CISA Published A Catalog Of Known Exploited Vulnerabilities

Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 22-01 to remediate vulnerabilities that are actively being exploited by known adversaries. To support this, CISA has published a catalog of known exploited vulnerabilities. CISA also said, the catalog will receive regular updates as new vulnerabilities will found. We recommend to sign up this service to receive notifications when new vulnerabilities are added.  

What Is There Is The Known Exploited Vulnerabilities Catalog?

The catalog has a list of 291 vulnerabilities at the time of publishing this post. Vulnerabilities from Microsoft, Apple, Google, Cisco, Apache, VMWare, Pulse, Oracle, SAP, and Trend Micro topes the list. The list may keeps change as new vulnerabilities were added to the catalog. Out of the 291 vulnerabilities, 176 vulnerabilities from 2017 to 2020, and there are more than 100 vulnerabilities just from 2021 alone. We recommend to download the csv version of the catalog, prioritise the vulnerabilities as per to your business strategy and try addressing the vulnerabilities.

Click here to access the Catalog of Known Exploited Vulnerabilities

Subscribe to the Known Exploited Vulnerabilities Catalog Update Bulletin

CVE Vendor/Project Product Vulnerability Name
CVE-2021-27104​ Accellion FTA Accellion FTA OS Command Injection Vulnerability
CVE-2021-27102​ Accellion FTA Accellion FTA OS Command Injection Vulnerability
CVE-2021-27101​ Accellion FTA Accellion FTA SQL Injection Vulnerability
CVE-2021-27103​ Accellion FTA Accellion FTA SSRF Vulnerability
CVE-2021-21017​ Adobe Acrobat and Reader Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability
CVE-2021-28550​ Adobe Acrobat and Reader Adobe Acrobat and Reader Use-After-Free Vulnerability
CVE-2018-4939​ Adobe ColdFusion Adobe ColdFusion Deserialization of Untrusted Data vulnerability
CVE-2018-15961​ Adobe ColdFusion Adobe ColdFusion RCE
CVE-2018-4878​ Adobe Flash Player Adobe Flash Player Use after Free vulnerability
CVE-2020-5735​ Amcrest Cameras and Network Video Recorder (NVR) Amcrest Camera and NVR Buffer Overflow Vulnerability
CVE-2019-2215 Android Android OS Android “AbstractEmu” Root Access Vulnerabilities
CVE-2020-0041 Android Android OS Android “AbstractEmu” Root Access Vulnerabilities
CVE-2020-0069 Android Android OS Android “AbstractEmu” Root Access Vulnerabilities
CVE-2017-9805 Apache Struts Apache Struts Multiple Versions Remote Code Execution
CVE-2021-42013 Apache HTTP Server Apache HTTP Server 2.4.49 and 2.4.50 Path Traversal
CVE-2021-41773 Apache HTTP Server Apache HTTP Server Path Traversal Vulnerability
CVE-2019-0211​ Apache HTTP Server Apache HTTP Server scoreboard vulnerability
CVE-2016-4437​ Apache Shiro Apache Shiro 1.2.4 Cookie RememberME Deserial RCE
CVE-2019-17558​ Apache Solr Apache Solr 5.0.0-8.3.1 Remote Code Execution
CVE-2020-17530 Apache Struts Apache Struts Forced OGNL Double Evaluation RCE
CVE-2017-5638​ Apache Struts Apache Struts Jakarta Multipart parser exception handling vulnerability
CVE-2018-11776 Apache Struts Apache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16 Remote Code Execution
CVE-2021-30858​ Apple iOS and iPadOS Apple Apple iOS and iPadOS Use-After-Free
CVE-2019-6223 Apple FaceTime Apple FaceTime Vulnerability
CVE-2021-30860​ Apple iOS Apple iOS “FORCEDENTRY” Remote Code Execution
CVE-2020-27930 Apple iOS and macOS Apple iOS and macOS FontParser RCE
CVE-2021-30807​ Apple iOS and macOS Apple iOS and macOS IOMobileFrameBuffer Memory Corruption Vulnerability
CVE-2020-27950​ Apple iOS and macOS Apple iOS and macOS Kernel Memory Initialization Vulnerability
CVE-2020-27932​ Apple iOS and macOS Apple iOS and macOS Kernel Type Confusion Vulnerability
