CISA Known Exploited Vulnerabilities

Description:

Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution.

Description:

A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform remote code execution.

Description:

In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.

Description:

Oracle BI Publisher, formerly XML Publisher, contains an unspecified vulnerability that allows for various unauthorized actions. Open-source reporting attributes this vulnerability to allowing for authentication bypass.

Description:

Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system compromise.

Description:

An issue was discovered in Webmin. The parameter old in password_change.cgi contains a command injection vulnerability.

Description:

Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance.

Description:

Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection.

Description:

In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution.

Description:

Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code execution.

Description:

Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution.

Description:

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

Description:

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.

Description:

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.

Description:

VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution.