CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2021-25296	High	93.6%	NagiosNagios XI	Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.	Jan 18, 2022	KEV
CVE-2020-14864	High	94.0%	OracleIntelligence Enterprise Edition	Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file.	Jan 18, 2022	KEV
CVE-2021-25298	High	75.5%	NagiosNagios XI	Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.	Jan 18, 2022	KEV
CVE-2021-32648	High	93.1%	October CMSOctober CMS	In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request.	Jan 18, 2022	KEV
CVE-2018-13382	High	86.1%	FortinetFortiOS and FortiProxy	An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password.	Jan 10, 2022	KEV
CVE-2021-27860	High	42.6%	FatPipeWARP, IPVPN, and MPVPN software	A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem.	Jan 10, 2022	KEV
CVE-2021-22017	High	79.5%	VMwarevCenter Server	Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization.	Jan 10, 2022	KEV
CVE-2019-1458	High	91.9%	MicrosoftWin32k	A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP.	Jan 10, 2022	KEV
CVE-2019-7609	High	94.4%	ElasticKibana	Kibana contain an arbitrary code execution flaw in the Timelion visualizer.	Jan 10, 2022	KEV
CVE-2019-9670	High 9.8	94.4%	SynacorZimbra Collaboration Suite (ZCS)	Synacor Zimbra Collaboration Suite (ZCS) contains an improper restriction of XML external entity (XXE) vulnerability in the mailboxd component.	Jan 10, 2022	KEVExploit
CVE-2018-13383	High	1.3%	FortinetFortiOS and FortiProxy	A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users.	Jan 10, 2022	KEV
CVE-2015-7450	High	93.5%	IBMWebSphere Application Server and Server Hypervisor Edition	Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands	Jan 10, 2022	KEV
CVE-2017-1000486	High	93.7%	PrimetekPrimefaces Application	Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution	Jan 10, 2022	KEV
CVE-2013-3900	High	80.2%	MicrosoftWinVerifyTrust function	A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files.	Jan 10, 2022	KEV
CVE-2019-10149	High	94.0%	EximMail Transfer Agent (MTA)	Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.	Jan 10, 2022	KEV
CVE-2021-36260(2)	High	94.4%	HikvisionSecurity cameras web server	A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation.	Jan 10, 2022	KEV
CVE-2019-1579	High	93.0%	Palo Alto NetworksPAN-OS	Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled.	Jan 10, 2022	KEV
CVE-2019-2725	High	94.5%	OracleWebLogic Server	Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).	Jan 10, 2022	KEV
CVE-2020-6572	High	19.1%	GoogleChrome Media	Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page.	Jan 10, 2022	KEV
CVE-2021-43890	High	16.4%	MicrosoftWindows	Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability.	Dec 15, 2021	KEV

CVE-2021-25296KEV

High

Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.

NagiosEPSS 93.6%

CVE-2020-14864KEV

High

Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file.

OracleEPSS 94.0%

CVE-2021-25298KEV

High

Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.

NagiosEPSS 75.5%

CVE-2021-32648KEV

High

In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request.

October CMSEPSS 93.1%

CVE-2018-13382KEV

High

An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password.

FortinetEPSS 86.1%

CVE-2021-27860KEV

High

A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem.

FatPipeEPSS 42.6%

CVE-2021-22017KEV

High

Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization.

VMwareEPSS 79.5%

CVE-2019-1458KEV

High

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP.

MicrosoftEPSS 91.9%

CVE-2019-7609KEV

High

Kibana contain an arbitrary code execution flaw in the Timelion visualizer.

ElasticEPSS 94.4%

CVE-2019-9670KEV

High

Synacor Zimbra Collaboration Suite (ZCS) contains an improper restriction of XML external entity (XXE) vulnerability in the mailboxd component.

SynacorCVSS 9.8EPSS 94.4%

Exploit

CVE-2018-13383KEV

High

A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users.

FortinetEPSS 1.3%

CVE-2015-7450KEV

High

Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands

IBMEPSS 93.5%

CVE-2017-1000486KEV

High

Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution

PrimetekEPSS 93.7%

CVE-2013-3900KEV

High

A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files.

MicrosoftEPSS 80.2%

CVE-2019-10149KEV

High

Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

EximEPSS 94.0%

CVE-2021-36260KEV

High

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation.

HikvisionEPSS 94.4%

CVE-2019-1579KEV

High

Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled.

Palo Alto NetworksEPSS 93.0%

CVE-2019-2725KEV

High

Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).

OracleEPSS 94.5%

CVE-2020-6572KEV

High

Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page.

GoogleEPSS 19.1%

CVE-2021-43890KEV

High

Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability.

MicrosoftEPSS 16.4%

61 62 63 64 65 66 67