• Home
  • |
  • Blog
  • |
  • CISA Published A Catalog Of Known Exploited Vulnerabilities
Catalog of Known Exploited Vulnerabilities

Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 22-01 to remediate vulnerabilities that are actively being exploited by known adversaries. To support this, CISA has published a catalog of known exploited vulnerabilities. CISA also said, the catalog will receive regular updates as new vulnerabilities will found. We recommend to sign up this service to receive notifications when new vulnerabilities are added.  

What Is There Is The Known Exploited Vulnerabilities Catalog?

The catalog has a list of 291 vulnerabilities at the time of publishing this post. Vulnerabilities from Microsoft, Apple, Google, Cisco, Apache, VMWare, Pulse, Oracle, SAP, and Trend Micro topes the list. The list may keeps change as new vulnerabilities were added to the catalog. Out of the 291 vulnerabilities, 176 vulnerabilities from 2017 to 2020, and there are more than 100 vulnerabilities just from 2021 alone. We recommend to download the csv version of the catalog, prioritise the vulnerabilities as per to your business strategy and try addressing the vulnerabilities.

Click here to access the Catalog of Known Exploited Vulnerabilities

Subscribe to the Known Exploited Vulnerabilities Catalog Update Bulletin

CVEVendor/ProjectProductVulnerability Name
CVE-2021-27104​AccellionFTAAccellion FTA OS Command Injection Vulnerability
CVE-2021-27102​AccellionFTAAccellion FTA OS Command Injection Vulnerability
CVE-2021-27101​AccellionFTAAccellion FTA SQL Injection Vulnerability
CVE-2021-27103​AccellionFTAAccellion FTA SSRF Vulnerability
CVE-2021-21017​AdobeAcrobat and ReaderAdobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability
CVE-2021-28550​AdobeAcrobat and ReaderAdobe Acrobat and Reader Use-After-Free Vulnerability
CVE-2018-4939​AdobeColdFusionAdobe ColdFusion Deserialization of Untrusted Data vulnerability
CVE-2018-15961​AdobeColdFusionAdobe ColdFusion RCE
CVE-2018-4878​AdobeFlash PlayerAdobe Flash Player Use after Free vulnerability
CVE-2020-5735​AmcrestCameras and Network Video Recorder (NVR)Amcrest Camera and NVR Buffer Overflow Vulnerability
CVE-2019-2215AndroidAndroid OSAndroid “AbstractEmu” Root Access Vulnerabilities
CVE-2020-0041AndroidAndroid OSAndroid “AbstractEmu” Root Access Vulnerabilities
CVE-2020-0069AndroidAndroid OSAndroid “AbstractEmu” Root Access Vulnerabilities
CVE-2017-9805ApacheStrutsApache Struts Multiple Versions Remote Code Execution
CVE-2021-42013ApacheHTTP ServerApache HTTP Server 2.4.49 and 2.4.50 Path Traversal
CVE-2021-41773ApacheHTTP ServerApache HTTP Server Path Traversal Vulnerability
CVE-2019-0211​ApacheHTTP ServerApache HTTP Server scoreboard vulnerability
CVE-2016-4437​ApacheShiroApache Shiro 1.2.4 Cookie RememberME Deserial RCE
CVE-2019-17558​ApacheSolrApache Solr 5.0.0-8.3.1 Remote Code Execution
CVE-2020-17530ApacheStrutsApache Struts Forced OGNL Double Evaluation RCE
CVE-2017-5638​ApacheStrutsApache Struts Jakarta Multipart parser exception handling vulnerability
CVE-2018-11776ApacheStrutsApache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16 Remote Code Execution
CVE-2021-30858​AppleiOS and iPadOSApple Apple iOS and iPadOS Use-After-Free
CVE-2019-6223AppleFaceTimeApple FaceTime Vulnerability
CVE-2021-30860​AppleiOSApple iOS “FORCEDENTRY” Remote Code Execution
CVE-2020-27930AppleiOS and macOSApple iOS and macOS FontParser RCE
CVE-2021-30807​AppleiOS and macOSApple iOS and macOS IOMobileFrameBuffer Memory Corruption Vulnerability
CVE-2020-27950​AppleiOS and macOSApple iOS and macOS Kernel Memory Initialization Vulnerability