CVE-2021-30860 Apple iOS Apple iOS iMessage Zero-click vulnerability
CVE-2020-9818 Apple iOS Mail Apple iOS Mail OOB Vulnerability
CVE-2020-9819 Apple iOS Mail Apple iOS Mail Heap Overflow Vulnerability
CVE-2021-30762​ Apple iOS Apple WebKit Browser Engine Use After Free Vulnerability
CVE-2021-1782 Apple iOS Apple iOS Privilege Escalation and Code Execution Chain
CVE-2021-1870 Apple iOS Apple iOS Privilege Escalation and Code Execution Chain
CVE-2021-1871​ Apple iOS Apple iOS Privilege Escalation and Code Execution Chain
CVE-2021-1879​ Apple iOS Apple iOS Webkit Browser Engine XSS
CVE-2021-30661 Apple iOS Apple iOS Webkit Storage Use-After-Free RCE
CVE-2021-30666​ Apple iOS Apple iOS12.x Buffer Overflow
CVE-2021-30713​ Apple macOS Apple macOS Input Validation Error
CVE-2021-30657​ Apple macOS Apple macOS Policy Subsystem Gatekeeper Bypass
CVE-2021-30665​ Apple Safari Apple Safari Webkit Browser Engine Buffer Overflow Vulnerability
CVE-2021-30663​ Apple Safari Apple Safari Webkit Browser Engine Integer Overflow Vulnerability
CVE-2021-30761​ Apple iOS Apple WebKit Browser Engine Memory Corruption Vulnerability
CVE-2021-30869​ Apple iOS, macOS, and iPadOS Apple XNU Kernel Type Confusion
CVE-2020-9859 Apple iOS and iPadOS Apple 11-13.5 XNU Kernel Vulnerability
CVE-2021-20090​ Arcadyan Buffalo WSR-2533DHPL2 and WSR-2533DHP3 firmware Arcadyan Buffalo Firmware Multiple Versions Path Traversal
CVE-2021-27562​ Arm Arm Trusted Firmware Arm Trusted Firmware M through 1.2 Denial of Service
CVE-2021-28664​ Arm Mali Graphics Processing Unit (GPU) Arm Mali GPU Kernel Boundary Error Vulnerability
CVE-2021-28663​ Arm Mali Graphics Processing Unit (GPU) Arm Mali GPU Kernel Use-After-Free Vulnerability
CVE-2019-3398​ Atlassian Confluence Atlassian Confluence Path Traversal Vulnerability
CVE-2021-26084​ Atlassian Confluence Server Atlassian Confluence Server < 6.13.23, 6.14.0 – 7.12.5 Arbitrary Code Execution
CVE-2019-11580​ Atlassian Crowd and Crowd Data Center Atlassian Crowd and Crowd Data Center RCE
CVE-2019-3396​ Atlassian  Atlassian Confluence Server Remote code execution via Widget Connector macro Vulnerability
CVE-2021-42258 BQE BillQuick Web Suite BQE BillQuick Web Suite Versions Prior to 22.0.9.1 (from 2018 through 2021) Remote Code Execution
CVE-2020-3452​ Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Cisco Adaptive Security Appliance and Cisco Fire Power Threat Defense directory traversal sensitive file read
CVE-2020-3580 Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Cisco ASA and FTD XSS Vulnerabilities
CVE-2021-1497 Cisco HyperFlex HX Cisco HyperFlex HX Command Injection Vulnerabilities
CVE-2021-1498 Cisco HyperFlex HX Cisco HyperFlex HX Command Injection Vulnerabilities
CVE-2018-0171​ Cisco IOS and IOS XE Cisco IOS and IOS XE Software Smart Install Remote Code Execution
CVE-2020-3118​ Cisco IOS XR Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability
CVE-2020-3566 Cisco IOS XR Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability
CVE-2020-3569 Cisco IOS XR Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability
CVE-2020-3161​ Cisco IP Phones Cisco IP Phones Web Server DoS and RCE
CVE-2019-1653​ Cisco RV320 and RV325 Routers Cisco RV320 and RV325 Routers Improper Access Control Vulnerability (COVID-19-CTI list)
CVE-2018-0296 Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Cisco Adaptive Security Appliance Firepower Threat Defense DoS/Directory Traversal vulnerability
CVE-2019-13608 Citrix StoreFront Server Citrix StoreFront Server Multiple Versions XML External Entity (XXE)
CVE-2020-8193 Citrix Application Delivery Controller (ADC), Gateway, and SDWAN WANOP Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP Unauthenticated Authorization Bypass
CVE-2020-8195 Citrix Application Delivery Controller (ADC), Gateway, and SDWAN WANOP Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP Unauthenticated Authorization Bypass
CVE-2020-8196 Citrix Application Delivery Controller (ADC), Gateway, and SDWAN WANOP Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP Unauthenticated Authorization Bypass
CVE-2019-19781​ Citrix Application Delivery Controller (ADC) and Gateway Citrix Application Delivery Controller and Citrix Gateway Vulnerability
CVE-2019-11634 Citrix Workspace (for Windows) Citrix Workspace (for Windows) Prior to 1904 Improper Access Control
CVE-2020-29557​ D-Link DIR-825 R1 D-Link DIR-825 R1 Through 3.0.1 Before 11/2020 Buffer Overflow
CVE-2020-25506​ D-Link DNS-320 D-Link DNS-320 Command Injection RCE Vulnerability
CVE-2018-15811 DNN DotNetNuke DotNetNuke 9.2-9.2.2 Encryption Algorithm Vulnerability
CVE-2018-18325 DNN DotNetNuke DotNetNuke 9.2-9.2.2 Encryption Algorithm Vulnerability
CVE-2017-9822​ DNN DotNetNuke (DNN) DotNetNuke before 9.1.1 Remote Code Execution
CVE-2019-15752​ Docker Desktop Community Edition Docker Desktop Community Edition Privilege Escalation
CVE-2020-8515​ DrayTek Vigor Router(s) DrayTek Vigor Router Vulnerability
CVE-2018-7600​ Drupal Drupal Drupal module configuration vulnerability
CVE-2021-22205 ExifTool ExifTool GitLab Community and Enterprise Editions From 11.9 Remote Code Execution
CVE-2018-6789​ Exim Exim Exim Buffer Overflow Vulnerability
CVE-2020-8657​ EyesOfNetwork EyesOfNetwork EyesOfNetwork 5.3 Insufficient Credential Protection
CVE-2020-8655​ EyesOfNetwork EyesOfNetwork EyesOfNetwork 5.3 Privilege Escalation Vulnerability
CVE-2020-5902​ F5 BIG IP F5 BIG IP Traffic Management User Interface RCE
CVE-2021-22986​ F5 BIG-IP F5 iControl REST unauthenticated RCE
CVE-2021-35464​ ForgeRock Access Management server ForgeRock Access Management Remote Code Execution
CVE-2019-5591​ Fortinet FortiOS Fortinet FortiOS Default Configuration Vulnerability
CVE-2020-12812​ Fortinet FortiOS Fortinet FortiOS SSL VPN 2FA Authentication Vulnerability
CVE-2018-13379​ Fortinet FortiOS Fortinet FortiOS SSL VPN credential exposure vulnerability
CVE-2020-16010 Google Chrome for Android Google Chrome for Android Heap Overflow Vulnerability
CVE-2020-15999 Google Chrome Google Chrome FreeType Memory Corruption
CVE-2021-21166​ Google Chrome Google Chrome Heap Buffer Overflow in WebAudio Vulnerability
CVE-2020-16017 Google Chrome Google Chrome Site Isolation Component Use-After-Free RCE vulnerability
CVE-2021-37976 Google Chrome Google Chrome Information Leakage
CVE-2020-16009​ Google Chromium V8 Chromium V8 Implementation Vulnerability
CVE-2021-30632 Google Chrome Google Chrome Out-of-bounds write
CVE-2020-16013 Google Chromium V8 Chromium V8 Engine Incorrect Implementation vulnerabililty
CVE-2021-30633​ Google Chrome Google Chrome Use-After-Free
CVE-2021-21148​ Google Chromium V8 Chromium V8 JavaScript Rendering Engine Heap Buffer Overflow Vulnerability
CVE-2021-37973​ Google Chrome Google Chrome Use-After-Free
CVE-2021-30551​ Google Chromium V8 Chromium V8 Engine Type Confusion
CVE-2021-37975​ Google Chrome Google Chrome Use-After-Free
CVE-2020-6418​ Google Chromium V8 Chromium V8 Engine Type Confusion Vulnerability
CVE-2021-30554​ Google Chrome Google Chrome WebGL Use after Free
CVE-2021-21206​ Google Chromium Blink Chromium Blink Use-After-Free Vulnerability
CVE-2021-38000 Google Chromium V8 Engine Google Chromium V8 Insufficient Input Validation Vulnerability
CVE-2021-38003 Google Chromium V8 Engine Google Chromium V8 Incorrect Implementation Vulnerability
CVE-2021-21224​ Google Chromium V8 Chromium V8 JavaScript Engine Remote Code Execution
CVE-2021-21193​ Google Chromium V8 Chromium V8 Engine Use-After-Free Vulnerability
