CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2020-10148	High	94.3%	SolarWindsOrion	SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands.	Nov 3, 2021	KEV
CVE-2021-26857	High	44.8%	MicrosoftExchange Server	Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.	Nov 3, 2021	KEV
CVE-2015-1641	High	93.6%	MicrosoftOffice	Microsoft Office contains a memory corruption vulnerability due to failure to properly handle rich text format files in memory. Successful exploitation allows for remote code execution in the context of the current user.	Nov 3, 2021	KEV
CVE-2021-30633	High	38.2%	GoogleChromium Indexed DB API	Google Chromium Indexed DB API contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Nov 3, 2021	KEV
CVE-2020-10189	High	94.2%	ZohoManageEngine	Zoho ManageEngine Desktop Central contains a file upload vulnerability that allows for unauthenticated remote code execution.	Nov 3, 2021	KEV
CVE-2021-21148	High	24.9%	GoogleChromium V8	Google Chromium V8 Engine contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Nov 3, 2021	KEV
CVE-2021-37976	High	14.6%	GoogleChromium	Google Chromium contains an information disclosure vulnerability within the core memory component that allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Nov 3, 2021	KEV
CVE-2021-30632	High	84.9%	GoogleChromium V8	Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Nov 3, 2021	KEV
CVE-2021-41773	High	94.4%	ApacheHTTP Server	Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default �require all denied� or if CGI scripts are enabled. The original patch issued under this CVE ID is insufficient, please review remediation information under CVE-2021-42013.	Nov 3, 2021	KEV
CVE-2019-0604	High	94.4%	MicrosoftSharePoint	Microsoft SharePoint fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run remote code in the context of the SharePoint application pool and the SharePoint server farm account.	Nov 3, 2021	KEV
CVE-2019-15752	High	46.9%	DockerDesktop Community Edition	Docker Desktop Community Edition contains a vulnerability that may allow local users to escalate privileges by placing a trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\.	Nov 3, 2021	KEV
CVE-2019-4716	High	91.5%	IBMPlanning Analytics	IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting.	Nov 3, 2021	KEV
CVE-2019-5591	High	48.4%	FortinetFortiOS	Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the Lightweight Directory Access Protocol (LDAP) server.	Nov 3, 2021	KEV
CVE-2020-1472	High	94.4%	MicrosoftNetlogon	Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An attacker who successfully exploits the vulnerability could run a specially crafted application on a device on the network. The vulnerability is also known under the moniker of Zerologon.	Nov 3, 2021	KEV
CVE-2019-8394	High	87.3%	ZohoManageEngine	Zoho ManageEngine ServiceDesk Plus (SDP) contains an unspecified vulnerability that allows remote users to upload files via login page customization.	Nov 3, 2021	KEV
CVE-2020-25213	High	94.4%	WordPressFile Manager Plugin	WordPress File Manager plugin contains a remote code execution vulnerability that allows unauthenticated users to execute PHP code and upload malicious files on a target site.	Nov 3, 2021	KEV
CVE-2020-8655	High	87.6%	EyesOfNetworkEyesOfNetwork	EyesOfNetwork contains an improper privilege management vulnerability that may allow a user to run commands as root via a crafted Nmap Scripting Engine (NSE) script to nmap7.	Nov 3, 2021	KEV
CVE-2021-27102	High	0.3%	AccellionFTA	Accellion FTA contains an OS command injection vulnerability exploited via a local web service call.	Nov 3, 2021	KEV
CVE-2021-30713	High	0.1%	ApplemacOS	Apple macOS Transparency, Consent, and Control (TCC) contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences.	Nov 3, 2021	KEV
CVE-2021-35395	High	93.7%	RealtekAP-Router SDK	Realtek AP-Router SDK HTTP web server boa contains a buffer overflow vulnerability due to unsafe copies of some overly long parameters submitted in the form that lead to denial-of-service (DoS).	Nov 3, 2021	KEV

CVE-2020-10148KEV

High

SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands.

SolarWindsEPSS 94.3%

CVE-2021-26857KEV

High

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

MicrosoftEPSS 44.8%

CVE-2015-1641KEV

High

Microsoft Office contains a memory corruption vulnerability due to failure to properly handle rich text format files in memory. Successful exploitation allows for remote code execution in the context of the current user.

MicrosoftEPSS 93.6%

CVE-2021-30633KEV

High

Google Chromium Indexed DB API contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 38.2%

CVE-2020-10189KEV

High

Zoho ManageEngine Desktop Central contains a file upload vulnerability that allows for unauthenticated remote code execution.

ZohoEPSS 94.2%

CVE-2021-21148KEV

High

Google Chromium V8 Engine contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 24.9%

CVE-2021-37976KEV

High

Google Chromium contains an information disclosure vulnerability within the core memory component that allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 14.6%

CVE-2021-30632KEV

High

Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 84.9%

CVE-2021-41773KEV

High

Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default �require all denied� or if CGI scripts are enabled. The original patch issued under this CVE ID is insufficient, please review remediation information under CVE-2021-42013.

ApacheEPSS 94.4%

CVE-2019-0604KEV

High

Microsoft SharePoint fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run remote code in the context of the SharePoint application pool and the SharePoint server farm account.

MicrosoftEPSS 94.4%

CVE-2019-15752KEV

High

Docker Desktop Community Edition contains a vulnerability that may allow local users to escalate privileges by placing a trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\.

DockerEPSS 46.9%

CVE-2019-4716KEV

High

IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting.

IBMEPSS 91.5%

CVE-2019-5591KEV

High

Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the Lightweight Directory Access Protocol (LDAP) server.

FortinetEPSS 48.4%

CVE-2020-1472KEV

High

Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An attacker who successfully exploits the vulnerability could run a specially crafted application on a device on the network. The vulnerability is also known under the moniker of Zerologon.

MicrosoftEPSS 94.4%

CVE-2019-8394KEV

High

Zoho ManageEngine ServiceDesk Plus (SDP) contains an unspecified vulnerability that allows remote users to upload files via login page customization.

ZohoEPSS 87.3%

CVE-2020-25213KEV

High

WordPress File Manager plugin contains a remote code execution vulnerability that allows unauthenticated users to execute PHP code and upload malicious files on a target site.

WordPressEPSS 94.4%

CVE-2020-8655KEV

High

EyesOfNetwork contains an improper privilege management vulnerability that may allow a user to run commands as root via a crafted Nmap Scripting Engine (NSE) script to nmap7.

EyesOfNetworkEPSS 87.6%

CVE-2021-27102KEV

High

Accellion FTA contains an OS command injection vulnerability exploited via a local web service call.

AccellionEPSS 0.3%

CVE-2021-30713KEV

High

Apple macOS Transparency, Consent, and Control (TCC) contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences.

AppleEPSS 0.1%

CVE-2021-35395KEV

High

Realtek AP-Router SDK HTTP web server boa contains a buffer overflow vulnerability due to unsafe copies of some overly long parameters submitted in the form that lead to denial-of-service (DoS).

RealtekEPSS 93.7%

106 107 108 109 110 111 112