CVE-2020-27932​AppleiOS and macOSApple iOS and macOS Kernel Type Confusion Vulnerability
CVE-2021-30860AppleiOSApple iOS iMessage Zero-click vulnerability
CVE-2020-9818AppleiOS MailApple iOS Mail OOB Vulnerability
CVE-2020-9819AppleiOS MailApple iOS Mail Heap Overflow Vulnerability
CVE-2021-30762​AppleiOSApple WebKit Browser Engine Use After Free Vulnerability
CVE-2021-1782AppleiOSApple iOS Privilege Escalation and Code Execution Chain
CVE-2021-1870AppleiOSApple iOS Privilege Escalation and Code Execution Chain
CVE-2021-1871​AppleiOSApple iOS Privilege Escalation and Code Execution Chain
CVE-2021-1879​AppleiOSApple iOS Webkit Browser Engine XSS
CVE-2021-30661AppleiOSApple iOS Webkit Storage Use-After-Free RCE
CVE-2021-30666​AppleiOSApple iOS12.x Buffer Overflow
CVE-2021-30713​ApplemacOSApple macOS Input Validation Error
CVE-2021-30657​ApplemacOSApple macOS Policy Subsystem Gatekeeper Bypass
CVE-2021-30665​AppleSafariApple Safari Webkit Browser Engine Buffer Overflow Vulnerability
CVE-2021-30663​AppleSafariApple Safari Webkit Browser Engine Integer Overflow Vulnerability
CVE-2021-30761​AppleiOSApple WebKit Browser Engine Memory Corruption Vulnerability
CVE-2021-30869​AppleiOS, macOS, and iPadOSApple XNU Kernel Type Confusion
CVE-2020-9859AppleiOS and iPadOSApple 11-13.5 XNU Kernel Vulnerability
CVE-2021-20090​ArcadyanBuffalo WSR-2533DHPL2 and WSR-2533DHP3 firmwareArcadyan Buffalo Firmware Multiple Versions Path Traversal
CVE-2021-27562​ArmArm Trusted FirmwareArm Trusted Firmware M through 1.2 Denial of Service
CVE-2021-28664​ArmMali Graphics Processing Unit (GPU)Arm Mali GPU Kernel Boundary Error Vulnerability
CVE-2021-28663​ArmMali Graphics Processing Unit (GPU)Arm Mali GPU Kernel Use-After-Free Vulnerability
CVE-2019-3398​AtlassianConfluenceAtlassian Confluence Path Traversal Vulnerability
CVE-2021-26084​AtlassianConfluence ServerAtlassian Confluence Server < 6.13.23, 6.14.0 – 7.12.5 Arbitrary Code Execution
CVE-2019-11580​AtlassianCrowd and Crowd Data CenterAtlassian Crowd and Crowd Data Center RCE
CVE-2019-3396​Atlassian Atlassian Confluence ServerRemote code execution via Widget Connector macro Vulnerability
CVE-2021-42258BQEBillQuick Web SuiteBQE BillQuick Web Suite Versions Prior to 22.0.9.1 (from 2018 through 2021) Remote Code Execution
CVE-2020-3452​CiscoAdaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)Cisco Adaptive Security Appliance and Cisco Fire Power Threat Defense directory traversal sensitive file read
CVE-2020-3580CiscoAdaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)Cisco ASA and FTD XSS Vulnerabilities
CVE-2021-1497CiscoHyperFlex HXCisco HyperFlex HX Command Injection Vulnerabilities
CVE-2021-1498CiscoHyperFlex HXCisco HyperFlex HX Command Injection Vulnerabilities
CVE-2018-0171​CiscoIOS and IOS XECisco IOS and IOS XE Software Smart Install Remote Code Execution
CVE-2020-3118​CiscoIOS XRCisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability
CVE-2020-3566CiscoIOS XRCisco IOS XR Software DVMRP Memory Exhaustion Vulnerability
CVE-2020-3569CiscoIOS XRCisco IOS XR Software DVMRP Memory Exhaustion Vulnerability
CVE-2020-3161​CiscoIP PhonesCisco IP Phones Web Server DoS and RCE
CVE-2019-1653​CiscoRV320 and RV325 RoutersCisco RV320 and RV325 Routers Improper Access Control Vulnerability (COVID-19-CTI list)
CVE-2018-0296CiscoAdaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)Cisco Adaptive Security Appliance Firepower Threat Defense DoS/Directory Traversal vulnerability
CVE-2019-13608CitrixStoreFront ServerCitrix StoreFront Server Multiple Versions XML External Entity (XXE)
CVE-2020-8193CitrixApplication Delivery Controller (ADC), Gateway, and SDWAN WANOPCitrix ADC, Citrix Gateway, Citrix SDWAN WANOP Unauthenticated Authorization Bypass
