In [ ]:
console.log("Just making sure it works.")

Just making sure it works.

Import some bits from NPM¶

In [ ]:
import { DOMParser, SVGElement } from 'npm:linkedom'
import { json } from "npm:d3-fetch"
import * as Plot from "npm:@observablehq/plot"

There is no "document" so we need a virtual one so D3/Plot can render properly¶

In [ ]:
const document = new DOMParser().parseFromString (`<!DOCTYPE html><html lang="en"></html>`, "text/html")

Import some CISA KEV CVE mangled data and take a peek¶

In [ ]:
const krLong = (
  await json(
    "https://greynoise-intelligence.github.io/labs-viz-data/kev-ransom-short-long.json"
  )
).map((d) => ({
  cveID: d.cveID,
  shortDescription: d.shortDescription,
  event: d.event,
  date: new Date(d.date)
}))
In [ ]:
krLong[0]
Out[ ]:
{
  cveID: "CVE-2009-3960",
  shortDescription: "Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows f"... 26 more characters,
  event: "Added to KEV",
  date: 2022-03-07T00:00:00.000Z
}
In [ ]:
const krShort = (
  await json(
    "https://greynoise-intelligence.github.io/labs-viz-data/kev-ransom-short.json"
  )
).map((d) => {
  d["Added to KEV"] = new Date(d["Added to KEV"]);
  d["CVE Published"] = new Date(d["CVE Published"]);
  return d;
})
In [ ]:
krShort[0]
Out[ ]:
{
  cveID: "CVE-2009-3960",
  "Added to KEV": 2022-03-07T00:00:00.000Z,
  "CVE Published": 2010-02-15T00:00:00.000Z,
  shortDescription: "Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows f"... 26 more characters
}

Set up the plot¶

In [ ]:
const plt = Plot.plot({
  document: document,
  className: "kevPlot",
  title:
    "Time From Ransomware-related CVE Publish To KEV Add Is Getting Shorter",
  subtitle: "Updated daily; Hover over dots for CVE details.",
  caption: "Source: CISA KEV",
  marginLeft: 120,
  width: "900",
  height: 900*3,
  style: {
    color: "black",
    stroke: "black",
    fontFamily: "Inconsolata, monospace",
    fontSize: 14
  },
  x: {
    grid: true
  },
  y: {
    domain: krShort.map((d) => d.cveID).reverse(),
    label: null
  },
  color: {
    legend: true
  },
  marks: [
    Plot.ruleY(krShort, {
      y: "cveID",
      x1: "CVE Published",
      x2: "Added to KEV",
      strokeWidth: 0.25,
      stroke: "black"
    }),
    Plot.dot(krLong, {
      x: "date",
      y: "cveID",
      strokeWidth: 0.125,
      fill: "event",
      title: (d) => `${d.cveID}: ${d.shortDescription}`
    })
  ]
})

Render it¶

In [ ]:
plt
Out[ ]:

Time From Ransomware-related CVE Publish To KEV Add Is Getting Shorter

Updated daily; Hover over dots for CVE details.

