CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2021-21017	High	90.6%	AdobeAcrobat and Reader	Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.	Nov 3, 2021	KEV
CVE-2020-0069	High	0.7%	MediaTekMultiple Chipsets	Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions in the Command Queue drivers ioctl handlers. This causes an out-of-bounds write leading to privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and CVE-2020-0041 under exploit chain "AbstractEmu."	Nov 3, 2021	KEV
CVE-2021-27104	High	6.0%	AccellionFTA	Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints.	Nov 3, 2021	KEV
CVE-2021-36741	High	0.6%	Trend MicroApex One, Apex One as a Service, and Worry-Free Business Security	Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker to upload files.	Nov 3, 2021	KEV
CVE-2021-27103	High	2.9%	AccellionFTA	Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html.	Nov 3, 2021	KEV
CVE-2021-27101	High	0.8%	AccellionFTA	Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to document_root.html.	Nov 3, 2021	KEV
CVE-2020-17144	High	92.7%	MicrosoftExchange Server	Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution.	Nov 3, 2021	KEV
CVE-2018-4939	High	76.8%	AdobeColdFusion	Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution.	Nov 3, 2021	KEV
CVE-2020-4006	High	12.8%	VMwareMultiple Products	VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative configurator on port 8443 and a valid password for the configurator administrator account can execute commands with unrestricted privileges on the underlying operating system.	Nov 3, 2021	KEV
CVE-2020-11651	High	94.4%	SaltStackSalt	SaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerability allows a remote user to access some methods without authentication, which can be used to retrieve user tokens from the salt master and/or run commands on salt minions. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.	Nov 3, 2021	KEV
CVE-2021-41773	High	94.4%	ApacheHTTP Server	Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default �require all denied� or if CGI scripts are enabled. The original patch issued under this CVE ID is insufficient, please review remediation information under CVE-2021-42013.	Nov 3, 2021	KEV
CVE-2021-30632	High	84.9%	GoogleChromium V8	Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Nov 3, 2021	KEV
CVE-2021-37976	High	14.6%	GoogleChromium	Google Chromium contains an information disclosure vulnerability within the core memory component that allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Nov 3, 2021	KEV
CVE-2021-30666	High	1.5%	AppleiOS	Apple iOS WebKit contains a buffer-overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.	Nov 3, 2021	KEV
CVE-2020-1350	High	93.8%	MicrosoftWindows	Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed.	Nov 3, 2021	KEV
CVE-2021-27065	High	94.3%	MicrosoftExchange Server	Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.	Nov 3, 2021	KEV
CVE-2020-8260	High	75.9%	IvantiPulse Connect Secure	Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction.	Nov 3, 2021	KEV
CVE-2018-18325	High	93.2%	DotNetNuke (DNN)DotNetNuke (DNN)	DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. This CVE ID resolves an incomplete patch for CVE-2018-15811.	Nov 3, 2021	KEV
CVE-2020-0674	High	93.6%	MicrosoftInternet Explorer	Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote code execution in the context of the current user.	Nov 3, 2021	KEV
CVE-2020-16009	High	84.4%	GoogleChromium V8	Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Nov 3, 2021	KEV

CVE-2021-21017KEV

High

Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.

AdobeEPSS 90.6%

CVE-2020-0069KEV

High

Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions in the Command Queue drivers ioctl handlers. This causes an out-of-bounds write leading to privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and CVE-2020-0041 under exploit chain "AbstractEmu."

MediaTekEPSS 0.7%

CVE-2021-27104KEV

High

Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints.

AccellionEPSS 6.0%

CVE-2021-36741KEV

High

Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker to upload files.

Trend MicroEPSS 0.6%

CVE-2021-27103KEV

High

Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html.

AccellionEPSS 2.9%

CVE-2021-27101KEV

High

Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to document_root.html.

AccellionEPSS 0.8%

CVE-2020-17144KEV

High

Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution.

MicrosoftEPSS 92.7%

CVE-2018-4939KEV

High

Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution.

AdobeEPSS 76.8%

CVE-2020-4006KEV

High

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative configurator on port 8443 and a valid password for the configurator administrator account can execute commands with unrestricted privileges on the underlying operating system.

VMwareEPSS 12.8%

CVE-2020-11651KEV

High

SaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerability allows a remote user to access some methods without authentication, which can be used to retrieve user tokens from the salt master and/or run commands on salt minions. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.

SaltStackEPSS 94.4%

CVE-2021-41773KEV

High

Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default �require all denied� or if CGI scripts are enabled. The original patch issued under this CVE ID is insufficient, please review remediation information under CVE-2021-42013.

ApacheEPSS 94.4%

CVE-2021-30632KEV

High

Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 84.9%

CVE-2021-37976KEV

High

Google Chromium contains an information disclosure vulnerability within the core memory component that allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 14.6%

CVE-2021-30666KEV

High

Apple iOS WebKit contains a buffer-overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

AppleEPSS 1.5%

CVE-2020-1350KEV

High

Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed.

MicrosoftEPSS 93.8%

CVE-2021-27065KEV

High

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

MicrosoftEPSS 94.3%

CVE-2020-8260KEV

High

Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction.

IvantiEPSS 75.9%

CVE-2018-18325KEV

High

DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. This CVE ID resolves an incomplete patch for CVE-2018-15811.

DotNetNuke (DNN)EPSS 93.2%

CVE-2020-0674KEV

High

Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote code execution in the context of the current user.

MicrosoftEPSS 93.6%

CVE-2020-16009KEV

High

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 84.4%

71 72 73 74 75 76 77