CVE-2020-8195CitrixApplication Delivery Controller (ADC), Gateway, and SDWAN WANOPCitrix ADC, Citrix Gateway, Citrix SDWAN WANOP Unauthenticated Authorization Bypass
CVE-2020-8196CitrixApplication Delivery Controller (ADC), Gateway, and SDWAN WANOPCitrix ADC, Citrix Gateway, Citrix SDWAN WANOP Unauthenticated Authorization Bypass
CVE-2019-19781​CitrixApplication Delivery Controller (ADC) and GatewayCitrix Application Delivery Controller and Citrix Gateway Vulnerability
CVE-2019-11634CitrixWorkspace (for Windows)Citrix Workspace (for Windows) Prior to 1904 Improper Access Control
CVE-2020-29557​D-LinkDIR-825 R1D-Link DIR-825 R1 Through 3.0.1 Before 11/2020 Buffer Overflow
CVE-2020-25506​D-LinkDNS-320D-Link DNS-320 Command Injection RCE Vulnerability
CVE-2018-15811DNNDotNetNukeDotNetNuke 9.2-9.2.2 Encryption Algorithm Vulnerability
CVE-2018-18325DNNDotNetNukeDotNetNuke 9.2-9.2.2 Encryption Algorithm Vulnerability
CVE-2017-9822​DNNDotNetNuke (DNN)DotNetNuke before 9.1.1 Remote Code Execution
CVE-2019-15752​DockerDesktop Community EditionDocker Desktop Community Edition Privilege Escalation
CVE-2020-8515​DrayTekVigor Router(s)DrayTek Vigor Router Vulnerability
CVE-2018-7600​DrupalDrupalDrupal module configuration vulnerability
CVE-2021-22205ExifToolExifToolGitLab Community and Enterprise Editions From 11.9 Remote Code Execution
CVE-2018-6789​EximEximExim Buffer Overflow Vulnerability
CVE-2020-8657​EyesOfNetworkEyesOfNetworkEyesOfNetwork 5.3 Insufficient Credential Protection
CVE-2020-8655​EyesOfNetworkEyesOfNetworkEyesOfNetwork 5.3 Privilege Escalation Vulnerability
CVE-2020-5902​F5BIG IPF5 BIG IP Traffic Management User Interface RCE
CVE-2021-22986​F5BIG-IPF5 iControl REST unauthenticated RCE
CVE-2021-35464​ForgeRockAccess Management serverForgeRock Access Management Remote Code Execution
CVE-2019-5591​FortinetFortiOSFortinet FortiOS Default Configuration Vulnerability
CVE-2020-12812​FortinetFortiOSFortinet FortiOS SSL VPN 2FA Authentication Vulnerability
CVE-2018-13379​FortinetFortiOSFortinet FortiOS SSL VPN credential exposure vulnerability
CVE-2020-16010GoogleChrome for AndroidGoogle Chrome for Android Heap Overflow Vulnerability
CVE-2020-15999GoogleChromeGoogle Chrome FreeType Memory Corruption
CVE-2021-21166​GoogleChromeGoogle Chrome Heap Buffer Overflow in WebAudio Vulnerability
CVE-2020-16017GoogleChromeGoogle Chrome Site Isolation Component Use-After-Free RCE vulnerability
CVE-2021-37976GoogleChromeGoogle Chrome Information Leakage
CVE-2020-16009​GoogleChromium V8Chromium V8 Implementation Vulnerability
CVE-2021-30632GoogleChromeGoogle Chrome Out-of-bounds write
CVE-2020-16013GoogleChromium V8Chromium V8 Engine Incorrect Implementation vulnerabililty
CVE-2021-30633​GoogleChromeGoogle Chrome Use-After-Free
CVE-2021-21148​GoogleChromium V8Chromium V8 JavaScript Rendering Engine Heap Buffer Overflow Vulnerability
CVE-2021-37973​GoogleChromeGoogle Chrome Use-After-Free
CVE-2021-30551​GoogleChromium V8Chromium V8 Engine Type Confusion
CVE-2021-37975​GoogleChromeGoogle Chrome Use-After-Free
CVE-2020-6418​GoogleChromium V8Chromium V8 Engine Type Confusion Vulnerability
CVE-2021-30554​GoogleChromeGoogle Chrome WebGL Use after Free
CVE-2021-21206​GoogleChromium BlinkChromium Blink Use-After-Free Vulnerability
CVE-2021-38000GoogleChromium V8 EngineGoogle Chromium V8 Insufficient Input Validation Vulnerability
CVE-2021-38003GoogleChromium V8 EngineGoogle Chromium V8 Incorrect Implementation Vulnerability
CVE-2021-21224​GoogleChromium V8Chromium V8 JavaScript Engine Remote Code Execution
CVE-2021-21193​GoogleChromium V8Chromium V8 Engine Use-After-Free Vulnerability