Added to KEVCVE Published
CVE-2023-40044CVE-2023-36884CVE-2023-34362CVE-2023-27350CVE-2023-28252CVE-2023-24880CVE-2022-24990CVE-2022-47966CVE-2022-44698CVE-2022-40765CVE-2022-41223CVE-2022-41080CVE-2022-41073CVE-2022-31199CVE-2022-21587CVE-2022-41040CVE-2022-41082CVE-2022-27593CVE-2022-36537CVE-2022-26352CVE-2022-26134CVE-2022-29499CVE-2022-29464CVE-2022-24521CVE-2022-22954CVE-2022-26501CVE-2022-26500CVE-2022-24682CVE-2021-45046CVE-2021-44228CVE-2021-20038CVE-2021-42278CVE-2021-42287CVE-2021-41379CVE-2021-42321CVE-2021-42237CVE-2021-42258CVE-2021-40449CVE-2021-42013CVE-2021-41773CVE-2021-22941CVE-2021-22005CVE-2021-38646CVE-2021-36955CVE-2021-40444CVE-2021-38647CVE-2021-40539CVE-2021-26084CVE-2021-36942CVE-2021-20028CVE-2021-26085CVE-2021-35464CVE-2021-35211CVE-2021-34473CVE-2021-34523CVE-2021-30116CVE-2021-34527CVE-2021-1675CVE-2021-21985CVE-2021-28799CVE-2021-31207CVE-2021-20023CVE-2021-20022CVE-2021-20021CVE-2021-21975CVE-2021-22986CVE-2021-26411CVE-2021-26857CVE-2021-27065CVE-2021-26858CVE-2021-26855CVE-2021-27878CVE-2021-27877CVE-2021-27876CVE-2021-1732CVE-2021-21972CVE-2021-27103CVE-2021-27101CVE-2021-27102CVE-2021-27104CVE-2021-20016CVE-2018-19943CVE-2018-19949CVE-2018-19953CVE-2020-3992CVE-2020-0878CVE-2020-3433CVE-2020-1472CVE-2020-12812CVE-2020-5902CVE-2020-2021CVE-2020-12271CVE-2020-0796CVE-2020-0787CVE-2020-3153CVE-2020-0688CVE-2020-0638CVE-2019-19781CVE-2019-7481CVE-2019-18935CVE-2019-1458CVE-2019-5544CVE-2019-7192CVE-2019-7193CVE-2019-7194CVE-2019-7195CVE-2019-1388CVE-2019-1385CVE-2019-1405CVE-2019-11043CVE-2019-1315CVE-2019-1322CVE-2019-1367CVE-2019-16057CVE-2019-1253CVE-2019-1215CVE-2019-13608CVE-2019-1579CVE-2019-1130CVE-2019-1129CVE-2019-1064CVE-2019-1069CVE-2018-13379CVE-2019-11634CVE-2019-2725CVE-2019-0841CVE-2019-0752CVE-2019-3396CVE-2019-0604CVE-2018-20250CVE-2018-15982CVE-2019-0543CVE-2018-8581CVE-2018-8453CVE-2018-8440CVE-2018-8405CVE-2018-8406CVE-2018-7602CVE-2018-11138CVE-2018-8120CVE-2018-8174CVE-2018-10562CVE-2018-1273CVE-2018-7600CVE-2018-6882CVE-2018-6530CVE-2018-2380CVE-2018-6789CVE-2018-4878CVE-2017-10271CVE-2017-12149CVE-2017-12615CVE-2017-11357CVE-2017-9822CVE-2017-7494CVE-2017-0213CVE-2017-0199CVE-2017-0148CVE-2017-0146CVE-2017-0101CVE-2017-0144CVE-2017-0145CVE-2017-0143CVE-2017-5638CVE-2016-3351CVE-2016-3309CVE-2016-0151CVE-2016-0167CVE-2016-1019CVE-2016-0099CVE-2016-0034CVE-2015-2546CVE-2015-1701CVE-2013-2465CVE-2013-0074CVE-2013-2551CVE-2013-0431CVE-2012-1723CVE-2012-0507CVE-2010-2861CVE-2010-0738CVE-2010-1428CVE-2010-0188CVE-2009-3960201220142016201820202022CVE-2009-3960: Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure.CVE-2010-0188: Unspecified vulnerability in Adobe Reader and Acrobat allows attackers to cause a denial of service or possibly execute arbitrary code.CVE-2010-1428: Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker could use this flaw to gain access to sensitive information.CVE-2010-0738: The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.CVE-2010-2861: A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files.CVE-2012-0507: An incorrect type vulnerability exists in the Concurrency component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.CVE-2012-1723: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Hotspot.CVE-2013-0431: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox.CVE-2013-2551: Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object.CVE-2013-0074: Microsoft Silverlight does not properly validate pointers during HTML object rendering, which allows remote attackers to execute code via a crafted Silverlight application.CVE-2013-2465: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to 2DCVE-2015-1701: An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privileges.CVE-2015-2546: The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application.CVE-2016-0034: Microsoft Silverlight mishandles negative offsets during decoding, which allows attackers to execute remote code or cause a denial-of-service.CVE-2016-0099: A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator.CVE-2016-1019: Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code.CVE-2016-0167: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation via a crafted applicationCVE-2016-0151: The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.CVE-2016-3309: A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.CVE-2016-3351: An information disclosure vulnerability exists in the way that certain functions in Internet Explorer and Edge handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer.CVE-2017-5638: Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution.CVE-2017-0143: Microsoft Windows Server Message Block 1.0 (SMBv1) contains an unspecified vulnerability that allows for remote code execution.CVE-2017-0145: The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.CVE-2017-0144: The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.CVE-2017-0101: A privilege escalation vulnerability exists when the Windows Transaction Manager improperly handles objects in memory.CVE-2017-0146: The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution.CVE-2017-0148: The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets.CVE-2017-0199: Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code execution.CVE-2017-0213: Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.CVE-2017-7494: Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it.CVE-2017-9822: DotNetNuke (DNN) contains a vulnerability that may allow for remote code execution via cookie deserialization.CVE-2017-11357: Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution.CVE-2017-12615: When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.CVE-2017-12149: The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data.CVE-2017-10271: Oracle Corporation WebLogic Server contains a vulnerability that allows for remote code execution.CVE-2018-4878: Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution.CVE-2018-6789: Exim contains a buffer overflow vulnerability in the base64d function part of the SMTP listener that may allow for remote code execution.CVE-2018-2380: SAP Customer Relationship Management (CRM) contains a path traversal vulnerability that allows an attacker to exploit insufficient validation of path information provided by users.CVE-2018-6530: Multiple D-Link routers contain an unspecified vulnerability that allows for execution of OS commands.CVE-2018-6882: Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that might allow remote attackers to inject arbitrary web script or