CVE-2021-21220​ Google Chromium V8 Chromium V8 Engine Input Validation Vulnerability
CVE-2021-30563​ Google Chrome Google Chrome Browser V8 Arbitrary Code Execution
CVE-2020-4430​ IBM IBM Data Risk Manager IBM Data Risk Manager Arbritary File Download
CVE-2020-4427​ IBM IBM Data Risk Manager IBM Data Risk Manager Authentication Bypass
CVE-2020-4428​ IBM IBM Data Risk Manager IBM Data Risk Manager Command Injection
CVE-2019-4716​ IBM IBM Planning Analytics IBM Planning Analytics configuration overwrite vulnerability
CVE-2016-3715​ ImageMagick ImageMagick ImageMagick Ephemeral Coder Arbitrary File Deletion Vulnerability
CVE-2016-3718​ ImageMagick ImageMagick ImageMagick SSRF Vulnerability
CVE-2020-15505​ Ivanti MobileIron Core & Connector MobileIron Core, Connector, Sentry, and RDM RCE
CVE-2021-30116 Kaseya Kaseya VSA Kaseya VSA Remote Code Execution
CVE-2020-7961​ LifeRay Liferay Portal Liferay Portal prior to 7.2.1 CE GA2 RCE
CVE-2021-23874​ McAfee McAfee Total Protection (MTP) McAfee Total Protection MTP Arbitrary Process Execution
CVE-2021-22506​ Micro Focus Micro Focus Access Manager Micro Focus Access Manager Earlier Than 5.0 Information Leakage
CVE-2021-22502​ Micro Focus Micro Focus Operation Bridge Reporter (OBR) Micro Focus Operation Bridge Report (OBR) Server RCE
CVE-2014-1812​ Microsoft Windows Group Policy Microsoft Windows Group Policy Privilege Escalation
CVE-2021-38647​ Microsoft Microsoft Azure Open Management Infrastructure (OMI) Microsoft Azure Open Management Infrastructure (OMI) Remote Code Execution
CVE-2016-0167​ Microsoft Windows Kernel Microsoft Windows Kernel ‘Win32k.sys’ Local Privilege Escalation Vulnerability
CVE-2020-0878​ Microsoft Microsoft Edge, Internet Explorer Microsoft Browser Memory Corruption Vulnerability
CVE-2021-31955​ Microsoft Windows Kernel Microsoft Windows Kernel Information Disclosure Vulnerability
CVE-2021-1647​ Microsoft Microsoft Defender Microsoft Defender RCE
CVE-2021-33739​ Microsoft Microsoft Desktop Window Manager (DWM) Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2016-0185​ Microsoft Windows Media Center Microsoft Windows Media Center RCE vulnerability
CVE-2020-0683​ Microsoft Windows Installer Microsoft Elevation of Privilege Installer Vulnerability
CVE-2020-17087​ Microsoft Windows Kernel Windows Kernel Cryptography Driver Privilege Escalation
CVE-2021-33742​ Microsoft Windows MSHTML Platform Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability
CVE-2021-31199 Microsoft Microsoft Enhanced Cryptographic Provider Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerabilities
CVE-2021-33771​ Microsoft Windows Kernel Windows Kernel Elevation of Privilege
CVE-2021-31956​ Microsoft Windows NTFS  Microsoft Windows NTFS Elevation of Privilege Vulnerability
CVE-2021-31201 Microsoft Microsoft Enhanced Cryptographic Provider Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerabilities
CVE-2021-31979​ Microsoft Windows Kernel Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-0938 Microsoft Windows, Windows Adobe Type Manager Library Microsoft Windows Type 1 Font Parsing Remote Code Execution Vulnerability
CVE-2020-17144 Microsoft Microsoft Exchange Server Microsoft Exchange RCE
CVE-2020-0986​ Microsoft Windows Kernel Windows Kernel Elevation of Privilege vulnerability
CVE-2020-1020 Microsoft Windows, Windows Adobe Type Manager Library Microsoft Windows Type 1 Font Parsing Remote Code Execution Vulnerability
CVE-2021-38645 Microsoft Microsoft Azure Open Management Infrastructure (OMI) Microsoft Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
CVE-2021-34523​ Microsoft Microsoft Exchange Server Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2017-7269​ Microsoft Internet Information Services (IIS) Windows Server 2003 R2 IIS WEBDAV buffer overflow RCE vulnerability (COVID-19-CTI list)