CVE-2021-21220​GoogleChromium V8Chromium V8 Engine Input Validation Vulnerability
CVE-2021-30563​GoogleChromeGoogle Chrome Browser V8 Arbitrary Code Execution
CVE-2020-4430​IBMIBM Data Risk ManagerIBM Data Risk Manager Arbritary File Download
CVE-2020-4427​IBMIBM Data Risk ManagerIBM Data Risk Manager Authentication Bypass
CVE-2020-4428​IBMIBM Data Risk ManagerIBM Data Risk Manager Command Injection
CVE-2019-4716​IBMIBM Planning AnalyticsIBM Planning Analytics configuration overwrite vulnerability
CVE-2016-3715​ImageMagickImageMagickImageMagick Ephemeral Coder Arbitrary File Deletion Vulnerability
CVE-2016-3718​ImageMagickImageMagickImageMagick SSRF Vulnerability
CVE-2020-15505​IvantiMobileIron Core & ConnectorMobileIron Core, Connector, Sentry, and RDM RCE
CVE-2021-30116KaseyaKaseya VSAKaseya VSA Remote Code Execution
CVE-2020-7961​LifeRayLiferay PortalLiferay Portal prior to 7.2.1 CE GA2 RCE
CVE-2021-23874​McAfeeMcAfee Total Protection (MTP)McAfee Total Protection MTP Arbitrary Process Execution
CVE-2021-22506​Micro FocusMicro Focus Access ManagerMicro Focus Access Manager Earlier Than 5.0 Information Leakage
CVE-2021-22502​Micro FocusMicro Focus Operation Bridge Reporter (OBR)Micro Focus Operation Bridge Report (OBR) Server RCE
CVE-2014-1812​MicrosoftWindows Group PolicyMicrosoft Windows Group Policy Privilege Escalation
CVE-2021-38647​MicrosoftMicrosoft Azure Open Management Infrastructure (OMI)Microsoft Azure Open Management Infrastructure (OMI) Remote Code Execution
CVE-2016-0167​MicrosoftWindows KernelMicrosoft Windows Kernel ‘Win32k.sys’ Local Privilege Escalation Vulnerability
CVE-2020-0878​MicrosoftMicrosoft Edge, Internet ExplorerMicrosoft Browser Memory Corruption Vulnerability
CVE-2021-31955​MicrosoftWindows KernelMicrosoft Windows Kernel Information Disclosure Vulnerability
CVE-2021-1647​MicrosoftMicrosoft DefenderMicrosoft Defender RCE
CVE-2021-33739​MicrosoftMicrosoft Desktop Window Manager (DWM)Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2016-0185​MicrosoftWindows Media CenterMicrosoft Windows Media Center RCE vulnerability
CVE-2020-0683​MicrosoftWindows InstallerMicrosoft Elevation of Privilege Installer Vulnerability
CVE-2020-17087​MicrosoftWindows KernelWindows Kernel Cryptography Driver Privilege Escalation
CVE-2021-33742​MicrosoftWindows MSHTML PlatformMicrosoft Windows MSHTML Platform Remote Code Execution Vulnerability
CVE-2021-31199MicrosoftMicrosoft Enhanced Cryptographic ProviderMicrosoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerabilities
CVE-2021-33771​MicrosoftWindows KernelWindows Kernel Elevation of Privilege
CVE-2021-31956​MicrosoftWindows NTFS Microsoft Windows NTFS Elevation of Privilege Vulnerability
CVE-2021-31201MicrosoftMicrosoft Enhanced Cryptographic ProviderMicrosoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerabilities
CVE-2021-31979​MicrosoftWindows KernelWindows Kernel Elevation of Privilege Vulnerability
CVE-2020-0938MicrosoftWindows, Windows Adobe Type Manager LibraryMicrosoft Windows Type 1 Font Parsing Remote Code Execution Vulnerability
CVE-2020-17144MicrosoftMicrosoft Exchange ServerMicrosoft Exchange RCE
CVE-2020-0986​MicrosoftWindows KernelWindows Kernel Elevation of Privilege vulnerability
CVE-2020-1020MicrosoftWindows, Windows Adobe Type Manager LibraryMicrosoft Windows Type 1 Font Parsing Remote Code Execution Vulnerability
CVE-2021-38645MicrosoftMicrosoft Azure Open Management Infrastructure (OMI)Microsoft Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
CVE-2021-34523​MicrosoftMicrosoft Exchange ServerMicrosoft Exchange Server Elevation of Privilege Vulnerability
