CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2021-27103	High	2.9%	AccellionFTA	Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html.	Nov 3, 2021	KEV
CVE-2019-0803	High	89.8%	MicrosoftWin32k	Microsoft Win32k contains an unspecified vulnerability due to it failing to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.	Nov 3, 2021	KEV
CVE-2020-0688	High	94.4%	MicrosoftExchange Server	Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution.	Nov 3, 2021	KEV
CVE-2017-0143	High	94.0%	MicrosoftWindows	Microsoft Windows Server Message Block 1.0 (SMBv1) contains an unspecified vulnerability that allows for remote code execution.	Nov 3, 2021	KEV
CVE-2019-0708	High	94.5%	MicrosoftRemote Desktop Services	Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests. Successful exploitation allows for remote code execution. The vulnerability is also known under the moniker of BlueKeep.	Nov 3, 2021	KEV
CVE-2016-9563	High	58.4%	SAPNetWeaver	SAP NetWeaver Application Server Java Platforms contains an unspecified vulnerability in BC-BMT-BPM-DSK which allows remote, authenticated users to conduct XML External Entity (XXE) attacks.	Nov 3, 2021	KEV
CVE-2020-8467	High	30.2%	Trend MicroApex One and OfficeScan	Trend Micro Apex One and OfficeScan contain an unspecified vulnerability within a migration tool component that allows for remote code execution.	Nov 3, 2021	KEV
CVE-2017-7269	High	94.4%	MicrosoftInternet Information Services (IIS)	Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 which allows remote attackers to execute code via a long header beginning with "If: <http://" in a PROPFIND request.	Nov 3, 2021	KEV
CVE-2016-7255	High	89.3%	MicrosoftWin32k	Microsoft Win32k kernel-mode driver fails to properly handle objects in memory which allows for privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.	Nov 3, 2021	KEV
CVE-2021-30661	High	0.2%	AppleMultiple Products	Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit Storage contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.	Nov 3, 2021	KEV
CVE-2020-4006	High	12.8%	VMwareMultiple Products	VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative configurator on port 8443 and a valid password for the configurator administrator account can execute commands with unrestricted privileges on the underlying operating system.	Nov 3, 2021	KEV
CVE-2020-17144	High	92.7%	MicrosoftExchange Server	Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution.	Nov 3, 2021	KEV
CVE-2021-36741	High	0.6%	Trend MicroApex One, Apex One as a Service, and Worry-Free Business Security	Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker to upload files.	Nov 3, 2021	KEV
CVE-2019-2215	High	52.9%	AndroidAndroid Kernel	Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. This vulnerability was observed chained with CVE-2020-0041 and CVE-2020-0069 under exploit chain "AbstractEmu."	Nov 3, 2021	KEV
CVE-2020-0069	High	0.7%	MediaTekMultiple Chipsets	Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions in the Command Queue drivers ioctl handlers. This causes an out-of-bounds write leading to privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and CVE-2020-0041 under exploit chain "AbstractEmu."	Nov 3, 2021	KEV
CVE-2021-35211	High	94.3%	SolarWindsServ-U	SolarWinds Serv-U contains an unspecified memory escape vulnerability which can allow for remote code execution.	Nov 3, 2021	KEV
CVE-2021-26858	High	53.0%	MicrosoftExchange Server	Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.	Nov 3, 2021	KEV
CVE-2021-38647	High	94.4%	MicrosoftOpen Management Infrastructure (OMI)	Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution.	Nov 3, 2021	KEV
CVE-2018-11776	High	94.4%	ApacheStruts	Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defined in underlying configurations and in same time, its upper package configuration have no or wildcard namespace. Or, using URL tag which doesn't have value and action set and in same time, its upper package configuration have no or wildcard namespace.	Nov 3, 2021	KEV
CVE-2021-28550	High	32.1%	AdobeAcrobat and Reader	Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.	Nov 3, 2021	KEV

CVE-2021-27103KEV

High

Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html.

AccellionEPSS 2.9%

CVE-2019-0803KEV

High

Microsoft Win32k contains an unspecified vulnerability due to it failing to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.

MicrosoftEPSS 89.8%

CVE-2020-0688KEV

High

Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution.

MicrosoftEPSS 94.4%

CVE-2017-0143KEV

High

Microsoft Windows Server Message Block 1.0 (SMBv1) contains an unspecified vulnerability that allows for remote code execution.

MicrosoftEPSS 94.0%

CVE-2019-0708KEV

High

Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests. Successful exploitation allows for remote code execution. The vulnerability is also known under the moniker of BlueKeep.

MicrosoftEPSS 94.5%

CVE-2016-9563KEV

High

SAP NetWeaver Application Server Java Platforms contains an unspecified vulnerability in BC-BMT-BPM-DSK which allows remote, authenticated users to conduct XML External Entity (XXE) attacks.

SAPEPSS 58.4%

CVE-2020-8467KEV

High

Trend Micro Apex One and OfficeScan contain an unspecified vulnerability within a migration tool component that allows for remote code execution.

Trend MicroEPSS 30.2%

CVE-2017-7269KEV

High

Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 which allows remote attackers to execute code via a long header beginning with "If: <http://" in a PROPFIND request.

MicrosoftEPSS 94.4%

CVE-2016-7255KEV

High

Microsoft Win32k kernel-mode driver fails to properly handle objects in memory which allows for privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.

MicrosoftEPSS 89.3%

CVE-2021-30661KEV

High

Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit Storage contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

AppleEPSS 0.2%

CVE-2020-4006KEV

High

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative configurator on port 8443 and a valid password for the configurator administrator account can execute commands with unrestricted privileges on the underlying operating system.

VMwareEPSS 12.8%

CVE-2020-17144KEV

High

Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution.

MicrosoftEPSS 92.7%

CVE-2021-36741KEV

High

Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker to upload files.

Trend MicroEPSS 0.6%

CVE-2019-2215KEV

High

Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. This vulnerability was observed chained with CVE-2020-0041 and CVE-2020-0069 under exploit chain "AbstractEmu."

AndroidEPSS 52.9%

CVE-2020-0069KEV

High

Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions in the Command Queue drivers ioctl handlers. This causes an out-of-bounds write leading to privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and CVE-2020-0041 under exploit chain "AbstractEmu."

MediaTekEPSS 0.7%

CVE-2021-35211KEV

High

SolarWinds Serv-U contains an unspecified memory escape vulnerability which can allow for remote code execution.

SolarWindsEPSS 94.3%

CVE-2021-26858KEV

High

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

MicrosoftEPSS 53.0%

CVE-2021-38647KEV

High

Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution.

MicrosoftEPSS 94.4%

CVE-2018-11776KEV

High

Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defined in underlying configurations and in same time, its upper package configuration have no or wildcard namespace. Or, using URL tag which doesn't have value and action set and in same time, its upper package configuration have no or wildcard namespace.

ApacheEPSS 94.4%

CVE-2021-28550KEV

High

Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.

AdobeEPSS 32.1%

98 99 100 101 102 103 104