CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2018-8406	High	50.0%	MicrosoftDirectX Graphics Kernel (DXGKRNL)	An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.	Mar 28, 2022	KEV
CVE-2016-0151	High	44.1%	MicrosoftClient-Server Run-time Subsystem (CSRSS)	The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.	Mar 28, 2022	KEV
CVE-2021-38646	High	42.7%	MicrosoftOffice	Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.	Mar 28, 2022	KEV
CVE-2017-0037	High	90.8%	MicrosoftEdge and Internet Explorer	Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution.	Mar 28, 2022	KEV
CVE-2018-8405	High	50.0%	MicrosoftDirectX Graphics Kernel (DXGKRNL)	An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.	Mar 28, 2022	KEV
CVE-2016-0040	High	78.9%	MicrosoftWindows	The kernel in Microsoft Windows allows local users to gain privileges via a crafted application.	Mar 28, 2022	KEV
CVE-2017-0213	High	92.7%	MicrosoftWindows	Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.	Mar 28, 2022	KEV
CVE-2017-0059	High	85.0%	MicrosoftInternet Explorer	Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site.	Mar 28, 2022	KEV
CVE-2018-8440	High	74.2%	MicrosoftWindows	An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).	Mar 28, 2022	KEV
CVE-2013-2729	High	89.1%	AdobeReader and Acrobat	Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code.	Mar 28, 2022	KEV
CVE-2022-1096	High	47.3%	GoogleChromium V8	Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Mar 28, 2022	KEV
CVE-2011-2005	High	67.1%	MicrosoftAncillary Function Driver (afd.sys)	afd.sys in the Ancillary Function Driver in Microsoft Windows does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application.	Mar 28, 2022	KEV
CVE-2020-9054	High	94.3%	ZyxelMultiple Network-Attached Storage (NAS) Devices	Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code.	Mar 25, 2022	KEV
CVE-2012-1823	High 9.8	94.4%	PHPPHP	sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code.	Mar 25, 2022	KEVExploit
CVE-2009-2055	High	0.4%	CiscoIOS XR	Cisco IOS XR,when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).	Mar 25, 2022	KEV
CVE-2016-11021	High	91.3%	D-LinkDCS-930L Devices	setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command.	Mar 25, 2022	KEV
CVE-2015-1427	High	92.3%	ElasticElasticsearch	The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.	Mar 25, 2022	KEV
CVE-2015-4068	High	80.9%	ArcserveUnified Data Protection (UDP)	Directory traversal vulnerability in Arcserve UDP allows remote attackers to obtain sensitive information or cause a denial of service.	Mar 25, 2022	KEV
CVE-2016-0752	High	92.7%	RailsRuby on Rails	Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files.	Mar 25, 2022	KEV
CVE-2021-42237	High	94.4%	SitecoreXP	Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution.	Mar 25, 2022	KEV

CVE-2018-8406KEV

High

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.

MicrosoftEPSS 50.0%

CVE-2016-0151KEV

High

The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.

MicrosoftEPSS 44.1%

CVE-2021-38646KEV

High

Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.

MicrosoftEPSS 42.7%

CVE-2017-0037KEV

High

Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution.

MicrosoftEPSS 90.8%

CVE-2018-8405KEV

High

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.

MicrosoftEPSS 50.0%

CVE-2016-0040KEV

High

The kernel in Microsoft Windows allows local users to gain privileges via a crafted application.

MicrosoftEPSS 78.9%

CVE-2017-0213KEV

High

Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.

MicrosoftEPSS 92.7%

CVE-2017-0059KEV

High

Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site.

MicrosoftEPSS 85.0%

CVE-2018-8440KEV

High

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).

MicrosoftEPSS 74.2%

CVE-2013-2729KEV

High

Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code.

AdobeEPSS 89.1%

CVE-2022-1096KEV

High

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 47.3%

CVE-2011-2005KEV

High

afd.sys in the Ancillary Function Driver in Microsoft Windows does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application.

MicrosoftEPSS 67.1%

CVE-2020-9054KEV

High

Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code.

ZyxelEPSS 94.3%

CVE-2012-1823KEV

High

sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code.

PHPCVSS 9.8EPSS 94.4%

Exploit

CVE-2009-2055KEV

High

Cisco IOS XR,when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).

CiscoEPSS 0.4%

CVE-2016-11021KEV

High

setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command.

D-LinkEPSS 91.3%

CVE-2015-1427KEV

High

The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.

ElasticEPSS 92.3%

CVE-2015-4068KEV

High

Directory traversal vulnerability in Arcserve UDP allows remote attackers to obtain sensitive information or cause a denial of service.

ArcserveEPSS 80.9%

CVE-2016-0752KEV

High

Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files.

RailsEPSS 92.7%

CVE-2021-42237KEV

High

Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution.

SitecoreEPSS 94.4%

46 47 48 49 50 51 52