CVE-2017-7269​MicrosoftInternet Information Services (IIS)Windows Server 2003 R2 IIS WEBDAV buffer overflow RCE vulnerability (COVID-19-CTI list)
CVE-2021-36948​MicrosoftWindows Update Medic ServiceMicrosoft Windows Update Medic Service Elevation of Privilege
CVE-2021-38649MicrosoftMicrosoft Azure Open Management Infrastructure (OMI)Microsoft Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
CVE-2020-0688​MicrosoftMicrosoft Exchange ServerMicrosoft Exchange Server Key Validation Vulnerability
CVE-2017-0143​MicrosoftSMBv1 serverWindows SMBv1 Remote Code Execution Vulnerability
CVE-2016-7255​MicrosoftWindows, Windows ServerMicrosoft Windows Vista, 7, 8.1, 10 and Windows Server 2008, 2012, and 2016 Win32k Privilege Escalation Vulnerability
CVE-2019-0708​MicrosoftRemote Desktop Services“BlueKeep” Windows Remote Desktop RCE Vulnerability
CVE-2021-34473​MicrosoftMicrosoft Exchange ServerMicrosoft Exchange Server Remote Code Execution Vulnerability
CVE-2020-1464​MicrosoftWindowsWindows Spoofing Vulnerability
CVE-2021-1732​MicrosoftWindows Win32kMicrosoft Windows Win32k Privilege Escalation
CVE-2021-34527MicrosoftWindows“PrintNightmare” – Microsoft Windows Print Spooler Remote Code Execution Vulnerability
CVE-2021-31207​MicrosoftMicrosoft Exchange ServerMicrosoft Exchange Server Security Feature Bypass Vulnerability
CVE-2019-0803​MicrosoftWindows Win32kWindows win32k Escalation Kernel Vulnerability
CVE-2020-1040MicrosoftHyper-V RemoteFX vGPUHyper-V RemoteFX vGPU Remote Code Execution Vulnerability
CVE-2021-28310​MicrosoftWindows Win32kMicrosoft Windows Win32k Privilege Escalation Vulnerability
CVE-2020-1350​MicrosoftWindows Domain Name System Server“SigRed” – Windows DNS Server Remote Code Execution Vulnerability
CVE-2021-26411​MicrosoftMicrosoft Edge, Internet ExplorerMicrosoft Internet Explorer and Edge Memory Corruption Vulnerability
CVE-2019-0859​MicrosoftWindows Win32kWindows win32k Escalation Kernel Vulnerability
CVE-2021-40444​MicrosoftMicrosoft MSHTMLMicrosoft Windows, Server (spec. IE) All Arbitrary Code Execution
CVE-2017-8759MicrosoftMicrosoft .NET Framework.NET Framework Remote Code Execution vulnerability
CVE-2018-8653​MicrosoftInternet Explorer Scripting EngineMicrosoft Internet Explorer Scripting Engine JScript Memory Corruption Vulnerability
CVE-2019-0797​MicrosoftWindows Win32kWindows win32k.sys Driver Vulnerability
CVE-2021-36942​MicrosoftWindows Local Security Authority (LSA)Microsoft LSA Spoofing
CVE-2019-1215​MicrosoftWindows WinsockWindows Winsock (ws2ifsl.sys) vulnerability
CVE-2017-11882MicrosoftMicrosoft OfficeMicrosoft Office 2007 – 2016 Backdoor Exploitation Chain
CVE-2018-0798MicrosoftMicrosoft OfficeMicrosoft Office 2007 – 2016 Backdoor Exploitation Chain
CVE-2018-0802​MicrosoftMicrosoft OfficeMicrosoft Office 2007 – 2016 Backdoor Exploitation Chain
CVE-2012-0158​MicrosoftMSCOMCTL.OCXMicrosoft MSCOMCTL.OCX RCE Vulnerability
CVE-2015-1641​MicrosoftMicrosoft OfficeMicrosoft Office Memory Corruption vulnerability
CVE-2021-27085​MicrosoftInternet ExplorerInternet Explorer 11 RCE
CVE-2019-0541​MicrosoftMSHTML engine Microsoft MSHTML Engine Remote Code Execution Vulnerability
CVE-2017-11882​MicrosoftMicrosoft OfficeMicrosoft Office memory corruption vulnerability
CVE-2020-0674MicrosoftInternet Explorer Scripting EngineInternet Explorer 9-11 Scripting Engine Memory Corruption Vulnerability
CVE-2021-27059​MicrosoftMicrosoft OfficeMicrosoft Office RCE
CVE-2019-1367MicrosoftInternet Explorer Scripting EngineInternet Explorer 9-11 Scripting Engine Memory Corruption Vulnerability
CVE-2017-0199​MicrosoftWindows, Windows Server, Microsoft OfficeMicrosoft Office/WordPad Remote Code Execution Vulnerability with Windows API
