Profile: CISA Known Exploited

Filtered CVEs: 352

OpenVAS CVEs: 170

Nessus CVEs: 296

NVD CVEs: 350

Only OpenVAS (9)

• CVE-2006-1547 - Apache Struts 1 ActionForm Denial of Service Vulnerability
• CVE-2019-20085 - TVT NVMS-1000 Directory Traversal
• CVE-2020-10221 - rConfig RCE
• CVE-2020-25506 - D-Link DNS-320 Command Injection RCE Vulnerability
• CVE-2020-5847 - Unraid 6.8.0 Remote Code Execution
• CVE-2020-5849 - Unraid 6.8.0 Authentication Bypass
• CVE-2020-8655 - EyesOfNetwork 5.3 Privilege Escalation Vulnerability
• CVE-2020-8657 - EyesOfNetwork 5.3 Insufficient Credential Protection
• CVE-2020-8816 - Pi-Hole AdminLTE Remote Code Execution

Only Nessus (135)

• CVE-2010-1871 - Red Hat Linux JBoss Seam 2 Remote Code Execution
• CVE-2010-5326 - SAP NetWeaver AS JAVA RCE
• CVE-2012-3152 - Oracle Reports Developer Arbitrary File Read and Upload vulnerability
• CVE-2016-3643 - SolarWinds Virtualization Manager Privilege Escalation Vulnerability
• CVE-2016-9563 - SAP NetWeaver AS JAVA XXE Vulnerability
• CVE-2017-1000486 - Primetek Primefaces Remote Code Execution
• CVE-2017-12149 - Red Hat Jboss Application Server Remote Code Execution
• CVE-2017-9248 - Telerik UI for ASP.NET AJAX and Progress Sitefinity Cryptographic Weakness Vuln
• CVE-2017-9822 - DotNetNuke before 9.1.1 Remote Code Execution
• CVE-2018-0171 - Cisco IOS and IOS XE Software Smart Install Remote Code Execution
• CVE-2018-0296 - Cisco Adaptive Security Appliance Firepower Threat Defense DoS/Directory Traversal vulnerability
• CVE-2018-13379 - Fortinet FortiOS SSL VPN credential exposure vulnerability
• CVE-2018-13382 - Fortinet FortiOS and FortiProxy Improper Authorization
• CVE-2018-13383 - Fortinet FortiOS and FortiProxy Out-of-bounds Write
• CVE-2018-15811 - DotNetNuke 9.2-9.2.2 Encryption Algorithm Vulnerability
• CVE-2018-18325 - DotNetNuke 9.2-9.2.2 Encryption Algorithm Vulnerability
• CVE-2018-20062 - ThinkPHP Remote Code Execution
• CVE-2018-2380 - SAP NetWeaver AS JAVA CRM RCE
• CVE-2019-0604 - Microsoft SharePoint Remote Code Execution Vulnerability
• CVE-2019-11510 - Pulse Secure VPN arbitrary file reading vulnerability (COVID-19-CTI list)
• CVE-2019-11539 - Pulse Secure Connect and Policy Secure Multiple Versions Code Execution
• CVE-2019-11580 - Atlassian Crowd and Crowd Data Center RCE
• CVE-2019-11634 - Citrix Workspace (for Windows) Prior to 1904 Improper Access Control
• CVE-2019-15752 - Docker Desktop Community Edition Privilege Escalation
• CVE-2019-1579 - Palo Alto Networks PAN-OS Remote Code Execution
• CVE-2019-15949 - Nagios XI Remote Code Execution
• CVE-2019-1653 - Cisco RV320 and RV325 Routers Improper Access Control Vulnerability (COVID-19-CTI list)
• CVE-2019-17558 - Apache Solr 5.0.0-8.3.1 Remote Code Execution
• CVE-2019-18187 - Trend Micro Antivirus 0day Traversal Vulnerability
• CVE-2019-18935 - Progress Telerik UI for ASP.NET deserialization bug
• CVE-2019-19781 - Citrix Application Delivery Controller and Citrix Gateway Vulnerability
• CVE-2019-2725 - Oracle WebLogic Server, Injection
• CVE-2019-3396 - Remote code execution via Widget Connector macro Vulnerability
• CVE-2019-3398 - Atlassian Confluence Path Traversal Vulnerability
• CVE-2019-5591 - Fortinet FortiOS Default Configuration Vulnerability
• CVE-2019-7238 - Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability
• CVE-2019-7481 - SonicWall SMA100 9.0.0.3 and Earlier SQL Injection
• CVE-2019-8394 - Zoho ManageEngine ServiceDesk Plus Arbitrary File Upload Vulnerability
• CVE-2019-9082 - ThinkPHP Remote Code Execution
