internet Explorer Scripting Engine | Internet Explorer 9-11 Scripting Engine Memory Corruption Vulnerability |
| CVE-2017-0199 | Microsoft | Windows, Windows Server, Microsoft Office | Microsoft Office/WordPad Remote Code Execution Vulnerability with Windows API |
| CVE-2020-1380 | Microsoft | Internet Explorer | Scripting Engine Memory Corruption Vulnerability |
| CVE-2019-1429 | Microsoft | Internet Explorer Scripting Engine | Internet Explorer 9-11 Scripting Engine Memory Corruption Vulnerability |
| CVE-2017-11774 | Microsoft | Microsoft Outlook | Microsoft Outlook Security Feature Bypass Vulnerability |
| CVE-2020-0968 | Microsoft | Internet Explorer Scripting Engine | Internet Explorer Scripting Engine Memory Corruption Vulnerability |
| CVE-2020-1472 | Microsoft | Netlogon Remote Protocol (MS-NRPC) | NetLogon Elevation of Privilege Vulnerability |
| CVE-2021-26855 | Microsoft | Microsoft Exchange Server | Microsoft OWA Exchange Control Panel (ECP) Exploit Chain |
| CVE-2021-26858 | Microsoft | Microsoft Exchange Server | Microsoft OWA Exchange Control Panel (ECP) Exploit Chain |
| CVE-2021-27065 | Microsoft | Microsoft Exchange Server | Microsoft OWA Exchange Control Panel (ECP) Exploit Chain |
| CVE-2020-1054 | Microsoft | Windows Win32k | Microsoft Windows Win32k Privilege Escalation Vulnerability |
| CVE-2021-1675 | Microsoft | Windows Print Spooler | Microsoft Print Spooler Remote Code Execution |
| CVE-2021-34448 | Microsoft | Scripting Engine | Microsoft Scripting Engine Memory Corruption Vulnerability |
| CVE-2020-0601 | Microsoft | Windows CryptoAPI | Windows 10 API/ECC Vulnerability |
| CVE-2019-0604 | Microsoft | SharePoint | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2020-0646 | Microsoft | Microsoft .NET Framework | Microsoft .NET Framework RCE |
| CVE-2019-0808 | Microsoft | Windows Win32k | Windows 7 win32k.sys Driver Vulnerability |
| CVE-2021-26857 | Microsoft | Microsoft Exchange Server | Microsoft Unified Messaging Deserialization Vulnerability |
| CVE-2020-1147 | Microsoft | Microsoft .NET Framework, Microsoft SharePoint, Visual Studio | Microsoft .NET Framework, SharePoint Server, and Visual Studio RCE |
| CVE-2019-1214 | Microsoft | Windows Common Log File System (CLFS) driver | Windows CLFS vulnerability |
| CVE-2016-3235 | Microsoft | Microsoft Visio/Office | Microsoft Visio/Office OLE DLL Side Loading vulnerability |
| CVE-2021-38647 | Microsoft | Microsoft Azure Open Management Infrastructure (OMI) | Microsoft Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability |
| CVE-2019-0863 | Microsoft | Windows Error Reporting (WER) | Windows Error Reporting Vulnerability |
| CVE-2021-36955 | Microsoft | Windows Common Log File System Driver | Microsoft Windows Common Log File System Driver Privilege Escalation |
| CVE-2021-38648 | Microsoft | Microsoft Azure Open Management Infrastructure (OMI) | Microsoft Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability |
| CVE-2020-6819 | Mozilla | nsDocShell destructor | Mozilla Firefox 74 and Firefox ESR 68.6 nsDocShell vulnerability |
| CVE-2020-6820 | Mozilla | ReadableStream | Mozilla Firefox 74 and Firefox ESR 68.6 ReadableStream vulnerability |
| CVE-2019-17026 | Mozilla | IonMonkey JIT compiler | Mozilla Firefox IonMonkey JIT compiler Type Confusion Vulnerability |
| CVE-2019-15949 | Nagios | Nagios XI | Nagios XI Remote Code Execution |
| CVE-2020-26919 | Netgear | NETGEAR JGS516PE devices | Netgear ProSAFE Plus JGS516PE RCE vulnerability |
| CVE-2019-19356 | Netis | Netis WF2419 | Netis WF2419 Router Tracert RCE vulnerability |
| CVE-2020-2555 | Oracle | Oracle Coherence | Oracle Coherence Deserialization RCE |
| CVE-2012-3152 | Oracle | Oracle Reports Developer | Oracle Reports Developer Arbitrary File Read and Upload vulnerability |
| CVE-2020-14871 | Oracle | Oracle Solaris | Oracle Solaris Pluggable Authentication Module vulnerability |
| CVE-2015-4852 | Oracle | Oracle WebLogic Server | Oracle WebLogic Server RCE |
| CVE-2020-14750 | Oracle | Oracle WebLogic Server | Oracle WebLogic Server RCE |
| CVE-2020-14882 | Oracle | Oracle WebLogic Server | Oracle WebLogic Server RCE |
