CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2024-8190	High	91.9%	IvantiCloud Services Appliance	Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.	Sep 13, 2024	KEV
CVE-2024-38217	High	13.2%	MicrosoftWindows	Microsoft Windows Mark of the Web (MOTW) contains a protection mechanism failure vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.	Sep 10, 2024	KEV
CVE-2024-38226	High	1.4%	MicrosoftPublisher	Microsoft Publisher contains a protection mechanism failure vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files.	Sep 10, 2024	KEV
CVE-2024-38014	High	12.8%	MicrosoftWindows	Microsoft Windows Installer contains an improper privilege management vulnerability that could allow an attacker to gain SYSTEM privileges.	Sep 10, 2024	KEV
CVE-2024-40766	High	3.4%	SonicWallSonicOS	SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.	Sep 9, 2024	KEV
CVE-2017-1000253	High	54.2%	LinuxKernel	Linux kernel contains a position-independent executable (PIE) stack buffer corruption vulnerability in load_elf_ binary() that allows a local attacker to escalate privileges.	Sep 9, 2024	KEV
CVE-2016-3714	High	93.7%	ImageMagickImageMagick	ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image.	Sep 9, 2024	KEV
CVE-2021-20124	High	94.1%	DrayTekVigorConnect	Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.	Sep 3, 2024	KEV
CVE-2024-7262	High	15.9%	KingsoftWPS Office	Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary Windows library.	Sep 3, 2024	KEV
CVE-2021-20123	High	94.0%	DrayTekVigorConnect	Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.	Sep 3, 2024	KEV
CVE-2024-7965	High	27.1%	GoogleChromium V8	Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Aug 28, 2024	KEV
CVE-2024-38856	High	94.3%	ApacheOFBiz	Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthenticated attacker.	Aug 27, 2024	KEV
CVE-2024-7971	High	1.0%	GoogleChromium V8	Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Aug 26, 2024	KEV
CVE-2024-39717	High	4.6%	VersaDirector	The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface. The “Change Favicon” (Favorite Icon) enables the upload of a .png file, which can be exploited to upload a malicious file with a .png extension disguised as an image.	Aug 23, 2024	KEV
CVE-2022-0185	High	1.6%	LinuxKernel	Linux kernel contains a heap-based buffer overflow vulnerability in the legacy_parse_param function in the Filesystem Context functionality. This allows an attacker to open a filesystem that does not support the Filesystem Context API and ultimately escalate privileges.	Aug 21, 2024	KEV
CVE-2021-33044(1)	High	94.3%	DahuaIP Camera Firmware	Dahua IP cameras and related products contain an authentication bypass vulnerability when the NetKeyboard type argument is specified by the client during authentication.	Aug 21, 2024	KEV
CVE-2021-33045	High	94.2%	DahuaIP Camera Firmware	Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication.	Aug 21, 2024	KEV
CVE-2021-31196	High	3.3%	MicrosoftExchange Server	Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution.	Aug 21, 2024	KEV
CVE-2024-23897	High	94.5%	JenkinsJenkins Command Line Interface (CLI)	Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution.	Aug 19, 2024	KEV
CVE-2024-28986(1)	High	78.4%	SolarWindsWeb Help Desk	SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code execution.	Aug 15, 2024	KEV

CVE-2024-8190KEV

High

Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.

IvantiEPSS 91.9%

CVE-2024-38217KEV

High

Microsoft Windows Mark of the Web (MOTW) contains a protection mechanism failure vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.

MicrosoftEPSS 13.2%

CVE-2024-38226KEV

High

Microsoft Publisher contains a protection mechanism failure vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files.

MicrosoftEPSS 1.4%

CVE-2024-38014KEV

High

Microsoft Windows Installer contains an improper privilege management vulnerability that could allow an attacker to gain SYSTEM privileges.

MicrosoftEPSS 12.8%

CVE-2024-40766KEV

High

SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.

SonicWallEPSS 3.4%

CVE-2017-1000253KEV

High

Linux kernel contains a position-independent executable (PIE) stack buffer corruption vulnerability in load_elf_ binary() that allows a local attacker to escalate privileges.

LinuxEPSS 54.2%

CVE-2016-3714KEV

High

ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image.

ImageMagickEPSS 93.7%

CVE-2021-20124KEV

High

Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

DrayTekEPSS 94.1%

CVE-2024-7262KEV

High

Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary Windows library.

KingsoftEPSS 15.9%

CVE-2021-20123KEV

High

Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

DrayTekEPSS 94.0%

CVE-2024-7965KEV

High

Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 27.1%

CVE-2024-38856KEV

High

Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthenticated attacker.

ApacheEPSS 94.3%

CVE-2024-7971KEV

High

Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 1.0%

CVE-2024-39717KEV

High

The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface. The “Change Favicon” (Favorite Icon) enables the upload of a .png file, which can be exploited to upload a malicious file with a .png extension disguised as an image.

VersaEPSS 4.6%

CVE-2022-0185KEV

High

Linux kernel contains a heap-based buffer overflow vulnerability in the legacy_parse_param function in the Filesystem Context functionality. This allows an attacker to open a filesystem that does not support the Filesystem Context API and ultimately escalate privileges.

LinuxEPSS 1.6%

CVE-2021-33044KEV

High

Dahua IP cameras and related products contain an authentication bypass vulnerability when the NetKeyboard type argument is specified by the client during authentication.

DahuaEPSS 94.3%

CVE-2021-33045KEV

High

Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication.

DahuaEPSS 94.2%

CVE-2021-31196KEV

High

Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution.

MicrosoftEPSS 3.3%

CVE-2024-23897KEV

High

Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution.

JenkinsEPSS 94.5%

CVE-2024-28986KEV

High

SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code execution.

SolarWindsEPSS 78.4%

19 20 21 22 23 24 25