• CVE-2019-9670 - Synacor Zimbra Collaboration Suite Improper Restriction of XML External Entity Reference
• CVE-2020-0688 - Microsoft Exchange Server Key Validation Vulnerability
• CVE-2020-10148 - SolarWinds Orion API Authentication Bypass Vulnerability
• CVE-2020-10189 - Zoho ManageEngine Desktop Central Remote Code Execution Vulnerability
• CVE-2020-10199 - Nexus Repository Manager 3 Remote Code Execution
• CVE-2020-12271 - Sophos XG Firewall SQL Injection Vulnerability
• CVE-2020-12812 - Fortinet FortiOS SSL VPN 2FA Authentication Vulnerability
• CVE-2020-14750 - Oracle WebLogic Server RCE
• CVE-2020-14871 - Oracle Solaris Pluggable Authentication Module vulnerability
• CVE-2020-14882 - Oracle WebLogic Server RCE
• CVE-2020-14883 - Oracle WebLogic Server RCE
• CVE-2020-15505 - MobileIron Core, Connector, Sentry, and RDM RCE
• CVE-2020-17144 - Microsoft Exchange RCE
• CVE-2020-24557 - Trend Micro Apex One and OfficeScan XG Improper Access Control Privilege Escalation
• CVE-2020-2555 - Oracle Coherence Deserialization RCE
• CVE-2020-29557 - D-Link DIR-825 R1 Through 3.0.1 Before 11/2020 Buffer Overflow
• CVE-2020-3118 - Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability
• CVE-2020-3161 - Cisco IP Phones Web Server DoS and RCE
• CVE-2020-3452 - Cisco Adaptive Security Appliance and Cisco Fire Power Threat Defense directory traversal sensitive file read
• CVE-2020-3566 - Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability
• CVE-2020-3569 - Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability
• CVE-2020-3580 - Cisco ASA and FTD XSS Vulnerabilities
• CVE-2020-3950 - VMWare Privilege escalation vulnerability
• CVE-2020-3952 - VMWare vCenter Server Info Disclosure Vulnerability
• CVE-2020-3992 - OpenSLP as used in VMware ESXi
• CVE-2020-4006 - VMWare Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector Command Injection vulnerability
• CVE-2020-5902 - F5 BIG IP Traffic Management User Interface RCE
• CVE-2020-6207 - SAP Solution Manager Missing Authentication Check Complete Compromise of SMD Agents vulnerability
• CVE-2020-6287 - SAP Netweaver JAVA remote unauthenticated access vulnerability
• CVE-2020-8193 - Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP Unauthenticated Authorization Bypass
• CVE-2020-8195 - Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP Unauthenticated Authorization Bypass
• CVE-2020-8196 - Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP Unauthenticated Authorization Bypass
• CVE-2020-8243 - Pulse Connect Secure Arbitrary Code Execution
• CVE-2020-8260 - Pulse Connect Secure RCE
• CVE-2020-8467 - Trend Micro Apex One (2019) and OfficeScan XG migration tool remote code execution vulnerability
• CVE-2020-8468 - Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agent content validation escape vulnerability
• CVE-2020-8515 - DrayTek Vigor Router Vulnerability
• CVE-2020-8599 - Trend Micro Apex One and OfficeScan XG Vulnerability
• CVE-2020-9818 - Apple iOS Mail OOB Vulnerability
• CVE-2020-9819 - Apple iOS Mail Heap Overflow Vulnerability
• CVE-2020-9859 - Apple 11-13.5 XNU Kernel Vulnerability
• CVE-2021-1497 - Cisco HyperFlex HX Command Injection Vulnerabilities
• CVE-2021-1498 - Cisco HyperFlex HX Command Injection Vulnerabilities
• CVE-2021-1879 - Apple iOS Webkit Browser Engine XSS
• CVE-2021-20016 - SonicWall SSL VPN SMA100 SQL Injection Vulnerability
• CVE-2021-20021 - SonicWall Email Security Privilege Escalation Exploit Chain
• CVE-2021-20022 - SonicWall Email Security Privilege Escalation Exploit Chain