CVE-2020-1380​MicrosoftInternet ExplorerScripting Engine Memory Corruption Vulnerability
CVE-2019-1429MicrosoftInternet Explorer Scripting EngineInternet Explorer 9-11 Scripting Engine Memory Corruption Vulnerability
CVE-2017-11774​MicrosoftMicrosoft OutlookMicrosoft Outlook Security Feature Bypass Vulnerability
CVE-2020-0968​MicrosoftInternet Explorer Scripting EngineInternet Explorer Scripting Engine Memory Corruption Vulnerability
CVE-2020-1472​MicrosoftNetlogon Remote Protocol (MS-NRPC)NetLogon Elevation of Privilege Vulnerability
CVE-2021-26855MicrosoftMicrosoft Exchange ServerMicrosoft OWA Exchange Control Panel (ECP) Exploit Chain
CVE-2021-26858MicrosoftMicrosoft Exchange ServerMicrosoft OWA Exchange Control Panel (ECP) Exploit Chain
CVE-2021-27065​MicrosoftMicrosoft Exchange ServerMicrosoft OWA Exchange Control Panel (ECP) Exploit Chain
CVE-2020-1054MicrosoftWindows Win32kMicrosoft Windows Win32k Privilege Escalation Vulnerability
CVE-2021-1675MicrosoftWindows Print SpoolerMicrosoft Print Spooler Remote Code Execution
CVE-2021-34448​MicrosoftScripting EngineMicrosoft Scripting Engine Memory Corruption Vulnerability
CVE-2020-0601​MicrosoftWindows CryptoAPI Windows 10 API/ECC Vulnerability
CVE-2019-0604​MicrosoftSharePointMicrosoft SharePoint Remote Code Execution Vulnerability
CVE-2020-0646​MicrosoftMicrosoft .NET FrameworkMicrosoft .NET Framework RCE
CVE-2019-0808​MicrosoftWindows Win32kWindows 7 win32k.sys Driver Vulnerability
CVE-2021-26857​MicrosoftMicrosoft Exchange ServerMicrosoft Unified Messaging Deserialization Vulnerability
CVE-2020-1147​MicrosoftMicrosoft .NET Framework, Microsoft SharePoint, Visual StudioMicrosoft .NET Framework, SharePoint Server, and Visual Studio RCE
CVE-2019-1214​MicrosoftWindows Common Log File System (CLFS) driverWindows CLFS vulnerability
CVE-2016-3235​MicrosoftMicrosoft Visio/OfficeMicrosoft Visio/Office OLE DLL Side Loading vulnerability
CVE-2021-38647MicrosoftMicrosoft Azure Open Management Infrastructure (OMI)Microsoft Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
CVE-2019-0863​MicrosoftWindows Error Reporting (WER)Windows Error Reporting Vulnerability
CVE-2021-36955​MicrosoftWindows Common Log File System Driver Microsoft Windows Common Log File System Driver Privilege Escalation
CVE-2021-38648MicrosoftMicrosoft Azure Open Management Infrastructure (OMI)Microsoft Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
CVE-2020-6819​MozillansDocShell destructorMozilla Firefox 74 and Firefox ESR 68.6 nsDocShell vulnerability
CVE-2020-6820​MozillaReadableStreamMozilla Firefox 74 and Firefox ESR 68.6 ReadableStream vulnerability
CVE-2019-17026​MozillaIonMonkey JIT compilerMozilla Firefox IonMonkey JIT compiler Type Confusion Vulnerability
CVE-2019-15949​NagiosNagios XINagios XI Remote Code Execution
CVE-2020-26919​NetgearNETGEAR JGS516PE devicesNetgear ProSAFE Plus JGS516PE RCE vulnerability
CVE-2019-19356​NetisNetis WF2419Netis WF2419 Router Tracert RCE vulnerability
CVE-2020-2555​OracleOracle Coherence Oracle Coherence Deserialization RCE
CVE-2012-3152​OracleOracle Reports DeveloperOracle Reports Developer Arbitrary File Read and Upload vulnerability
CVE-2020-14871​OracleOracle Solaris Oracle Solaris Pluggable Authentication Module vulnerability
CVE-2015-4852​OracleOracle WebLogic ServerOracle WebLogic Server RCE
CVE-2020-14750OracleOracle WebLogic ServerOracle WebLogic Server RCE
CVE-2020-14882OracleOracle WebLogic ServerOracle WebLogic Server RCE
CVE-2020-14883OracleOracle WebLogic ServerOracle WebLogic Server RCE
CVE-2020-8644​PlaySMSPlaySMSPlaySMS Remote Code Execution
CVE-2019-18935​ProgessASP.NET AJAXProgress Telerik UI for ASP.NET deserialization bug
CVE-2021-22893​PulsePulse Connect SecurePulse Connect Secure (PCS) Remote Code Execution
CVE-2020-8243​PulsePulse Connect SecurePulse Connect Secure Arbitrary Code Execution
CVE-2021-22900​PulsePulse Connect SecurePulse Connect Secure Arbitrary File Upload Vulnerability
CVE-2021-22894​PulsePulse Connect SecurePulse Connect Secure Collaboration Suite Remote Code Execution
CVE-2020-8260​PulsePulse Connect SecurePulse Connect Secure RCE
CVE-2021-22899​PulsePulse Connect SecurePulse Connect Secure Remote Code Execution
CVE-2019-11510​PulsePulse Secure Pulse Connect Secure (PCS)Pulse Secure VPN arbitrary file reading vulnerability (COVID-19-CTI list)
CVE-2019-11539Pulse SecureConnect Secure, Policy SecurePulse Secure Connect and Policy Secure Multiple Versions Code Execution
CVE-2021-1906​QualcommSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon WearablesQualcomm Improper Error Handling Vulnerability
CVE-2021-1905​QualcommSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon WearablesQualcomm Use-After-Free Vulnerability
CVE-2020-10221​rConfigrConfigrConfig RCE
CVE-2021-35395​RealtekJungle Software Development Kit (SDK)Realtek SDK Arbitrary Code Execution
CVE-2017-16651​RoundcubeRoundcube WebmailRoundcube Webmail File Disclosure Vulnerability
CVE-2020-11652​SaltStackSaltSaltStack directory traversal failure to sanitize untrusted input
CVE-2020-11651​SaltStackSaltSaltStack Salt Authentication Bypass
CVE-2020-16846​SaltStackSaltSaltStack Through 3002 Shell Injection Vulnerability
CVE-2018-2380​SAPSAP CRMSAP NetWeaver AS JAVA CRM RCE
CVE-2016-3976​SAPSAP NetWeaver AS JavaSAP NetWeaver AS Java Directory Traversal Vulnerability
CVE-2010-5326​SAPSAP NetWeaver Application Server Java platformsSAP NetWeaver AS JAVA RCE
CVE-2016-9563​SAPSAP NetWeaver AS JAVASAP NetWeaver AS JAVA XXE Vulnerability
CVE-2020-6287​SAPSAP NetWeaver AS JAVA (LM Configuration Wizard)SAP Netweaver JAVA remote unauthenticated access vulnerability
CVE-2020-6207​SAPSAP Solution Manager (User Experience Monitoring)SAP Solution Manager Missing Authentication Check Complete Compromise of SMD Agents vulnerability
​CVE-2016-3976SAPSAP NetWeaver AS JavaSAP NetWeaver AS Java 7.1 – 7.5 Directory Traversal Vulnerability
CVE-2019-16256​SIMallianceSIMalliance Toolbox ([email protected]) BrowserSIMalliance Toolbox ([email protected]) Browser Command and Control Vulnerability
CVE-2020-10148​SolarWindsSolarWinds Orion PlatformSolarWinds Orion API Authentication Bypass Vulnerability
CVE-2021-35211​SolarWindsSolarWinds nServ-USolarWinds Serv-U Remote Memory Escape Vulnerability
CVE-2016-3643​SolarWindsSolarWinds Virtualization ManagerSolarWinds Virtualization Manager Privilege Escalation Vulnerability
CVE-2020-10199​SonatypeSonatype Nexus RepositoryNexus Repository Manager 3 Remote Code Execution
CVE-2021-20021SonicWallSonicWall Email SecuritySonicWall Email Security Privilege Escalation Exploit Chain
CVE-2017-7481SonicWallSMA1000SonicWall SMA100 9.0.0.3 and Earlier SQL Injection
CVE-2021-20022SonicWallSonicWall Email SecuritySonicWall Email Security Privilege Escalation Exploit Chain
CVE-2021-20023SonicWallSonicWall Email SecuritySonicWall Email Security Privilege Escalation Exploit Chain
CVE-2021-20016​SonicWallSonicWall SSLVPN SMA100SonicWall SSL VPN SMA100 SQL Injection Vulnerability
CVE-2020-12271​SophosSophos XG Firewall devicesSophos XG Firewall SQL Injection Vulnerability
CVE-2020-10181​SumavisionSumavision Enhanced Multimedia Router (EMR)Sumavision EMR 3.0 CSRF Vulnerability
CVE-2017-6327​SymantecSymantec Messaging GatewaySymantec Messaging Gateway RCE
CVE-2019-18988​TeamViewerTeamViewer DesktopTeamViewer Desktop Bypass Remote Login
