Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 1,471–1,500 of 1,619 CVEs · Page 50 of 54 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Nov 3, 2021 CVE-2020-27932 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Type Confusion Vulnerability
Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges.
15.7%
Nov 3, 2021 CVE-2020-27950 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Memory Initialization Vulnerability
Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory.
43.8%
Nov 3, 2021 CVE-2020-29557 D-Link DIR-825 R1 Devices
network
D-Link DIR-825 R1 Devices Buffer Overflow Vulnerability
D-Link DIR-825 R1 devices contain a buffer overflow vulnerability in the web interface that may allow for remote code execution.
91.0%
Nov 3, 2021 CVE-2020-29583 Zyxel Multiple Products
Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability
Zyxel firewalls (ATP, USG, VM) and AP Controllers (NXC2500 and NXC5500) contain a use of hard-coded credentials vulnerability in an undocumented account ("zyfwp") with an unchange…
94.3%
Nov 3, 2021 CVE-2020-3118 Cisco IOS XR
mobile network
Cisco IOS XR Software Discovery Protocol Format String Vulnerability
Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute …
0.2%
Nov 3, 2021 CVE-2020-3161 Cisco Cisco IP Phones
network
Cisco IP Phones Web Server Remote Code Execution and Denial-of-Service Vulnerability
Cisco IP Phones contain an improper input validation vulnerability for HTTP requests. Exploitation could allow an attacker to execute code remotely with root privileges or cause a…
87.1%
Nov 3, 2021 CVE-2020-3452 Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
network
Cisco ASA and FTD Read-Only Path Traversal Vulnerability
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an improper input validation vulnerability when HTTP requests process URLs. An attacker could e…
94.4%
Nov 3, 2021 CVE-2020-3566 Cisco IOS XR
mobile network
Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability
Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated,…
2.1%
Nov 3, 2021 CVE-2020-3569 Cisco IOS XR
mobile network
Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability
Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated,…
4.7%
Nov 3, 2021 CVE-2020-3580
Ransomware
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
network
Cisco ASA and FTD Cross-Site Scripting (XSS) Vulnerability
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an insufficient input validation vulnerability for user-supplied input by the web services inter…
93.3%
Nov 3, 2021 CVE-2020-3950 VMware Multiple Products
enterprise
VMware Multiple Products Privilege Escalation Vulnerability
VMware Fusion, Remote Console (VMRC) for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries that allows attackers …
16.1%
Nov 3, 2021 CVE-2020-3952 VMware vCenter Server
enterprise
VMware vCenter Server Information Disclosure Vulnerability
VMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service (vmdir) when the Platform Services Controller (PSC) does not correctly imple…
94.4%
Nov 3, 2021 CVE-2020-3992
Ransomware
VMware ESXi
enterprise
VMware ESXi OpenSLP Use-After-Free Vulnerability
VMware ESXi OpenSLP contains a use-after-free vulnerability that allows an attacker residing in the management network with access to port 427 to perform remote code execution.
90.3%
Nov 3, 2021 CVE-2020-4006 VMware Multiple Products
enterprise
Multiple VMware Products Command Injection Vulnerability
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the a…
13.6%
Nov 3, 2021 CVE-2020-4427 IBM Data Risk Manager
enterprise
IBM Data Risk Manager Security Bypass Vulnerability
IBM Data Risk Manager contains a security bypass vulnerability that could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By send…
92.7%
Nov 3, 2021 CVE-2020-4428 IBM Data Risk Manager
enterprise
IBM Data Risk Manager Remote Code Execution Vulnerability
IBM Data Risk Manager contains an unspecified vulnerability which could allow a remote, authenticated attacker to execute commands on the system.�
92.3%
Nov 3, 2021 CVE-2020-4430 IBM Data Risk Manager
enterprise
IBM Data Risk Manager Directory Traversal Vulnerability
IBM Data Risk Manager contains a directory traversal vulnerability that could allow a remote authenticated attacker to traverse directories and send a specially crafted URL reques…
83.8%
Nov 3, 2021 CVE-2020-5735 Amcrest Cameras and Network Video Recorder (NVR)
Amcrest Cameras and NVR Stack-based Buffer Overflow Vulnerability
Amcrest cameras and NVR contain a stack-based buffer overflow vulnerability through port 37777 that allows an unauthenticated, remote attacker to crash the device and possibly exe…
49.5%
Nov 3, 2021 CVE-2020-5847 Unraid Unraid
Unraid Remote Code Execution Vulnerability
Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable with CVE-2020-5849 for…
93.8%
Nov 3, 2021 CVE-2020-5849 Unraid Unraid
Unraid Authentication Bypass Vulnerability
Unraid contains an authentication bypass vulnerability that allows attackers to gain access to the administrative interface. This CVE is chainable with CVE-2020-5847 for remote co…
93.8%
Nov 3, 2021 CVE-2020-5902
Ransomware
F5 BIG-IP
network vpn remote
F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution Vulnerability
F5 BIG-IP Traffic Management User Interface (TMUI) contains a remote code execution vulnerability in undisclosed pages.
94.4%
Nov 3, 2021 CVE-2020-6207 SAP Solution Manager
enterprise
SAP Solution Manager Missing Authentication for Critical Function Vulnerability
SAP Solution Manager User Experience Monitoring contains a missing authentication for critical function vulnerability which results in complete compromise of all SMDAgents connect…
94.2%
Nov 3, 2021 CVE-2020-6287 SAP NetWeaver
enterprise
SAP NetWeaver Missing Authentication for Critical Function Vulnerability
SAP NetWeaver Application Server Java Platforms contains a missing authentication for critical function vulnerability allowing unauthenticated access to execute configuration task…
94.4%
Nov 3, 2021 CVE-2020-6418 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could…
86.4%
Nov 3, 2021 CVE-2020-6819 Mozilla Firefox and Thunderbird
browser smb essential
Mozilla Firefox And Thunderbird Use-After-Free Vulnerability
Mozilla Firefox and Thunderbird contain a race condition vulnerability when running the nsDocShell destructor under certain conditions. The race condition creates a use-after-free…
0.4%
Nov 3, 2021 CVE-2020-6820 Mozilla Firefox and Thunderbird
browser smb essential
Mozilla Firefox And Thunderbird Use-After-Free Vulnerability
Mozilla Firefox and Thunderbird contain a race condition vulnerability when handling a ReadableStream under certain conditions. The race condition creates a use-after-free vulnera…
3.1%
Nov 3, 2021 CVE-2020-7961 Liferay Liferay Portal
enterprise
Liferay Portal Deserialization of Untrusted Data Vulnerability
Liferay Portal contains a deserialization of untrusted data vulnerability that allows remote attackers to execute code via JSON web services.
94.4%
Nov 3, 2021 CVE-2020-8193 Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance
enterprise network vpn remote
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL en…
94.4%
Nov 3, 2021 CVE-2020-8195 Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance
enterprise network vpn remote
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.
80.3%
Nov 3, 2021 CVE-2020-8196 Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance
enterprise network vpn remote
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.
68.1%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.