CVE-2021-36948​ Microsoft Windows Update Medic Service Microsoft Windows Update Medic Service Elevation of Privilege
CVE-2021-38649 Microsoft Microsoft Azure Open Management Infrastructure (OMI) Microsoft Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
CVE-2020-0688​ Microsoft Microsoft Exchange Server Microsoft Exchange Server Key Validation Vulnerability
CVE-2017-0143​ Microsoft SMBv1 server Windows SMBv1 Remote Code Execution Vulnerability
CVE-2016-7255​ Microsoft Windows, Windows Server Microsoft Windows Vista, 7, 8.1, 10 and Windows Server 2008, 2012, and 2016 Win32k Privilege Escalation Vulnerability
CVE-2019-0708​ Microsoft Remote Desktop Services “BlueKeep” Windows Remote Desktop RCE Vulnerability
CVE-2021-34473​ Microsoft Microsoft Exchange Server Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2020-1464​ Microsoft Windows Windows Spoofing Vulnerability
CVE-2021-1732​ Microsoft Windows Win32k Microsoft Windows Win32k Privilege Escalation
CVE-2021-34527 Microsoft Windows “PrintNightmare” – Microsoft Windows Print Spooler Remote Code Execution Vulnerability
CVE-2021-31207​ Microsoft Microsoft Exchange Server Microsoft Exchange Server Security Feature Bypass Vulnerability
CVE-2019-0803​ Microsoft Windows Win32k Windows win32k Escalation Kernel Vulnerability
CVE-2020-1040 Microsoft Hyper-V RemoteFX vGPU Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
CVE-2021-28310​ Microsoft Windows Win32k Microsoft Windows Win32k Privilege Escalation Vulnerability
CVE-2020-1350​ Microsoft Windows Domain Name System Server “SigRed” – Windows DNS Server Remote Code Execution Vulnerability
CVE-2021-26411​ Microsoft Microsoft Edge, Internet Explorer Microsoft Internet Explorer and Edge Memory Corruption Vulnerability
CVE-2019-0859​ Microsoft Windows Win32k Windows win32k Escalation Kernel Vulnerability
CVE-2021-40444​ Microsoft Microsoft MSHTML Microsoft Windows, Server (spec. IE) All Arbitrary Code Execution
CVE-2017-8759 Microsoft Microsoft .NET Framework .NET Framework Remote Code Execution vulnerability
CVE-2018-8653​ Microsoft Internet Explorer Scripting Engine Microsoft Internet Explorer Scripting Engine JScript Memory Corruption Vulnerability
CVE-2019-0797​ Microsoft Windows Win32k Windows win32k.sys Driver Vulnerability
CVE-2021-36942​ Microsoft Windows Local Security Authority (LSA) Microsoft LSA Spoofing
CVE-2019-1215​ Microsoft Windows Winsock Windows Winsock (ws2ifsl.sys) vulnerability
CVE-2017-11882 Microsoft Microsoft Office Microsoft Office 2007 – 2016 Backdoor Exploitation Chain
CVE-2018-0798 Microsoft Microsoft Office Microsoft Office 2007 – 2016 Backdoor Exploitation Chain
CVE-2018-0802​ Microsoft Microsoft Office Microsoft Office 2007 – 2016 Backdoor Exploitation Chain
CVE-2012-0158​ Microsoft MSCOMCTL.OCX Microsoft MSCOMCTL.OCX RCE Vulnerability
CVE-2015-1641​ Microsoft Microsoft Office Microsoft Office Memory Corruption vulnerability
CVE-2021-27085​ Microsoft Internet Explorer Internet Explorer 11 RCE
CVE-2019-0541​ Microsoft MSHTML engine  Microsoft MSHTML Engine Remote Code Execution Vulnerability
CVE-2017-11882​ Microsoft Microsoft Office Microsoft Office memory corruption vulnerability
CVE-2020-0674 Microsoft Internet Explorer Scripting Engine Internet Explorer 9-11 Scripting Engine Memory Corruption Vulnerability
CVE-2021-27059​ Microsoft Microsoft Office Microsoft Office RCE
CVE-2019-1367 Microsoft Internet Explorer Scripting Engine Internet Explorer 9-11 Scripting Engine Memory Corruption Vulnerability
CVE-2017-0199​ Microsoft Windows, Windows Server, Microsoft Office Microsoft Office/WordPad Remote Code Execution Vulnerability with Windows API