HTML.CVE-2018-7600: Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.CVE-2018-1273: Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution.CVE-2018-10562: Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution.CVE-2018-8174: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution"CVE-2018-8120: A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.CVE-2018-11138: The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution.CVE-2018-7602: A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site.CVE-2018-8406: An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.CVE-2018-8405: An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.CVE-2018-8440: An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).CVE-2018-8453: Microsoft Windows Win32k contains a vulnerability that allows an attacker to escalate privileges.CVE-2018-8581: A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of the Exchange server.CVE-2019-0543: A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.CVE-2018-15982: Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free VulnerabilityCVE-2018-20250: WinRAR Absolute Path Traversal vulnerability leads to Remote Code ExecutionCVE-2019-0604: Microsoft SharePoint fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run remote code in the context of the SharePoint application pool and the SharePoint server farm account.CVE-2019-3396: Atlassian Confluence Server and Data Center contain a server-side template injection vulnerability that may allow an attacker to achieve path traversal and remote code execution.CVE-2019-0752: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet ExplorerCVE-2019-0841: A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.CVE-2019-2725: Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).CVE-2019-11634: Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives.CVE-2018-13379: Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests.CVE-2019-1069: A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations.CVE-2019-1064: A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.CVE-2019-1129: A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.CVE-2019-1130: A privilege escalation vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links.CVE-2019-1579: Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled.CVE-2019-13608: Citrix StoreFront Server contains an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information.CVE-2019-1215: Microsoft Windows contains an unspecified vulnerability due to the way ws2ifsl.sys (Winsock) handles objects in memory, allowing for privilege escalation. Successful exploitation allows an attacker to execute code with elevated privileges.�CVE-2019-1253: A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.CVE-2019-16057: The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.CVE-2019-1367: Microsoft Internet Explorer contains a memory corruption vulnerability in how the scripting engine handles objects in memory. Successful exploitation allows for remote code execution in the context of the current user.CVE-2019-1322: A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.CVE-2019-1315: A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.CVE-2019-11043: In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution.CVE-2019-1405: A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation.CVE-2019-1385: A privilege escalation vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.CVE-2019-1388: Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context.CVE-2019-7195: QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files.CVE-2019-7194: QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files.CVE-2019-7193: QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system.CVE-2019-7192: QNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system.CVE-2019-5544: VMware ESXi and Horizon Desktop as a Service (DaaS) OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to port 427 to overwrite the heap of the OpenSLP service to perform remote code execution.CVE-2019-1458: A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP.CVE-2019-18935: Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe process.CVE-2019-7481: SonicWall SMA100 contains a SQL injection vulnerability allowing an unauthenticated user to gain read-only access to unauthorized resources.CVE-2019-19781: Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution.CVE-2020-0638: Microsoft Update Notification Manager contains an unspecified vulnerability that allows for privilege escalation.CVE-2020-0688: Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution.CVE-2020-3153: Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks.CVE-2020-0787: Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this vulnerability to execute arbitrary code with system-level privileges.CVE-2020-0796: A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.CVE-2020-12271: Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords).CVE-2020-2021: Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication.CVE-2020-5902: F5 BIG-IP Traffic Management User Interface (TMUI) contains a remote code execution vulnerability in undisclosed pages.CVE-2020-12812: Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication (FortiToken) if they change the case in their username.CVE-2020-1472: Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An attacker who successfully exploits the vulnerability could run a specially crafted application on a device on the network. The vulnerability is also known under the moniker of Zerologon.CVE-2020-3433: Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at run time. An attacker with valid credentials on Windows could execute code on the affected machine with SYSTEM privileges.CVE-2020-0878: Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user.CVE-2020-3992: VMware ESXi OpenSLP contains a use-after-free vulnerability that allows an attacker residing in the management network with access to port 427 to perform remote code execution.CVE-2018-19953: A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.CVE-2018-19949: A command injection vulnerability affecting QNAP NAS File Station could allow remote attackers to run commands.CVE-2018-19943: A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.CVE-2021-20016: SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker.CVE-2021-27104: Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints.CVE-2021-27102: Accellion FTA contains an OS command injection vulnerability exploited via a local web service call.CVE-2021-27101: Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to document_root.html.CVE-2021-27103: Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html.CVE-2021-21972: VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute commands with unrestricted privileges on the underlying operating system.CVE-2021-1732: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.CVE-2021-27876: Veritas Backup Exec (BE) Agent contains a file access vulnerability that could allow an attacker to specially craft input parameters on a data management protocol command to access files on the BE Agent machine.CVE-2021-27877: Veritas Backup Exec (BE) Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme.CVE-2021-27878: Veritas Backup Exec (BE) Agent contains a command execution vulnerability that could allow an attacker to use a data management protocol command to execute a command on the BE Agent machine.CVE-2021-26855: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.CVE-2021-26858: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.CVE-2021-27065: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.CVE-2021-26857: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.CVE-2021-26411: Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption.CVE-2021-22986: F5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers with network access to execute system commands, create or delete files, and disable services.CVE-2021-21975: Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials.CVE-2021-20021: SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20022 and CVE-2021-20023 to achieve privilege escalation.CVE-2021-20022: SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20023 to achieve privilege escalation.CVE-2021-20023: SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20022 to achieve privilege escalation.CVE-2021-31207: Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass.CVE-2021-28799: QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device.CVE-2021-21985: VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution.CVE-2021-1675: Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution.CVE-2021-34527: Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation allows an attacker to perform remote code execution with SYSTEM privileges. The vulnerability is also known under the moniker of PrintNightmare.CVE-2021-30116: Kaseya Virtual System/Server Administrator (VSA) contains an information disclosure vulnerability allowing an attacker to obtain the sessionId that can be used to execute further attacks against the system.CVE-2021-34523: Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.CVE-2021-34473: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution.CVE-2021-35211: SolarWinds Serv-U contains an unspecified memory escape vulnerability which can allow for remote code execution.CVE-2021-35464: ForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame) to execute code in the context of the current user (unless ForgeRock AM is running as root user, which the vendor does not recommend).CVE-2021-26085: Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint.CVE-2021-20028: SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection.CVE-2021-36942: Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM.CVE-2021-26084: Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execute code.CVE-2021-40539: Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution.CVE-2021-38647: Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution.CVE-2021-40444: Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution.CVE-2021-36955: Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.CVE-2021-38646: Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.CVE-2021-22005: VMware vCenter Server contains a file upload vulnerability in the Analytics service that allows a user with network access to port 443 to execute code.CVE-2021-22941: Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller.CVE-2021-41773: Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default �require all denied� or if CGI scripts are enabled. The original patch issued under this CVE ID is insufficient, please review remediation information under CVE-2021-42013.CVE-2021-42013: Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default �require all denied� or if CGI scripts are enabled. This CVE ID resolves an incomplete patch for CVE-2021-41773.CVE-2021-40449: Unspecified vulnerability allows for an authenticated user to escalate privileges.CVE-2021-42258: BQE BillQuick Web Suite contains an SQL injection vulnerability when accessing the username parameter that may allow for unauthenticated, remote code execution.CVE-2021-42237: Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution.CVE-2021-42321: An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution.CVE-2021-41379: Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation.CVE-2021-42287: Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.CVE-2021-42278: Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.CVE-2021-20038: SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution.CVE-2021-44228: Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.CVE-2021-45046: Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.CVE-2022-24682: Zimbra webmail clients running versions 8.8.15 P29 & P30 contain a XSS vulnerability that would allow attackers to steal session cookie files.CVE-2022-26500: The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code.CVE-2022-26501: The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code.CVE-2022-22954: VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection.CVE-2022-24521: Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.CVE-2022-29464: Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution.CVE-2022-29499: The Service Appliance component in Mitel MiVoice Connect allows remote code execution due to incorrect data validation.CVE-2022-26134: Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code execution.CVE-2022-26352: dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution.CVE-2022-36537: ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to ConnectWise R1Soft Server Backup Manager.CVE-2022-27593: Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign.CVE-2022-41082: Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution.CVE-2022-41040: Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.CVE-2022-21587: Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.CVE-2022-31199: Netwrix Auditor User Activity Video Recording component contains an insecure objection deserialization vulnerability that allows an unauthenticated, remote attacker to execute code as the NT AUTHORITY\SYSTEM user. Successful exploitation requires that