| CVE-2020-14883 | Oracle | Oracle WebLogic Server | Oracle WebLogic Server RCE |
| CVE-2020-8644 | PlaySMS | PlaySMS | PlaySMS Remote Code Execution |
| CVE-2019-18935 | Progess | ASP.NET AJAX | Progress Telerik UI for ASP.NET deserialization bug |
| CVE-2021-22893 | Pulse | Pulse Connect Secure | Pulse Connect Secure (PCS) Remote Code Execution |
| CVE-2020-8243 | Pulse | Pulse Connect Secure | Pulse Connect Secure Arbitrary Code Execution |
| CVE-2021-22900 | Pulse | Pulse Connect Secure | Pulse Connect Secure Arbitrary File Upload Vulnerability |
| CVE-2021-22894 | Pulse | Pulse Connect Secure | Pulse Connect Secure Collaboration Suite Remote Code Execution |
| CVE-2020-8260 | Pulse | Pulse Connect Secure | Pulse Connect Secure RCE |
| CVE-2021-22899 | Pulse | Pulse Connect Secure | Pulse Connect Secure Remote Code Execution |
| CVE-2019-11510 | Pulse | Pulse Secure Pulse Connect Secure (PCS) | Pulse Secure VPN arbitrary file reading vulnerability (COVID-19-CTI list) |
| CVE-2019-11539 | Pulse Secure | Connect Secure, Policy Secure | Pulse Secure Connect and Policy Secure Multiple Versions Code Execution |
| CVE-2021-1906 | Qualcomm | Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | Qualcomm Improper Error Handling Vulnerability |
| CVE-2021-1905 | Qualcomm | Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | Qualcomm Use-After-Free Vulnerability |
| CVE-2020-10221 | rConfig | rConfig | rConfig RCE |
| CVE-2021-35395 | Realtek | Jungle Software Development Kit (SDK) | Realtek SDK Arbitrary Code Execution |
| CVE-2017-16651 | Roundcube | Roundcube Webmail | Roundcube Webmail File Disclosure Vulnerability |
| CVE-2020-11652 | SaltStack | Salt | SaltStack directory traversal failure to sanitize untrusted input |
| CVE-2020-11651 | SaltStack | Salt | SaltStack Salt Authentication Bypass |
| CVE-2020-16846 | SaltStack | Salt | SaltStack Through 3002 Shell Injection Vulnerability |
| CVE-2018-2380 | SAP | SAP CRM | SAP NetWeaver AS JAVA CRM RCE |
| CVE-2016-3976 | SAP | SAP NetWeaver AS Java | SAP NetWeaver AS Java Directory Traversal Vulnerability |
| CVE-2010-5326 | SAP | SAP NetWeaver Application Server Java platforms | SAP NetWeaver AS JAVA RCE |
| CVE-2016-9563 | SAP | SAP NetWeaver AS JAVA | SAP NetWeaver AS JAVA XXE Vulnerability |
| CVE-2020-6287 | SAP | SAP NetWeaver AS JAVA (LM Configuration Wizard) | SAP Netweaver JAVA remote unauthenticated access vulnerability |
| CVE-2020-6207 | SAP | SAP Solution Manager (User Experience Monitoring) | SAP Solution Manager Missing Authentication Check Complete Compromise of SMD Agents vulnerability |
| CVE-2016-3976 | SAP | SAP NetWeaver AS Java | SAP NetWeaver AS Java 7.1 – 7.5 Directory Traversal Vulnerability |
| CVE-2019-16256 | SIMalliance | SIMalliance Toolbox ([email protected]) Browser | SIMalliance Toolbox ([email protected]) Browser Command and Control Vulnerability |
| CVE-2020-10148 | SolarWinds | SolarWinds Orion Platform | SolarWinds Orion API Authentication Bypass Vulnerability |
| CVE-2021-35211 | SolarWinds | SolarWinds nServ-U | SolarWinds Serv-U Remote Memory Escape Vulnerability |
| CVE-2016-3643 | SolarWinds | SolarWinds Virtualization Manager | SolarWinds Virtualization Manager Privilege Escalation Vulnerability |
| CVE-2020-10199 | Sonatype | Sonatype Nexus Repository | Nexus Repository Manager 3 Remote Code Execution |
| CVE-2021-20021 | SonicWall | SonicWall Email Security | SonicWall Email Security Privilege Escalation Exploit Chain |
| CVE-2017-7481 | SonicWall | SMA1000 | SonicWall SMA100 9.0.0.3 and Earlier SQL Injection |
| CVE-2021-20022 | SonicWall | SonicWall Email Security | SonicWall Email Security Privilege Escalation Exploit Chain |
| CVE-2021-20023 | SonicWall | SonicWall Email Security | SonicWall Email Security Privilege Escalation Exploit Chain |
| CVE-2021-20016 | SonicWall | SonicWall SSLVPN SMA100 | SonicWall SSL VPN SMA100 SQL Injection Vulnerability |
| CVE-2020-12271 | Sophos | Sophos XG Firewall devices | Sophos XG Firewall SQL Injection Vulnerability |
| CVE-2020-10181 | Sumavision | Sumavision Enhanced Multimedia Router (EMR) | Sumavision EMR 3.0 CSRF Vulnerability |