• CVE-2021-20023 - SonicWall Email Security Privilege Escalation Exploit Chain
• CVE-2021-20038 - SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability
• CVE-2021-21972 - VMWare vCenter Server RCE
• CVE-2021-21975 - VMware Server Side Request Forgery in vRealize Operations Manager API
• CVE-2021-21985 - VMWare vCenter Server Remote Code Execution
• CVE-2021-22005 - VMWare vCenter Server File Upload
• CVE-2021-22017 - Vmware vCenter Server Improper Access Control
• CVE-2021-22893 - Pulse Connect Secure (PCS) Remote Code Execution
• CVE-2021-22894 - Pulse Connect Secure Collaboration Suite Remote Code Execution
• CVE-2021-22899 - Pulse Connect Secure Remote Code Execution
• CVE-2021-22900 - Pulse Connect Secure Arbitrary File Upload Vulnerability
• CVE-2021-22986 - F5 iControl REST unauthenticated RCE
• CVE-2021-22991 - F5 BIG-IP Traffic Management Microkernel Buffer Overflow
• CVE-2021-25296 - Nagios XI OS Command Injection
• CVE-2021-25297 - Nagios XI OS Command Injection
• CVE-2021-25298 - Nagios XI OS Command Injection
• CVE-2021-26084 - Atlassian Confluence Server < 6.13.23, 6.14.0 - 7.12.5 Arbitrary Code Execution
• CVE-2021-26855 - Microsoft OWA Exchange Control Panel (ECP) Exploit Chain
• CVE-2021-26857 - Microsoft Unified Messaging Deserialization Vulnerability
• CVE-2021-26858 - Microsoft OWA Exchange Control Panel (ECP) Exploit Chain
• CVE-2021-27065 - Microsoft OWA Exchange Control Panel (ECP) Exploit Chain
• CVE-2021-27101 - Accellion FTA SQL Injection Vulnerability
• CVE-2021-27102 - Accellion FTA OS Command Injection Vulnerability
• CVE-2021-27103 - Accellion FTA SSRF Vulnerability
• CVE-2021-27104 - Accellion FTA OS Command Injection Vulnerability
• CVE-2021-28550 - Adobe Acrobat and Reader Use-After-Free Vulnerability
• CVE-2021-30116 - Kaseya VSA Remote Code Execution
• CVE-2021-30657 - Apple macOS Policy Subsystem Gatekeeper Bypass
• CVE-2021-30713 - Apple macOS Input Validation Error
• CVE-2021-30807 - Apple iOS and macOS IOMobileFrameBuffer Memory Corruption Vulnerability
• CVE-2021-30869 - Apple XNU Kernel Type Confusion
• CVE-2021-31207 - Microsoft Exchange Server Security Feature Bypass Vulnerability
• CVE-2021-33766 - Microsoft Exchange Server Information Disclosure
• CVE-2021-34473 - Microsoft Exchange Server Remote Code Execution Vulnerability
• CVE-2021-34523 - Microsoft Exchange Server Elevation of Privilege Vulnerability
• CVE-2021-35211 - SolarWinds Serv-U Remote Memory Escape Vulnerability
• CVE-2021-35247 - SolarWinds Serv-U Improper Input Validation Vulnerability
• CVE-2021-35464 - ForgeRock Access Management Remote Code Execution
• CVE-2021-36741 - Trend Micro Systems Multiple Products Buffer Overflow - Arbitrary File Upload
• CVE-2021-36742 - Trend Micro Systems Multiple Products Buffer Overflow - Arbitrary File Upload
• CVE-2021-37415 - Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability
• CVE-2021-38645 - Microsoft Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
• CVE-2021-38647 - Microsoft Azure Open Management Infrastructure (OMI) Remote Code Execution
• CVE-2021-38648 - Microsoft Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
• CVE-2021-38649 - Microsoft Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
• CVE-2021-40539 - Zoho Corp. ManageEngine ADSelfService Plus Version 6113 and Earlier Authentication Bypass
• CVE-2021-42321 - Microsoft Exchange Server Remote Code Execution
• CVE-2021-44077 - Zoho ManageEngine ServiceDesk Plus Remote Code Execution
• CVE-2021-44515 - Zoho Corp. Desktop Central Authentication Bypass Vulnerability