the attacker is able to reach port 9004/TCP, which is commonly blocked by standard enterprise firewalling.CVE-2022-41073: Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.CVE-2022-41080: Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote code execution.CVE-2022-41223: The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execute code within the context of the application.CVE-2022-40765: The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to execute commands within the context of the system.CVE-2022-44698: Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.CVE-2022-47966: Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of an outdated third-party dependency, Apache Santuario.CVE-2022-24990: TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint.CVE-2023-24880: Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.CVE-2023-28252: Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.CVE-2023-27350: PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system.CVE-2023-34362: Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements.CVE-2023-36884: Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file, leading to remote code execution.CVE-2023-40044: Progress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system.CVE-2009-3960: Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure.CVE-2010-0188: Unspecified vulnerability in Adobe Reader and Acrobat allows attackers to cause a denial of service or possibly execute arbitrary code.CVE-2010-1428: Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker could use this flaw to gain access to sensitive information.CVE-2010-0738: The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.CVE-2010-2861: A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files.CVE-2012-0507: An incorrect type vulnerability exists in the Concurrency component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.CVE-2012-1723: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Hotspot.CVE-2013-0431: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox.CVE-2013-2551: Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object.CVE-2013-0074: Microsoft Silverlight does not properly validate pointers during HTML object rendering, which allows remote attackers to execute code via a crafted Silverlight application.CVE-2013-2465: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to 2DCVE-2015-1701: An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privileges.CVE-2015-2546: The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application.CVE-2016-0034: Microsoft Silverlight mishandles negative offsets during decoding, which allows attackers to execute remote code or cause a denial-of-service.CVE-2016-0099: A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator.CVE-2016-1019: Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code.CVE-2016-0167: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation via a crafted applicationCVE-2016-0151: The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.CVE-2016-3309: A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.CVE-2016-3351: An information disclosure vulnerability exists in the way that certain functions in Internet Explorer and Edge handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer.CVE-2017-5638: Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution.CVE-2017-0143: Microsoft Windows Server Message Block 1.0 (SMBv1) contains an unspecified vulnerability that allows for remote code execution.CVE-2017-0145: The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.CVE-2017-0144: The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.CVE-2017-0101: A privilege escalation vulnerability exists when the Windows Transaction Manager improperly handles objects in memory.CVE-2017-0146: The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution.CVE-2017-0148: The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets.CVE-2017-0199: Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code execution.CVE-2017-0213: Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.CVE-2017-7494: Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it.CVE-2017-9822: DotNetNuke (DNN) contains a vulnerability that may allow for remote code execution via cookie deserialization.CVE-2017-11357: Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution.CVE-2017-12615: When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.CVE-2017-12149: The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data.CVE-2017-10271: Oracle Corporation WebLogic Server contains a vulnerability that allows for remote code execution.CVE-2018-4878: Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution.CVE-2018-6789: Exim contains a buffer overflow vulnerability in the base64d function part of the SMTP listener that may allow for remote code execution.CVE-2018-2380: SAP Customer Relationship Management (CRM) contains a path traversal vulnerability that allows an attacker to exploit insufficient validation of path information provided by users.CVE-2018-6530: Multiple D-Link routers contain an unspecified vulnerability that allows for execution of OS commands.CVE-2018-6882: Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that might allow remote attackers to inject arbitrary web script or HTML.CVE-2018-7600: Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.CVE-2018-1273: Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution.CVE-2018-10562: Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution.CVE-2018-8174: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution"CVE-2018-8120: A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.CVE-2018-11138: The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution.CVE-2018-7602: A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site.CVE-2018-8406: An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.CVE-2018-8405: An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.CVE-2018-8440: An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).CVE-2018-8453: Microsoft Windows Win32k contains a vulnerability that allows an attacker to escalate privileges.CVE-2018-8581: A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of the Exchange server.CVE-2019-0543: A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.CVE-2018-15982: Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free VulnerabilityCVE-2018-20250: WinRAR Absolute Path Traversal vulnerability leads to Remote Code ExecutionCVE-2019-0604: Microsoft SharePoint fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run remote code in the context of the SharePoint application pool and the SharePoint