CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2020-11738	High	94.3%	WordPressSnap Creek Duplicator Plugin	WordPress Snap Creek Duplicator plugin contains a file download vulnerability when an administrator creates a new copy of their site that allows an attacker to download the generated files from their Wordpress dashboard. This vulnerability affects Duplicator and Dulplicator Pro.	Nov 3, 2021	KEV
CVE-2021-21972	High	93.8%	VMwarevCenter Server	VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute commands with unrestricted privileges on the underlying operating system.	Nov 3, 2021	KEV
CVE-2020-3952	High	94.4%	VMwarevCenter Server	VMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service (vmdir) when the Platform Services Controller (PSC) does not correctly implement access controls. Successful exploitation allows an attacker with network access to port 389 to extract sensitive information.	Nov 3, 2021	KEV
CVE-2020-3950	High	17.9%	VMwareMultiple Products	VMware Fusion, Remote Console (VMRC) for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries that allows attackers to escalate privileges to root.	Nov 3, 2021	KEV
CVE-2020-17496	High	94.2%	vBulletinvBulletin	The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. This CVE ID resolves an incomplete patch for CVE-2019-16759.	Nov 3, 2021	KEV
CVE-2020-3992	High	82.7%	VMwareESXi	VMware ESXi OpenSLP contains a use-after-free vulnerability that allows an attacker residing in the management network with access to port 427 to perform remote code execution.	Nov 3, 2021	KEV
CVE-2020-5849	High	93.8%	UnraidUnraid	Unraid contains an authentication bypass vulnerability that allows attackers to gain access to the administrative interface. This CVE is chainable with CVE-2020-5847 for remote code execution.	Nov 3, 2021	KEV
CVE-2021-36742	High	1.9%	Trend MicroApex One, Apex One as a Service, and Worry-Free Business Security	Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation.	Nov 3, 2021	KEV
CVE-2020-8468	High	18.4%	Trend MicroApex One, OfficeScan and Worry-Free Business Security Agents	Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components.	Nov 3, 2021	KEV
CVE-2019-5544	High	92.7%	VMwareVMware ESXi and Horizon DaaS	VMware ESXi and Horizon Desktop as a Service (DaaS) OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to port 427 to overwrite the heap of the OpenSLP service to perform remote code execution.	Nov 3, 2021	KEV
CVE-2020-8599	High	57.9%	Trend MicroApex One and OfficeScan	Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login.	Nov 3, 2021	KEV
CVE-2021-21985	High	94.4%	VMwarevCenter Server	VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution.	Nov 3, 2021	KEV
CVE-2020-24557	High	1.9%	Trend MicroApex One, OfficeScan, and Worry-Free Business Security	Trend Micro Apex One, OfficeScan, and Worry-Free Business Security on Microsoft Windows contain an improper access control vulnerability that may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function, and attain privilege escalation.	Nov 3, 2021	KEV
CVE-2019-9978	High	88.1%	WordPressSocial Warfare Plugin	WordPress Social Warfare plugin contains a cross-site scripting (XSS) vulnerability that allows for remote code execution. This vulnerability affects Social Warfare and Social Warfare Pro.	Nov 3, 2021	KEV
CVE-2019-20085	High	94.2%	TVTNVMS-1000	TVT devices utilizing NVMS-1000 software contain a directory traversal vulnerability via GET /.. requests.	Nov 3, 2021	KEV
CVE-2020-11651	High	94.4%	SaltStackSalt	SaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerability allows a remote user to access some methods without authentication, which can be used to retrieve user tokens from the salt master and/or run commands on salt minions. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.	Nov 3, 2021	KEV
CVE-2018-14558	High	77.3%	TendaAC7, AC9, and AC10 Routers	Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Successful exploitation allows an attacker to execute OS commands via a crafted goform/setUsbUnload request.	Nov 3, 2021	KEV
CVE-2019-18988	High	8.8%	TeamViewerDesktop	TeamViewer Desktop allows for bypass of remote-login access control because the same AES key is used for different customers' installations. If an attacker were to know this key, they could decrypt protected information stored in registry or configuration files or decryption of the Unattended Access password to the system (which allows for remote login to the system).	Nov 3, 2021	KEV
CVE-2021-20021	High	91.7%	SonicWallSonicWall Email Security	SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20022 and CVE-2021-20023 to achieve privilege escalation.	Nov 3, 2021	KEV
CVE-2018-20062	High	94.3%	ThinkPHPnoneCms	ThinkPHP "noneCms" contains an unspecified vulnerability that allows for remote code execution through crafted use of the filter parameter.	Nov 3, 2021	KEV