CVE-2017-9248​TelerikASP.NET AJAX and SitefinityTelerik UI for ASP.NET AJAX and Progress Sitefinity Cryptographic Weakness Vuln
CVE-2021-31755​TendaTenda AC11 devicesTenda AC11 Up to 02.03.01.104_CN Stack Buffer Overflow
CVE-2020-10987​TendaTenda AC15 AC1900Tenda Router Code Execution
CVE-2018-14558​TendaTenda AC7, AC9, and AC10 devicesTenda Router Command Injection Vulnerability
CVE-2018-20062ThinkPHPNoneCmsThinkPHP Remote Code Execution
CVE-2019-9082ThinkPHPThinkPHPThinkPHP Remote Code Execution
CVE-2019-18187​Trend MicroTrend Micro OfficeScanTrend Micro Antivirus 0day Traversal Vulnerability
CVE-2020-8467​Trend MicroTrend Micro Apex One and OfficeScan XGTrend Micro Apex One (2019) and OfficeScan XG migration tool remote code execution vulnerability
CVE-2020-8468​Trend MicroTrend Micro Apex One, OfficeScan XG and Worry-Free Business SecurityTrend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agent content validation escape vulnerability
CVE-2020-24557​Trend MicroTrend Micro Apex One and Worry-Free Business SecurityTrend Micro Apex One and OfficeScan XG Improper Access Control Privilege Escalation
CVE-2020-8599​Trend MicroTrend Micro Apex One and OfficeScan XG server Trend Micro Apex One and OfficeScan XG Vulnerability
CVE-2021-36742Trend MicroTrend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business SecurityTrend Micro Systems Multiple Products Buffer Overflow – Arbitrary File Upload
CVE-2021-36741Trend MicroTrend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business SecurityTrend Micro Systems Multiple Products Buffer Overflow – Arbitrary File Upload
CVE-2019-20085​TVTNVMS-1000TVT NVMS-1000 Directory Traversal
CVE-2020-5849​UnraidUnraidUnraid 6.8.0 Authentication Bypass
CVE-2020-5847​UnraidUnraidUnraid 6.8.0 Remote Code Execution
CVE-2019-16759vBulletinvBulletinvBulletin PHP Module RCE
CVE-2020-17496vBulletinvBulletinvBulletin PHP Module RCE
CVE-2019-5544VMWareESXi, Horizon DaaS AppliancesVMWare ESXi/Horizon DaaS Appliances Heap-Overwrite Vulnerability
CVE-2020-3992VMWareESXiOpenSLP as used in VMware ESXi
CVE-2020-3950​VMWareVMWare Fusion, VMware Remote Console for Mac, and Horizon Client for MacVMWare Privilege escalation vulnerability
CVE-2021-22005​VMWarevCenter ServerVMWare vCenter Server File Upload
CVE-2020-3952​VMWarevCenter ServerVMWare vCenter Server Info Disclosure Vulnerability
CVE-2021-21972​VMWarevCenter ServerVMWare vCenter Server RCE
CVE-2021-21985​VMWarevCenter ServerVMWare vCenter Server Remote Code Execution
CVE-2020-4006​VMWareVMWare Workspace One Access, Access Connector, Identity Manager, and Identity Manager ConnectorVMWare Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector Command Injection vulnerability
CVE-2020-25213​WordPressFile ManagerWordPress File Manager RCE
CVE-2020-11738​WordPressSnap Creek DuplicatorWordPress Snap Creek Duplicator and Duplicator Pro plugins Directory Traversal
CVE-2019-9978​WordPressSocial-WarfareWordPress Social-Warfare plugin XSS
CVE-2021-27561​YealinkDevice Management PlatformYealink Device Management Server Pre-Authorization SSRF
CVE-2021-40539​ZohoManageEngine ADSelfServicePlusZoho Corp. ManageEngine ADSelfService Plus Version 6113 and Earlier Authentication Bypass
CVE-2020-10189​ZohoManageEngine Desktop CentralZoho ManageEngine Desktop Central Remote Code Execution Vulnerability
CVE-2019-8394​ZohoManageEngine ServiceDesk Plus (SDP)Zoho ManageEngine ServiceDesk Plus Arbitrary File Upload Vulnerability
CVE-2020-29583​ZyXELUnified Security Gateway (USG)ZyXEL Unified Security Gateway Undocumented Administrator Account with Default Credentials

About the author

Arun KL

To know more about me. Follow me on LinkedIn Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.