server farm account.CVE-2019-3396: Atlassian Confluence Server and Data Center contain a server-side template injection vulnerability that may allow an attacker to achieve path traversal and remote code execution.CVE-2019-0752: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet ExplorerCVE-2019-0841: A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.CVE-2019-2725: Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).CVE-2019-11634: Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives.CVE-2018-13379: Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests.CVE-2019-1069: A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations.CVE-2019-1064: A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.CVE-2019-1129: A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.CVE-2019-1130: A privilege escalation vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links.CVE-2019-1579: Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled.CVE-2019-13608: Citrix StoreFront Server contains an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information.CVE-2019-1215: Microsoft Windows contains an unspecified vulnerability due to the way ws2ifsl.sys (Winsock) handles objects in memory, allowing for privilege escalation. Successful exploitation allows an attacker to execute code with elevated privileges.�CVE-2019-1253: A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.CVE-2019-16057: The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.CVE-2019-1367: Microsoft Internet Explorer contains a memory corruption vulnerability in how the scripting engine handles objects in memory. Successful exploitation allows for remote code execution in the context of the current user.CVE-2019-1322: A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.CVE-2019-1315: A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.CVE-2019-11043: In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution.CVE-2019-1405: A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation.CVE-2019-1385: A privilege escalation vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.CVE-2019-1388: Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context.CVE-2019-7195: QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files.CVE-2019-7194: QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files.CVE-2019-7193: QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system.CVE-2019-7192: QNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system.CVE-2019-5544: VMware ESXi and Horizon Desktop as a Service (DaaS) OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to port 427 to overwrite the heap of the OpenSLP service to perform remote code execution.CVE-2019-1458: A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP.CVE-2019-18935: Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe process.CVE-2019-7481: SonicWall SMA100 contains a SQL injection vulnerability allowing an unauthenticated user to gain read-only access to unauthorized resources.CVE-2019-19781: Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution.CVE-2020-0638: Microsoft Update Notification Manager contains an unspecified vulnerability that allows for privilege escalation.CVE-2020-0688: Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution.CVE-2020-3153: Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks.CVE-2020-0787: Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this vulnerability to execute arbitrary code with system-level privileges.CVE-2020-0796: A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.CVE-2020-12271: Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords).CVE-2020-2021: Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication.CVE-2020-5902: F5 BIG-IP Traffic Management User Interface (TMUI) contains a remote code execution vulnerability in undisclosed pages.CVE-2020-12812: Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication (FortiToken) if they change the case in their username.CVE-2020-1472: Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An attacker who successfully exploits the vulnerability could run a specially crafted application on a device on the network. The vulnerability is also known under the moniker of Zerologon.CVE-2020-3433: Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at run time. An attacker with valid credentials on Windows could execute code on the affected machine with SYSTEM privileges.CVE-2020-0878: Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user.CVE-2020-3992: VMware ESXi OpenSLP contains a use-after-free vulnerability that allows an attacker residing in the management network with access to port 427 to perform remote code execution.CVE-2018-19953: A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.CVE-2018-19949: A command injection vulnerability affecting QNAP NAS File Station could allow remote attackers to run commands.CVE-2018-19943: A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.CVE-2021-20016: SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker.CVE-2021-27104: Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints.CVE-2021-27102: Accellion FTA contains an OS command injection vulnerability exploited via a local web service call.CVE-2021-27101: Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to document_root.html.CVE-2021-27103: Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html.CVE-2021-21972: VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute commands with unrestricted privileges on the underlying operating system.CVE-2021-1732: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.CVE-2021-27876: Veritas Backup Exec (BE) Agent contains a file access vulnerability that could allow an attacker to specially craft input parameters on a data management protocol command to access files on the BE Agent machine.CVE-2021-27877: Veritas Backup Exec (BE) Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme.CVE-2021-27878: Veritas Backup Exec (BE) Agent contains a command execution vulnerability that could allow an attacker to use a data management protocol command to execute a command on the BE Agent machine.CVE-2021-26855: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.CVE-2021-26858: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.CVE-2021-27065: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.CVE-2021-26857: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.CVE-2021-26411: Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption.CVE-2021-22986: F5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers with network access to execute system commands, create or delete files, and