CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2019-7609	High	94.4%	ElasticKibana	Kibana contain an arbitrary code execution flaw in the Timelion visualizer.	Jan 10, 2022	KEV
CVE-2021-27860	High	42.6%	FatPipeWARP, IPVPN, and MPVPN software	A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem.	Jan 10, 2022	KEV
CVE-2013-3900	High	80.2%	MicrosoftWinVerifyTrust function	A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files.	Jan 10, 2022	KEV
CVE-2019-1458	High	91.9%	MicrosoftWin32k	A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP.	Jan 10, 2022	KEV
CVE-2019-9670	High 9.8	94.4%	SynacorZimbra Collaboration Suite (ZCS)	Synacor Zimbra Collaboration Suite (ZCS) contains an improper restriction of XML external entity (XXE) vulnerability in the mailboxd component.	Jan 10, 2022	KEVExploit
CVE-2019-1579	High	93.0%	Palo Alto NetworksPAN-OS	Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled.	Jan 10, 2022	KEV
CVE-2017-1000486	High	93.7%	PrimetekPrimefaces Application	Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution	Jan 10, 2022	KEV
CVE-2020-6572	High	19.1%	GoogleChrome Media	Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page.	Jan 10, 2022	KEV
CVE-2019-2725	High	94.5%	OracleWebLogic Server	Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).	Jan 10, 2022	KEV
CVE-2021-22017	High	79.5%	VMwarevCenter Server	Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization.	Jan 10, 2022	KEV
CVE-2018-13383	High	1.3%	FortinetFortiOS and FortiProxy	A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users.	Jan 10, 2022	KEV
CVE-2021-36260(2)	High	94.4%	HikvisionSecurity cameras web server	A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation.	Jan 10, 2022	KEV
CVE-2018-13382	High	86.1%	FortinetFortiOS and FortiProxy	An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password.	Jan 10, 2022	KEV
CVE-2015-7450	High	93.5%	IBMWebSphere Application Server and Server Hypervisor Edition	Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands	Jan 10, 2022	KEV
CVE-2021-4102	High	4.4%	GoogleChromium V8	Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Dec 15, 2021	KEV
CVE-2021-43890	High	16.4%	MicrosoftWindows	Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability.	Dec 15, 2021	KEV
CVE-2021-44515	High	94.3%	ZohoDesktop Central	Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.	Dec 10, 2021	KEV
CVE-2019-13272	High	81.3%	LinuxKernel	Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability that allows local users to obtain root access.	Dec 10, 2021	KEV
CVE-2017-17562	High	94.3%	EmbedthisGoAhead	Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.	Dec 10, 2021	KEV
CVE-2021-44228	High	94.4%	ApacheLog4j2	Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.	Dec 10, 2021	KEV

CVE-2019-7609KEV

High

Kibana contain an arbitrary code execution flaw in the Timelion visualizer.

ElasticEPSS 94.4%

CVE-2021-27860KEV

High

A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem.

FatPipeEPSS 42.6%

CVE-2013-3900KEV

High

A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files.

MicrosoftEPSS 80.2%

CVE-2019-1458KEV

High

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP.

MicrosoftEPSS 91.9%

CVE-2019-9670KEV

High

Synacor Zimbra Collaboration Suite (ZCS) contains an improper restriction of XML external entity (XXE) vulnerability in the mailboxd component.

SynacorCVSS 9.8EPSS 94.4%

Exploit

CVE-2019-1579KEV

High

Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled.

Palo Alto NetworksEPSS 93.0%

CVE-2017-1000486KEV

High

Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution

PrimetekEPSS 93.7%

CVE-2020-6572KEV

High

Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page.

GoogleEPSS 19.1%

CVE-2019-2725KEV

High

Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).

OracleEPSS 94.5%

CVE-2021-22017KEV

High

Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization.

VMwareEPSS 79.5%

CVE-2018-13383KEV

High

A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users.

FortinetEPSS 1.3%

CVE-2021-36260KEV

High

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation.

HikvisionEPSS 94.4%

CVE-2018-13382KEV

High

An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password.

FortinetEPSS 86.1%

CVE-2015-7450KEV

High

Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands

IBMEPSS 93.5%

CVE-2021-4102KEV

High

Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 4.4%

CVE-2021-43890KEV

High

Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability.

MicrosoftEPSS 16.4%

CVE-2021-44515KEV

High

Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.

ZohoEPSS 94.3%

CVE-2019-13272KEV

High

Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability that allows local users to obtain root access.

LinuxEPSS 81.3%

CVE-2017-17562KEV

High

Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.

EmbedthisEPSS 94.3%

CVE-2021-44228KEV

High

Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.

ApacheEPSS 94.4%

61 62 63 64 65 66 67