CVE-2020-1380​ Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
CVE-2019-1429 Microsoft Internet Explorer Scripting Engine Internet Explorer 9-11 Scripting Engine Memory Corruption Vulnerability
CVE-2017-11774​ Microsoft Microsoft Outlook Microsoft Outlook Security Feature Bypass Vulnerability
CVE-2020-0968​ Microsoft Internet Explorer Scripting Engine Internet Explorer Scripting Engine Memory Corruption Vulnerability
CVE-2020-1472​ Microsoft Netlogon Remote Protocol (MS-NRPC) NetLogon Elevation of Privilege Vulnerability
CVE-2021-26855 Microsoft Microsoft Exchange Server Microsoft OWA Exchange Control Panel (ECP) Exploit Chain
CVE-2021-26858 Microsoft Microsoft Exchange Server Microsoft OWA Exchange Control Panel (ECP) Exploit Chain
CVE-2021-27065​ Microsoft Microsoft Exchange Server Microsoft OWA Exchange Control Panel (ECP) Exploit Chain
CVE-2020-1054 Microsoft Windows Win32k Microsoft Windows Win32k Privilege Escalation Vulnerability
CVE-2021-1675 Microsoft Windows Print Spooler Microsoft Print Spooler Remote Code Execution
CVE-2021-34448​ Microsoft Scripting Engine Microsoft Scripting Engine Memory Corruption Vulnerability
CVE-2020-0601​ Microsoft Windows CryptoAPI  Windows 10 API/ECC Vulnerability
CVE-2019-0604​ Microsoft SharePoint Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-0646​ Microsoft Microsoft .NET Framework Microsoft .NET Framework RCE
CVE-2019-0808​ Microsoft Windows Win32k Windows 7 win32k.sys Driver Vulnerability
CVE-2021-26857​ Microsoft Microsoft Exchange Server Microsoft Unified Messaging Deserialization Vulnerability
CVE-2020-1147​ Microsoft Microsoft .NET Framework, Microsoft SharePoint, Visual Studio Microsoft .NET Framework, SharePoint Server, and Visual Studio RCE
CVE-2019-1214​ Microsoft Windows Common Log File System (CLFS) driver Windows CLFS vulnerability
CVE-2016-3235​ Microsoft Microsoft Visio/Office Microsoft Visio/Office OLE DLL Side Loading vulnerability
CVE-2021-38647 Microsoft Microsoft Azure Open Management Infrastructure (OMI) Microsoft Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
CVE-2019-0863​ Microsoft Windows Error Reporting (WER) Windows Error Reporting Vulnerability
CVE-2021-36955​ Microsoft Windows Common Log File System Driver  Microsoft Windows Common Log File System Driver Privilege Escalation
CVE-2021-38648 Microsoft Microsoft Azure Open Management Infrastructure (OMI) Microsoft Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
CVE-2020-6819​ Mozilla nsDocShell destructor Mozilla Firefox 74 and Firefox ESR 68.6 nsDocShell vulnerability
CVE-2020-6820​ Mozilla ReadableStream Mozilla Firefox 74 and Firefox ESR 68.6 ReadableStream vulnerability
CVE-2019-17026​ Mozilla IonMonkey JIT compiler Mozilla Firefox IonMonkey JIT compiler Type Confusion Vulnerability
CVE-2019-15949​ Nagios Nagios XI Nagios XI Remote Code Execution
CVE-2020-26919​ Netgear NETGEAR JGS516PE devices Netgear ProSAFE Plus JGS516PE RCE vulnerability
CVE-2019-19356​ Netis Netis WF2419 Netis WF2419 Router Tracert RCE vulnerability
CVE-2020-2555​ Oracle Oracle Coherence  Oracle Coherence Deserialization RCE
CVE-2012-3152​ Oracle Oracle Reports Developer Oracle Reports Developer Arbitrary File Read and Upload vulnerability
CVE-2020-14871​ Oracle Oracle Solaris  Oracle Solaris Pluggable Authentication Module vulnerability
CVE-2015-4852​ Oracle Oracle WebLogic Server Oracle WebLogic Server RCE
CVE-2020-14750 Oracle Oracle WebLogic Server Oracle WebLogic Server RCE
CVE-2020-14882 Oracle Oracle WebLogic Server Oracle WebLogic Server RCE
CVE-2020-14883 Oracle Oracle WebLogic Server Oracle WebLogic Server RCE
CVE-2020-8644​ PlaySMS PlaySMS PlaySMS Remote Code Execution
CVE-2019-18935​ Progess ASP.NET AJAX Progress Telerik UI for ASP.NET deserialization bug