| CVE-2017-6327 | Symantec | Symantec Messaging Gateway | Symantec Messaging Gateway RCE |
| CVE-2019-18988 | TeamViewer | TeamViewer Desktop | TeamViewer Desktop Bypass Remote Login |
| CVE-2017-9248 | Telerik | ASP.NET AJAX and Sitefinity | Telerik UI for ASP.NET AJAX and Progress Sitefinity Cryptographic Weakness Vuln |
| CVE-2021-31755 | Tenda | Tenda AC11 devices | Tenda AC11 Up to 02.03.01.104_CN Stack Buffer Overflow |
| CVE-2020-10987 | Tenda | Tenda AC15 AC1900 | Tenda Router Code Execution |
| CVE-2018-14558 | Tenda | Tenda AC7, AC9, and AC10 devices | Tenda Router Command Injection Vulnerability |
| CVE-2018-20062 | ThinkPHP | NoneCms | ThinkPHP Remote Code Execution |
| CVE-2019-9082 | ThinkPHP | ThinkPHP | ThinkPHP Remote Code Execution |
| CVE-2019-18187 | Trend Micro | Trend Micro OfficeScan | Trend Micro Antivirus 0day Traversal Vulnerability |
| CVE-2020-8467 | Trend Micro | Trend Micro Apex One and OfficeScan XG | Trend Micro Apex One (2019) and OfficeScan XG migration tool remote code execution vulnerability |
| CVE-2020-8468 | Trend Micro | Trend Micro Apex One, OfficeScan XG and Worry-Free Business Security | Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agent content validation escape vulnerability |
| CVE-2020-24557 | Trend Micro | Trend Micro Apex One and Worry-Free Business Security | Trend Micro Apex One and OfficeScan XG Improper Access Control Privilege Escalation |
| CVE-2020-8599 | Trend Micro | Trend Micro Apex One and OfficeScan XG server | Trend Micro Apex One and OfficeScan XG Vulnerability |
| CVE-2021-36742 | Trend Micro | Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security | Trend Micro Systems Multiple Products Buffer Overflow – Arbitrary File Upload |
| CVE-2021-36741 | Trend Micro | Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security | Trend Micro Systems Multiple Products Buffer Overflow – Arbitrary File Upload |
| CVE-2019-20085 | TVT | NVMS-1000 | TVT NVMS-1000 Directory Traversal |
| CVE-2020-5849 | Unraid | Unraid | Unraid 6.8.0 Authentication Bypass |
| CVE-2020-5847 | Unraid | Unraid | Unraid 6.8.0 Remote Code Execution |
| CVE-2019-16759 | vBulletin | vBulletin | vBulletin PHP Module RCE |
| CVE-2020-17496 | vBulletin | vBulletin | vBulletin PHP Module RCE |
| CVE-2019-5544 | VMWare | ESXi, Horizon DaaS Appliances | VMWare ESXi/Horizon DaaS Appliances Heap-Overwrite Vulnerability |
| CVE-2020-3992 | VMWare | ESXi | OpenSLP as used in VMware ESXi |
| CVE-2020-3950 | VMWare | VMWare Fusion, VMware Remote Console for Mac, and Horizon Client for Mac | VMWare Privilege escalation vulnerability |
| CVE-2021-22005 | VMWare | vCenter Server | VMWare vCenter Server File Upload |
| CVE-2020-3952 | VMWare | vCenter Server | VMWare vCenter Server Info Disclosure Vulnerability |
| CVE-2021-21972 | VMWare | vCenter Server | VMWare vCenter Server RCE |
| CVE-2021-21985 | VMWare | vCenter Server | VMWare vCenter Server Remote Code Execution |
| CVE-2020-4006 | VMWare | VMWare Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector | VMWare Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector Command Injection vulnerability |
| CVE-2020-25213 | WordPress | File Manager | WordPress File Manager RCE |
| CVE-2020-11738 | WordPress | Snap Creek Duplicator | WordPress Snap Creek Duplicator and Duplicator Pro plugins Directory Traversal |
| CVE-2019-9978 | WordPress | Social-Warfare | WordPress Social-Warfare plugin XSS |
| CVE-2021-27561 | Yealink | Device Management Platform | Yealink Device Management Server Pre-Authorization SSRF |
| CVE-2021-40539 | Zoho | ManageEngine ADSelfServicePlus | Zoho Corp. ManageEngine ADSelfService Plus Version 6113 and Earlier Authentication Bypass |
| CVE-2020-10189 | Zoho | ManageEngine Desktop Central | Zoho ManageEngine Desktop Central Remote Code Execution Vulnerability |
| CVE-2019-8394 | Zoho | ManageEngine ServiceDesk Plus (SDP) | Zoho ManageEngine ServiceDesk Plus Arbitrary File Upload Vulnerability |
| CVE-2020-29583 | ZyXEL | Unified Security Gateway (USG) | ZyXEL Unified Security Gateway Undocumented Administrator Account with Default Credentials |
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/270072.html