CVE-2020-11738KEV

High

WordPress Snap Creek Duplicator plugin contains a file download vulnerability when an administrator creates a new copy of their site that allows an attacker to download the generated files from their Wordpress dashboard. This vulnerability affects Duplicator and Dulplicator Pro.

WordPressEPSS 94.3%

CVE-2021-21972KEV

High

VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute commands with unrestricted privileges on the underlying operating system.

VMwareEPSS 93.8%

CVE-2020-3952KEV

High

VMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service (vmdir) when the Platform Services Controller (PSC) does not correctly implement access controls. Successful exploitation allows an attacker with network access to port 389 to extract sensitive information.

VMwareEPSS 94.4%

CVE-2020-3950KEV

High

VMware Fusion, Remote Console (VMRC) for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries that allows attackers to escalate privileges to root.

VMwareEPSS 17.9%

CVE-2020-17496KEV

High

The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. This CVE ID resolves an incomplete patch for CVE-2019-16759.

vBulletinEPSS 94.2%

CVE-2020-3992KEV

High

VMware ESXi OpenSLP contains a use-after-free vulnerability that allows an attacker residing in the management network with access to port 427 to perform remote code execution.

VMwareEPSS 82.7%

CVE-2020-5849KEV

High

Unraid contains an authentication bypass vulnerability that allows attackers to gain access to the administrative interface. This CVE is chainable with CVE-2020-5847 for remote code execution.

UnraidEPSS 93.8%

CVE-2021-36742KEV

High

Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation.

Trend MicroEPSS 1.9%

CVE-2020-8468KEV

High

Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components.

Trend MicroEPSS 18.4%

CVE-2019-5544KEV

High

VMware ESXi and Horizon Desktop as a Service (DaaS) OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to port 427 to overwrite the heap of the OpenSLP service to perform remote code execution.

VMwareEPSS 92.7%

CVE-2020-8599KEV

High

Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login.

Trend MicroEPSS 57.9%

CVE-2021-21985KEV

High

VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution.

VMwareEPSS 94.4%

CVE-2020-24557KEV

High

Trend Micro Apex One, OfficeScan, and Worry-Free Business Security on Microsoft Windows contain an improper access control vulnerability that may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function, and attain privilege escalation.

Trend MicroEPSS 1.9%

CVE-2019-9978KEV

High

WordPress Social Warfare plugin contains a cross-site scripting (XSS) vulnerability that allows for remote code execution. This vulnerability affects Social Warfare and Social Warfare Pro.

WordPressEPSS 88.1%

CVE-2019-20085KEV

High

TVT devices utilizing NVMS-1000 software contain a directory traversal vulnerability via GET /.. requests.

TVTEPSS 94.2%

CVE-2020-11651KEV

High

SaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerability allows a remote user to access some methods without authentication, which can be used to retrieve user tokens from the salt master and/or run commands on salt minions. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.

SaltStackEPSS 94.4%

CVE-2018-14558KEV

High

Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Successful exploitation allows an attacker to execute OS commands via a crafted goform/setUsbUnload request.

TendaEPSS 77.3%

CVE-2019-18988KEV

High

TeamViewer Desktop allows for bypass of remote-login access control because the same AES key is used for different customers' installations. If an attacker were to know this key, they could decrypt protected information stored in registry or configuration files or decryption of the Unattended Access password to the system (which allows for remote login to the system).

TeamViewerEPSS 8.8%

CVE-2021-20021KEV

High

SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20022 and CVE-2021-20023 to achieve privilege escalation.

SonicWallEPSS 91.7%

CVE-2018-20062KEV

High

ThinkPHP "noneCms" contains an unspecified vulnerability that allows for remote code execution through crafted use of the filter parameter.

ThinkPHPEPSS 94.3%

106 107 108 109 110 111 112