CVE-2021-22893​ Pulse Pulse Connect Secure Pulse Connect Secure (PCS) Remote Code Execution
CVE-2020-8243​ Pulse Pulse Connect Secure Pulse Connect Secure Arbitrary Code Execution
CVE-2021-22900​ Pulse Pulse Connect Secure Pulse Connect Secure Arbitrary File Upload Vulnerability
CVE-2021-22894​ Pulse Pulse Connect Secure Pulse Connect Secure Collaboration Suite Remote Code Execution
CVE-2020-8260​ Pulse Pulse Connect Secure Pulse Connect Secure RCE
CVE-2021-22899​ Pulse Pulse Connect Secure Pulse Connect Secure Remote Code Execution
CVE-2019-11510​ Pulse Pulse Secure Pulse Connect Secure (PCS) Pulse Secure VPN arbitrary file reading vulnerability (COVID-19-CTI list)
CVE-2019-11539 Pulse Secure Connect Secure, Policy Secure Pulse Secure Connect and Policy Secure Multiple Versions Code Execution
CVE-2021-1906​ Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Qualcomm Improper Error Handling Vulnerability
CVE-2021-1905​ Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Qualcomm Use-After-Free Vulnerability
CVE-2020-10221​ rConfig rConfig rConfig RCE
CVE-2021-35395​ Realtek Jungle Software Development Kit (SDK) Realtek SDK Arbitrary Code Execution
CVE-2017-16651​ Roundcube Roundcube Webmail Roundcube Webmail File Disclosure Vulnerability
CVE-2020-11652​ SaltStack Salt SaltStack directory traversal failure to sanitize untrusted input
CVE-2020-11651​ SaltStack Salt SaltStack Salt Authentication Bypass
CVE-2020-16846​ SaltStack Salt SaltStack Through 3002 Shell Injection Vulnerability
CVE-2018-2380​ SAP SAP CRM SAP NetWeaver AS JAVA CRM RCE
CVE-2016-3976​ SAP SAP NetWeaver AS Java SAP NetWeaver AS Java Directory Traversal Vulnerability
CVE-2010-5326​ SAP SAP NetWeaver Application Server Java platforms SAP NetWeaver AS JAVA RCE
CVE-2016-9563​ SAP SAP NetWeaver AS JAVA SAP NetWeaver AS JAVA XXE Vulnerability
CVE-2020-6287​ SAP SAP NetWeaver AS JAVA (LM Configuration Wizard) SAP Netweaver JAVA remote unauthenticated access vulnerability
CVE-2020-6207​ SAP SAP Solution Manager (User Experience Monitoring) SAP Solution Manager Missing Authentication Check Complete Compromise of SMD Agents vulnerability
​CVE-2016-3976 SAP SAP NetWeaver AS Java SAP NetWeaver AS Java 7.1 – 7.5 Directory Traversal Vulnerability
CVE-2019-16256​ SIMalliance SIMalliance Toolbox ([email protected]) Browser SIMalliance Toolbox ([email protected]) Browser Command and Control Vulnerability
CVE-2020-10148​ SolarWinds SolarWinds Orion Platform SolarWinds Orion API Authentication Bypass Vulnerability
CVE-2021-35211​ SolarWinds SolarWinds nServ-U SolarWinds Serv-U Remote Memory Escape Vulnerability
CVE-2016-3643​ SolarWinds SolarWinds Virtualization Manager SolarWinds Virtualization Manager Privilege Escalation Vulnerability
CVE-2020-10199​ Sonatype Sonatype Nexus Repository Nexus Repository Manager 3 Remote Code Execution
CVE-2021-20021 SonicWall SonicWall Email Security SonicWall Email Security Privilege Escalation Exploit Chain
CVE-2017-7481 SonicWall SMA1000 SonicWall SMA100 9.0.0.3 and Earlier SQL Injection
CVE-2021-20022 SonicWall SonicWall Email Security SonicWall Email Security Privilege Escalation Exploit Chain
CVE-2021-20023 SonicWall SonicWall Email Security SonicWall Email Security Privilege Escalation Exploit Chain
CVE-2021-20016​ SonicWall SonicWall SSLVPN SMA100 SonicWall SSL VPN SMA100 SQL Injection Vulnerability
CVE-2020-12271​ Sophos Sophos XG Firewall devices Sophos XG Firewall SQL Injection Vulnerability
CVE-2020-10181​ Sumavision Sumavision Enhanced Multimedia Router (EMR) Sumavision EMR 3.0 CSRF Vulnerability
CVE-2017-6327​ Symantec Symantec Messaging Gateway Symantec Messaging Gateway RCE
CVE-2019-18988​ TeamViewer TeamViewer Desktop TeamViewer Desktop Bypass Remote Login
