CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2020-27932(1)	High	11.7%	AppleMultiple Products	Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges.	Nov 3, 2021	KEV
CVE-2021-30860	High	72.9%	AppleMultiple Products	Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerability is also known under the moniker of FORCEDENTRY.	Nov 3, 2021	KEV
CVE-2020-27950(1)	High	37.1%	AppleMultiple Products	Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory.	Nov 3, 2021	KEV
CVE-2021-30762	High	0.0%	AppleiOS	Apple iOS WebKit contains a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.	Nov 3, 2021	KEV
CVE-2017-5638	High	94.3%	ApacheStruts	Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution.	Nov 3, 2021	KEV
CVE-2020-9819	High	0.4%	AppleiOS, iPadOS, and watchOS	Apple iOS, iPadOS, and watchOS Mail contains a memory corruption vulnerability that may allow heap corruption when processing a maliciously crafted mail message.	Nov 3, 2021	KEV
CVE-2021-1870	High	1.2%	AppleiOS, iPadOS, and macOS	Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.	Nov 3, 2021	KEV
CVE-2018-15961	High	94.4%	AdobeColdFusion	Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution.	Nov 3, 2021	KEV
CVE-2020-5735	High	61.6%	AmcrestCameras and Network Video Recorder (NVR)	Amcrest cameras and NVR contain a stack-based buffer overflow vulnerability through port 37777 that allows an unauthenticated, remote attacker to crash the device and possibly execute code.	Nov 3, 2021	KEV
CVE-2021-1782	High	6.0%	AppleMultiple Products	Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condition vulnerability that may allow a malicious application to elevate privileges.	Nov 3, 2021	KEV
CVE-2021-34527	High	94.3%	MicrosoftWindows	Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation allows an attacker to perform remote code execution with SYSTEM privileges. The vulnerability is also known under the moniker of PrintNightmare.	Nov 3, 2021	KEV
CVE-2018-0171	High	93.0%	CiscoIOS and IOS XE	Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected device, cause a denial-of-service (DoS) condition, or perform code execution on the affected device.	Nov 3, 2021	KEV
CVE-2020-3118	High	0.3%	CiscoIOS XR	Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute code with administrative privileges or cause a reload on an affected device.	Nov 3, 2021	KEV
CVE-2019-3398	High	93.9%	AtlassianConfluence Server and Data Center	Atlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote attacker to write files. Exploitation can lead to remote code execution.	Nov 3, 2021	KEV
CVE-2021-30869	High	2.0%	AppleiOS, iPadOS, and macOS	Apple iOS, iPadOS, and macOS contain a type confusion vulnerability in the XNU which may allow a malicious application to execute code with kernel privileges.	Nov 3, 2021	KEV
CVE-2021-28663	High	2.4%	ArmMali Graphics Processing Unit (GPU)	Arm Mali Graphics Processing Unit (GPU) kernel driver contains a use-after-free vulnerability that may allow a non-privileged user to make improper operations on GPU memory to gain root privilege, and/or disclose information.	Nov 3, 2021	KEV
CVE-2020-9859	High	0.1%	AppleMultiple Products	Apple iOS, iPadOS, macOS, watchOS, and tvOS contain an unspecified vulnerability that may allow an application to execute code with kernel privileges.	Nov 3, 2021	KEV
CVE-2021-27562	High	47.9%	ArmTrusted Firmware	Arm Trusted Firmware contains an out-of-bounds write vulnerability allowing the non-secure (NS) world to trigger a system halt, overwrite secure data, or print out secure data when calling secure functions under the non-secure processing environment (NSPE) handler mode. This vulnerability affects Yealink Device Management servers.	Nov 3, 2021	KEV
CVE-2021-27065	High	94.3%	MicrosoftExchange Server	Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.	Nov 3, 2021	KEV
CVE-2019-0211	High	89.5%	ApacheHTTP Server	Apache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute code with the privileges of the parent process (usually root) by manipulating the scoreboard.	Nov 3, 2021	KEV

CVE-2020-27932KEV

High

Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges.

AppleEPSS 11.7%

CVE-2021-30860KEV

High

Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerability is also known under the moniker of FORCEDENTRY.

AppleEPSS 72.9%

CVE-2020-27950KEV

High

Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory.

AppleEPSS 37.1%

CVE-2021-30762KEV

High

Apple iOS WebKit contains a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

AppleEPSS 0.0%

CVE-2017-5638KEV

High

Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution.

ApacheEPSS 94.3%

CVE-2020-9819KEV

High

Apple iOS, iPadOS, and watchOS Mail contains a memory corruption vulnerability that may allow heap corruption when processing a maliciously crafted mail message.

AppleEPSS 0.4%

CVE-2021-1870KEV

High

Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

AppleEPSS 1.2%

CVE-2018-15961KEV

High

Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution.

AdobeEPSS 94.4%

CVE-2020-5735KEV

High

Amcrest cameras and NVR contain a stack-based buffer overflow vulnerability through port 37777 that allows an unauthenticated, remote attacker to crash the device and possibly execute code.

AmcrestEPSS 61.6%

CVE-2021-1782KEV

High

Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condition vulnerability that may allow a malicious application to elevate privileges.

AppleEPSS 6.0%

CVE-2021-34527KEV

High

Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation allows an attacker to perform remote code execution with SYSTEM privileges. The vulnerability is also known under the moniker of PrintNightmare.

MicrosoftEPSS 94.3%

CVE-2018-0171KEV

High

Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected device, cause a denial-of-service (DoS) condition, or perform code execution on the affected device.

CiscoEPSS 93.0%

CVE-2020-3118KEV

High

Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute code with administrative privileges or cause a reload on an affected device.

CiscoEPSS 0.3%

CVE-2019-3398KEV

High

Atlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote attacker to write files. Exploitation can lead to remote code execution.

AtlassianEPSS 93.9%

CVE-2021-30869KEV

High

Apple iOS, iPadOS, and macOS contain a type confusion vulnerability in the XNU which may allow a malicious application to execute code with kernel privileges.

AppleEPSS 2.0%

CVE-2021-28663KEV

High

Arm Mali Graphics Processing Unit (GPU) kernel driver contains a use-after-free vulnerability that may allow a non-privileged user to make improper operations on GPU memory to gain root privilege, and/or disclose information.

ArmEPSS 2.4%

CVE-2020-9859KEV

High

Apple iOS, iPadOS, macOS, watchOS, and tvOS contain an unspecified vulnerability that may allow an application to execute code with kernel privileges.

AppleEPSS 0.1%

CVE-2021-27562KEV

High

Arm Trusted Firmware contains an out-of-bounds write vulnerability allowing the non-secure (NS) world to trigger a system halt, overwrite secure data, or print out secure data when calling secure functions under the non-secure processing environment (NSPE) handler mode. This vulnerability affects Yealink Device Management servers.

ArmEPSS 47.9%

CVE-2021-27065KEV

High

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

MicrosoftEPSS 94.3%

CVE-2019-0211KEV

High

Apache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute code with the privileges of the parent process (usually root) by manipulating the scoreboard.

ApacheEPSS 89.5%

103 104 105 106 107 108 109