Latest CVE Feed
-
9.8
CRITICALCVE-2022-34821
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2), SCALANCE M804PB (6GK5804-0AP00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2), SCALANCE M812-1 ADSL-Router... Read more
Affected Products : scalance_s615_firmware simatic_cp_1242-7_v2_firmware simatic_cp_1243-1_firmware simatic_cp_1243-7_lte_eu_firmware simatic_cp_1243-7_lte_us_firmware simatic_cp_1243-8_irc_firmware simatic_cp_1542sp-1_irc_firmware simatic_cp_1543sp-1_firmware siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware siplus_et_200sp_cp_1543sp-1_isec_firmware +50 more products- EPSS Score: %0.50
- Published: Jul. 12, 2022
- Modified: Jan. 14, 2025
-
9.8
CRITICALCVE-2017-15118
A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write... Read more
- EPSS Score: %2.31
- Published: Jul. 27, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-8025
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful e... Read more
- EPSS Score: %5.18
- Published: Aug. 20, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-8597
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.... Read more
Affected Products : ubuntu_linux debian_linux ruggedcom_rm1224_firmware point-to-point_protocol pfc_firmware pfc100 pfc200- EPSS Score: %67.51
- Published: Feb. 03, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-1010022
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guar... Read more
Affected Products : glibc- EPSS Score: %0.14
- Published: Jul. 15, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-1361
A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote at... Read more
Affected Products : nx-os nexus_3000 nexus_3100 nexus_3100-z nexus_3100v nexus_3200 nexus_3400 nexus_3500 nexus_3600 nexus_9000v +39 more products- EPSS Score: %0.29
- Published: Feb. 24, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-1871
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code executio... Read more
- Actively Exploited
- EPSS Score: %0.61
- Published: Apr. 02, 2021
- Modified: Feb. 28, 2025
-
9.8
CRITICALCVE-2023-20078
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilit... Read more
- EPSS Score: %10.82
- Published: Mar. 03, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2015-5377
Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability... Read more
Affected Products : elasticsearch- EPSS Score: %37.16
- Published: Mar. 06, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-20189
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affe... Read more
Affected Products : sf300-08_firmware sf302-08_firmware sf302-08pp_firmware sf302-08mpp_firmware sf300-24_firmware sf300-24p_firmware sf300-24pp_firmware sf300-24mp_firmware sf300-48_firmware sf300-48p_firmware +452 more products- EPSS Score: %4.30
- Published: May. 18, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-37762
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading to remote code execution.... Read more
Affected Products : manageengine_admanager_plus- EPSS Score: %37.38
- Published: Oct. 07, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-2527
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "CoreAnimation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application cr... Read more
- EPSS Score: %9.36
- Published: May. 22, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2021-21693
When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.... Read more
Affected Products : jenkins- EPSS Score: %1.30
- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-34835
In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.... Read more
Affected Products : u-boot- EPSS Score: %0.25
- Published: Jun. 30, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-13756
Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker.... Read more
Affected Products : php_css_parser- EPSS Score: %19.90
- Published: Jun. 03, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2016-5302
Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account.... Read more
Affected Products : xenserver- EPSS Score: %1.18
- Published: Jun. 13, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2017-1000231
A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.... Read more
Affected Products : ldns- EPSS Score: %0.55
- Published: Nov. 17, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2020-9898
This issue was addressed with improved entitlements. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A sandboxed process may be able to circumvent sandbox restrictions.... Read more
- EPSS Score: %0.45
- Published: Oct. 22, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-20314
Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.... Read more
- EPSS Score: %0.17
- Published: Aug. 12, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-8199
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lea... Read more
- EPSS Score: %5.64
- Published: Oct. 17, 2019
- Modified: Nov. 21, 2024