CVE-2017-9248​ Telerik ASP.NET AJAX and Sitefinity Telerik UI for ASP.NET AJAX and Progress Sitefinity Cryptographic Weakness Vuln
CVE-2021-31755​ Tenda Tenda AC11 devices Tenda AC11 Up to 02.03.01.104_CN Stack Buffer Overflow
CVE-2020-10987​ Tenda Tenda AC15 AC1900 Tenda Router Code Execution
CVE-2018-14558​ Tenda Tenda AC7, AC9, and AC10 devices Tenda Router Command Injection Vulnerability
CVE-2018-20062 ThinkPHP NoneCms ThinkPHP Remote Code Execution
CVE-2019-9082 ThinkPHP ThinkPHP ThinkPHP Remote Code Execution
CVE-2019-18187​ Trend Micro Trend Micro OfficeScan Trend Micro Antivirus 0day Traversal Vulnerability
CVE-2020-8467​ Trend Micro Trend Micro Apex One and OfficeScan XG Trend Micro Apex One (2019) and OfficeScan XG migration tool remote code execution vulnerability
CVE-2020-8468​ Trend Micro Trend Micro Apex One, OfficeScan XG and Worry-Free Business Security Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agent content validation escape vulnerability
CVE-2020-24557​ Trend Micro Trend Micro Apex One and Worry-Free Business Security Trend Micro Apex One and OfficeScan XG Improper Access Control Privilege Escalation
CVE-2020-8599​ Trend Micro Trend Micro Apex One and OfficeScan XG server  Trend Micro Apex One and OfficeScan XG Vulnerability
CVE-2021-36742 Trend Micro Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security Trend Micro Systems Multiple Products Buffer Overflow – Arbitrary File Upload
CVE-2021-36741 Trend Micro Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security Trend Micro Systems Multiple Products Buffer Overflow – Arbitrary File Upload
CVE-2019-20085​ TVT NVMS-1000 TVT NVMS-1000 Directory Traversal
CVE-2020-5849​ Unraid Unraid Unraid 6.8.0 Authentication Bypass
CVE-2020-5847​ Unraid Unraid Unraid 6.8.0 Remote Code Execution
CVE-2019-16759 vBulletin vBulletin vBulletin PHP Module RCE
CVE-2020-17496 vBulletin vBulletin vBulletin PHP Module RCE
CVE-2019-5544 VMWare ESXi, Horizon DaaS Appliances VMWare ESXi/Horizon DaaS Appliances Heap-Overwrite Vulnerability
CVE-2020-3992 VMWare ESXi OpenSLP as used in VMware ESXi
CVE-2020-3950​ VMWare VMWare Fusion, VMware Remote Console for Mac, and Horizon Client for Mac VMWare Privilege escalation vulnerability
CVE-2021-22005​ VMWare vCenter Server VMWare vCenter Server File Upload
CVE-2020-3952​ VMWare vCenter Server VMWare vCenter Server Info Disclosure Vulnerability
CVE-2021-21972​ VMWare vCenter Server VMWare vCenter Server RCE
CVE-2021-21985​ VMWare vCenter Server VMWare vCenter Server Remote Code Execution
CVE-2020-4006​ VMWare VMWare Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector VMWare Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector Command Injection vulnerability
CVE-2020-25213​ WordPress File Manager WordPress File Manager RCE
CVE-2020-11738​ WordPress Snap Creek Duplicator WordPress Snap Creek Duplicator and Duplicator Pro plugins Directory Traversal
CVE-2019-9978​ WordPress Social-Warfare WordPress Social-Warfare plugin XSS
CVE-2021-27561​ Yealink Device Management Platform Yealink Device Management Server Pre-Authorization SSRF
CVE-2021-40539​ Zoho ManageEngine ADSelfServicePlus Zoho Corp. ManageEngine ADSelfService Plus Version 6113 and Earlier Authentication Bypass
CVE-2020-10189​ Zoho ManageEngine Desktop Central Zoho ManageEngine Desktop Central Remote Code Execution Vulnerability
CVE-2019-8394​ Zoho ManageEngine ServiceDesk Plus (SDP) Zoho ManageEngine ServiceDesk Plus Arbitrary File Upload Vulnerability
CVE-2020-29583​ ZyXEL Unified Security Gateway (USG) ZyXEL Unified Security Gateway Undocumented Administrator Account with Default Credentials

原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/tech/aiops/270072.html

(0)
上一篇 2022年6月24日 03:11
下一篇 2022年6月24日 03:20

相关推荐

发表回复

登录后才能评论