CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2018-14839	High	90.3%	LGN1A1 NAS	LG N1A1 NAS 3718.510 is affected by a remote code execution vulnerability.	Mar 25, 2022	KEV
CVE-2020-2021	High	21.1%	Palo Alto NetworksPAN-OS	Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication.	Mar 25, 2022	KEV
CVE-2020-25223	High	94.4%	SophosSG UTM	A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.	Mar 25, 2022	KEV
CVE-2020-2506	High	18.0%	QNAP SystemsHelpdesk	QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information.	Mar 25, 2022	KEV
CVE-2022-26318	High	92.2%	WatchGuardFirebox and XTM Appliances	On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code.	Mar 25, 2022	KEV
CVE-2022-21999	High	72.7%	MicrosoftWindows	Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.	Mar 25, 2022	KEV
CVE-2020-9377	High	76.6%	D-LinkDIR-610 Devices	D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php.	Mar 25, 2022	KEV
CVE-2020-5410	High	94.3%	VMware TanzuSpring Cloud Configuration (Config) Server	Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files.	Mar 25, 2022	KEV
CVE-2018-0147	High	4.0%	CiscoSecure Access Control System (ACS)	A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software.	Mar 25, 2022	KEV
CVE-2019-12989	High	91.1%	CitrixSD-WAN and NetScaler	Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection.	Mar 25, 2022	KEV
CVE-2018-6961	High	93.6%	VMwareSD-WAN Edge	VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution.	Mar 25, 2022	KEV
CVE-2020-7247	High	94.1%	OpenBSDOpenSMTPD	smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session.	Mar 25, 2022	KEV
CVE-2021-22941	High	87.8%	CitrixShareFile	Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller.	Mar 25, 2022	KEV
CVE-2018-1273	High	94.3%	VMware TanzuSpring Data Commons	Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution.	Mar 25, 2022	KEV
CVE-2018-8373	High	82.4%	MicrosoftInternet Explorer Scripting Engine	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.	Mar 25, 2022	KEV
CVE-2019-1003030	High	93.1%	JenkinsMatrix Project Plugin	Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution.	Mar 25, 2022	KEV
CVE-2018-11138	High	93.4%	QuestKACE System Management Appliance	The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution.	Mar 25, 2022	KEV
CVE-2019-12991	High	81.0%	CitrixSD-WAN and NetScaler	Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance.	Mar 25, 2022	KEV
CVE-2017-6334	High	89.2%	NETGEARDGN2200 Devices	dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands	Mar 25, 2022	KEV
CVE-2019-10068	High	93.9%	KenticoXperience	Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code execution.	Mar 25, 2022	KEV

CVE-2018-14839KEV

High

LG N1A1 NAS 3718.510 is affected by a remote code execution vulnerability.

LGEPSS 90.3%

CVE-2020-2021KEV

High

Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication.

Palo Alto NetworksEPSS 21.1%

CVE-2020-25223KEV

High

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.

SophosEPSS 94.4%

CVE-2020-2506KEV

High

QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information.

QNAP SystemsEPSS 18.0%

CVE-2022-26318KEV

High

On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code.

WatchGuardEPSS 92.2%

CVE-2022-21999KEV

High

Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.

MicrosoftEPSS 72.7%

CVE-2020-9377KEV

High

D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php.

D-LinkEPSS 76.6%

CVE-2020-5410KEV

High

Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files.

VMware TanzuEPSS 94.3%

CVE-2018-0147KEV

High

A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software.

CiscoEPSS 4.0%

CVE-2019-12989KEV

High

Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection.

CitrixEPSS 91.1%

CVE-2018-6961KEV

High

VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution.

VMwareEPSS 93.6%

CVE-2020-7247KEV

High

smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session.

OpenBSDEPSS 94.1%

CVE-2021-22941KEV

High

Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller.

CitrixEPSS 87.8%

CVE-2018-1273KEV

High

Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution.

VMware TanzuEPSS 94.3%

CVE-2018-8373KEV

High

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.

MicrosoftEPSS 82.4%

CVE-2019-1003030KEV

High

Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution.

JenkinsEPSS 93.1%

CVE-2018-11138KEV

High

The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution.

QuestEPSS 93.4%

CVE-2019-12991KEV

High

Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance.

CitrixEPSS 81.0%

CVE-2017-6334KEV

High

dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands

NETGEAREPSS 89.2%

CVE-2019-10068KEV

High

Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code execution.

KenticoEPSS 93.9%

49 50 51 52 53 54 55