disable services.CVE-2021-21975: Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials.CVE-2021-20021: SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20022 and CVE-2021-20023 to achieve privilege escalation.CVE-2021-20022: SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20023 to achieve privilege escalation.CVE-2021-20023: SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20022 to achieve privilege escalation.CVE-2021-31207: Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass.CVE-2021-28799: QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device.CVE-2021-21985: VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution.CVE-2021-1675: Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution.CVE-2021-34527: Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation allows an attacker to perform remote code execution with SYSTEM privileges. The vulnerability is also known under the moniker of PrintNightmare.CVE-2021-30116: Kaseya Virtual System/Server Administrator (VSA) contains an information disclosure vulnerability allowing an attacker to obtain the sessionId that can be used to execute further attacks against the system.CVE-2021-34523: Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.CVE-2021-34473: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution.CVE-2021-35211: SolarWinds Serv-U contains an unspecified memory escape vulnerability which can allow for remote code execution.CVE-2021-35464: ForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame) to execute code in the context of the current user (unless ForgeRock AM is running as root user, which the vendor does not recommend).CVE-2021-26085: Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint.CVE-2021-20028: SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection.CVE-2021-36942: Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM.CVE-2021-26084: Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execute code.CVE-2021-40539: Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution.CVE-2021-38647: Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution.CVE-2021-40444: Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution.CVE-2021-36955: Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.CVE-2021-38646: Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.CVE-2021-22005: VMware vCenter Server contains a file upload vulnerability in the Analytics service that allows a user with network access to port 443 to execute code.CVE-2021-22941: Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller.CVE-2021-41773: Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default �require all denied� or if CGI scripts are enabled. The original patch issued under this CVE ID is insufficient, please review remediation information under CVE-2021-42013.CVE-2021-42013: Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default �require all denied� or if CGI scripts are enabled. This CVE ID resolves an incomplete patch for CVE-2021-41773.CVE-2021-40449: Unspecified vulnerability allows for an authenticated user to escalate privileges.CVE-2021-42258: BQE BillQuick Web Suite contains an SQL injection vulnerability when accessing the username parameter that may allow for unauthenticated, remote code execution.CVE-2021-42237: Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution.CVE-2021-42321: An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution.CVE-2021-41379: Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation.CVE-2021-42287: Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.CVE-2021-42278: Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.CVE-2021-20038: SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution.CVE-2021-44228: Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.CVE-2021-45046: Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.CVE-2022-24682: Zimbra webmail clients running versions 8.8.15 P29 & P30 contain a XSS vulnerability that would allow attackers to steal session cookie files.CVE-2022-26500: The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code.CVE-2022-26501: The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code.CVE-2022-22954: VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection.CVE-2022-24521: Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.CVE-2022-29464: Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution.CVE-2022-29499: The Service Appliance component in Mitel MiVoice Connect allows remote code execution due to incorrect data validation.CVE-2022-26134: Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code execution.CVE-2022-26352: dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution.CVE-2022-36537: ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to ConnectWise R1Soft Server Backup Manager.CVE-2022-27593: Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign.CVE-2022-41082: Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution.CVE-2022-41040: Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.CVE-2022-21587: Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.CVE-2022-31199: Netwrix Auditor User Activity Video Recording component contains an insecure objection deserialization vulnerability that allows an unauthenticated, remote attacker to execute code as the NT AUTHORITY\SYSTEM user. Successful exploitation requires that the attacker is able to reach port 9004/TCP, which is commonly blocked by standard enterprise firewalling.CVE-2022-41073: Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.CVE-2022-41080: Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote code execution.CVE-2022-41223: The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execute code within the context of the application.CVE-2022-40765: The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to execute commands within the context of the system.CVE-2022-44698: Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.CVE-2022-47966: Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of an outdated third-party dependency, Apache Santuario.CVE-2022-24990: TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint.CVE-2023-24880: Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.CVE-2023-28252: Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.CVE-2023-27350: PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system.CVE-2023-34362: Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements.CVE-2023-36884: Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file, leading to remote code execution.CVE-2023-40044: Progress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system.
Source: CISA KEV
In [ ]: