CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2020-0674	High	93.6%	MicrosoftInternet Explorer	Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote code execution in the context of the current user.	Nov 3, 2021	KEV
CVE-2021-34523	High	94.0%	MicrosoftExchange Server	Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.	Nov 3, 2021	KEV
CVE-2021-31955	High	4.3%	MicrosoftWindows	Microsoft Windows Kernel contains an unspecified vulnerability that allows for information disclosure. Successful exploitation allows attackers to read the contents of kernel memory from a user-mode process.	Nov 3, 2021	KEV
CVE-2021-26084	High	94.4%	AtlassianConfluence Server and Data Center	Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execute code.	Nov 3, 2021	KEV
CVE-2020-0938	High	89.6%	MicrosoftWindows	Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities.	Nov 3, 2021	KEV
CVE-2018-18325	High	93.2%	DotNetNuke (DNN)DotNetNuke (DNN)	DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. This CVE ID resolves an incomplete patch for CVE-2018-15811.	Nov 3, 2021	KEV
CVE-2016-4437	High	94.2%	ApacheShiro	Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been configured for the "remember me" feature.	Nov 3, 2021	KEV
CVE-2020-5847	High	93.5%	UnraidUnraid	Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable with CVE-2020-5849 for initial access.	Nov 3, 2021	KEV
CVE-2021-30858	High	0.8%	AppleiOS, iPadOS, and macOS	Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.	Nov 3, 2021	KEV
CVE-2020-8260	High	75.9%	IvantiPulse Connect Secure	Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction.	Nov 3, 2021	KEV
CVE-2021-42013	High	94.4%	ApacheHTTP Server	Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default require all denied or if CGI scripts are enabled. This CVE ID resolves an incomplete patch for CVE-2021-41773.	Nov 3, 2021	KEV
CVE-2020-1350	High	93.8%	MicrosoftWindows	Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed.	Nov 3, 2021	KEV
CVE-2021-40539	High	94.4%	ZohoManageEngine	Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution.	Nov 3, 2021	KEV
CVE-2017-9805	High	94.3%	ApacheStruts	Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads.	Nov 3, 2021	KEV
CVE-2019-16256	High	61.2%	SIMallianceToolbox Browser	SIMalliance Toolbox Browser contains an command injection vulnerability that could allow remote attackers to retrieve location and IMEI information or execute a range of other attacks by modifying the attack message.	Nov 3, 2021	KEV
CVE-2021-30666	High	1.5%	AppleiOS	Apple iOS WebKit contains a buffer-overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.	Nov 3, 2021	KEV
CVE-2021-28664	High	0.1%	ArmMali Graphics Processing Unit (GPU)	Arm Mali Graphics Processing Unit (GPU) kernel driver contains an unspecified vulnerability that may allow a non-privileged user to gain write access to read-only memory, gain root privilege, corrupt memory, and modify the memory of other processes.	Nov 3, 2021	KEV
CVE-2021-20090	High	94.4%	ArcadyanBuffalo Firmware	Arcadyan Buffalo firmware contains a path traversal vulnerability that could allow unauthenticated, remote attackers to bypass authentication and access sensitive information. This vulnerability affects multiple routers across several different vendors.	Nov 3, 2021	KEV
CVE-2018-4878	High	93.3%	AdobeFlash Player	Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution.	Nov 3, 2021	KEV
CVE-2021-22205	High 10	94.5%	GitLabCommunity and Enterprise Editions	GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.	Nov 3, 2021	KEVExploit

CVE-2020-0674KEV

High

Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote code execution in the context of the current user.

MicrosoftEPSS 93.6%

CVE-2021-34523KEV

High

Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 94.0%

CVE-2021-31955KEV

High

Microsoft Windows Kernel contains an unspecified vulnerability that allows for information disclosure. Successful exploitation allows attackers to read the contents of kernel memory from a user-mode process.

MicrosoftEPSS 4.3%

CVE-2021-26084KEV

High

Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execute code.

AtlassianEPSS 94.4%

CVE-2020-0938KEV

High

Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities.

MicrosoftEPSS 89.6%

CVE-2018-18325KEV

High

DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. This CVE ID resolves an incomplete patch for CVE-2018-15811.

DotNetNuke (DNN)EPSS 93.2%

CVE-2016-4437KEV

High

Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been configured for the "remember me" feature.

ApacheEPSS 94.2%

CVE-2020-5847KEV

High

Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable with CVE-2020-5849 for initial access.

UnraidEPSS 93.5%

CVE-2021-30858KEV

High

Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

AppleEPSS 0.8%

CVE-2020-8260KEV

High

Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction.

IvantiEPSS 75.9%

CVE-2021-42013KEV

High

Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default require all denied or if CGI scripts are enabled. This CVE ID resolves an incomplete patch for CVE-2021-41773.

ApacheEPSS 94.4%

CVE-2020-1350KEV

High

Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed.

MicrosoftEPSS 93.8%

CVE-2021-40539KEV

High

Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution.

ZohoEPSS 94.4%

CVE-2017-9805KEV

High

Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads.

ApacheEPSS 94.3%

CVE-2019-16256KEV

High

SIMalliance Toolbox Browser contains an command injection vulnerability that could allow remote attackers to retrieve location and IMEI information or execute a range of other attacks by modifying the attack message.

SIMallianceEPSS 61.2%

CVE-2021-30666KEV

High

Apple iOS WebKit contains a buffer-overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

AppleEPSS 1.5%

CVE-2021-28664KEV

High

Arm Mali Graphics Processing Unit (GPU) kernel driver contains an unspecified vulnerability that may allow a non-privileged user to gain write access to read-only memory, gain root privilege, corrupt memory, and modify the memory of other processes.

ArmEPSS 0.1%

CVE-2021-20090KEV

High

Arcadyan Buffalo firmware contains a path traversal vulnerability that could allow unauthenticated, remote attackers to bypass authentication and access sensitive information. This vulnerability affects multiple routers across several different vendors.

ArcadyanEPSS 94.4%

CVE-2018-4878KEV

High

Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution.

AdobeEPSS 93.3%

CVE-2021-22205KEV

High

GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.

GitLabCVSS 10EPSS 94.5%

Exploit

105 106 107 108 109 110 111