CVEs not detected by Nessus and OpenVAS (47)

• CVE-2016-4437 - Apache Shiro 1.2.4 Cookie RememberME Deserial RCE
• CVE-2018-14558 - Tenda Router Command Injection Vulnerability
• CVE-2019-10758 - MongoDB mongo-express Remote Code Execution
• CVE-2019-13608 - Citrix StoreFront Server Multiple Versions XML External Entity (XXE)
• CVE-2019-16256 - SIMalliance Toolbox (S@T) Browser Command and Control Vulnerability
• CVE-2019-19356 - Netis WF2419 Router Tracert RCE vulnerability
• CVE-2019-4716 - IBM Planning Analytics configuration overwrite vulnerability
• CVE-2020-0041 - Android "AbstractEmu" Root Access Vulnerabilities
• CVE-2020-0069 - Android "AbstractEmu" Root Access Vulnerabilities
• CVE-2020-10181 - Sumavision EMR 3.0 CSRF Vulnerability
• CVE-2020-1040 - Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
• CVE-2020-10987 - Tenda Router Code Execution
• CVE-2020-11261 - Qualcomm Multiple Chipsets Improper Input Validation Vulnerability
• CVE-2020-11978 - Apache Airflow Command Injection
• CVE-2020-13927 - Apache Airflow's Experimental API Authentication Bypass
• CVE-2020-14864 - Oracle Corporation Business Intelligence Enterprise Edition Path Transversal
• CVE-2020-16010 - Google Chrome for Android Heap Overflow Vulnerability
• CVE-2020-17463 - Fuel CMS SQL Injection Vulnerability
• CVE-2020-26919 - Netgear ProSAFE Plus JGS516PE RCE vulnerability
• CVE-2020-29583 - ZyXEL Unified Security Gateway Undocumented Administrator Account with Default Credentials
• CVE-2020-4427 - IBM Data Risk Manager Authentication Bypass
• CVE-2020-4428 - IBM Data Risk Manager Command Injection
• CVE-2020-4430 - IBM Data Risk Manager Arbritary File Download
• CVE-2020-5722 - Grandstream Networks UCM6200 Series SQL Injection Vulnerability
• CVE-2020-5735 - Amcrest Camera and NVR Buffer Overflow Vulnerability
• CVE-2020-6572 - Google Chrome Prior to 81.0.4044.92 Use-After-Free
• CVE-2020-8644 - PlaySMS Remote Code Execution
• CVE-2021-1905 - Qualcomm Use-After-Free Vulnerability
• CVE-2021-1906 - Qualcomm Improper Error Handling Vulnerability
• CVE-2021-21315 - System Information Library for Node.JS Command Injection
• CVE-2021-22502 - Micro Focus Operation Bridge Report (OBR) Server RCE
• CVE-2021-22506 - Micro Focus Access Manager Earlier Than 5.0 Information Leakage
• CVE-2021-23874 - McAfee Total Protection MTP Arbitrary Process Execution
• CVE-2021-27561 - Yealink Device Management Server Pre-Authorization SSRF
• CVE-2021-27562 - Arm Trusted Firmware M through 1.2 Denial of Service
• CVE-2021-27860 - FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit
• CVE-2021-28663 - Arm Mali GPU Kernel Use-After-Free Vulnerability
• CVE-2021-28664 - Arm Mali GPU Kernel Boundary Error Vulnerability
• CVE-2021-31755 - Tenda AC11 Up to 02.03.01.104_CN Stack Buffer Overflow
• CVE-2021-32648 - October CMS Improper Authentication
• CVE-2021-35394 - Realtek Jungle SDK Remote Code Execution
• CVE-2021-35395 - Realtek SDK Arbitrary Code Execution
• CVE-2021-36260 - Hikvision Improper Input Validation
• CVE-2021-40870 - Aviatrix Controller Unrestricted Upload of File
• CVE-2021-42258 - BQE BillQuick Web Suite Versions Prior to 22.0.9.1 (from 2018 through 2021) Remote Code Execution
• CVE-2021-43890 - Microsoft Windows AppX Installer Spoofing Vulnerability
• CVE-2021-44168 - Fortinet FortiOS Arbitrary File Download

Nessus invalid CVEs (2)

• CVE-2021-4102 - Google Chromium V8 Engine Use-After-Free Vulnerability
• CVE-2022-22587 - Apple IOMobileFrameBuffer Memory Corruption Vulnerability

OpenVAS invalid CVEs (2)

• CVE-2021-4102 - Google Chromium V8 Engine Use-After-Free Vulnerability
• CVE-2022-22587 - Apple IOMobileFrameBuffer Memory Corruption Vulnerability