CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2017-9248	High	87.8%	ProgressASP.NET AJAX and Sitefinity	Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys (Telerik.Web.UI.DialogParametersEncryptionKey and/or the MachineKey), perform cross-site-scripting (XSS) attacks, compromise the ASP.NET ViewState, and/or upload and download files.	Nov 3, 2021	KEV
CVE-2021-20016	High	78.0%	SonicWallSSLVPN SMA100	SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker.	Nov 3, 2021	KEV
CVE-2021-31755	High	94.3%	TendaAC11 Router	Tenda AC11 devices contain a stack buffer overflow vulnerability in /goform/setmac which allows attackers to execute code via a crafted post request.	Nov 3, 2021	KEV
CVE-2020-10181	High	20.6%	SumavisionEnhanced Multimedia Router (EMR)	Sumavision Enhanced Multimedia Router (EMR) contains a cross-site request forgery (CSRF) vulnerability allowing the creation of users with elevated privileges as administrator on a device.	Nov 3, 2021	KEV
CVE-2017-16651	High	37.8%	RoundcubeRoundcube Webmail	Roundcube Webmail contains a file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default.	Nov 3, 2021	KEV
CVE-2020-11652	High	94.3%	SaltStackSalt	SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.	Nov 3, 2021	KEV
CVE-2018-2380	High	45.5%	SAPCustomer Relationship Management (CRM)	SAP Customer Relationship Management (CRM) contains a path traversal vulnerability that allows an attacker to exploit insufficient validation of path information provided by users.	Nov 3, 2021	KEV
CVE-2020-10221	High	91.4%	rConfigrConfig	rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fileName POST parameter.	Nov 3, 2021	KEV
CVE-2020-12271	High	88.9%	SophosSFOS	Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords).	Nov 3, 2021	KEV
CVE-2020-10987	High	93.6%	TendaAC1900 Router AC15 Model	Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter.	Nov 3, 2021	KEV
CVE-2020-16846	High	94.4%	SaltStackSalt	SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affects any users running the Salt API.	Nov 3, 2021	KEV
CVE-2021-20022	High	20.0%	SonicWallSonicWall Email Security	SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20023 to achieve privilege escalation.	Nov 3, 2021	KEV
CVE-2019-11539	High	93.9%	IvantiPulse Connect Secure and Pulse Policy Secure	Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands.	Nov 3, 2021	KEV
CVE-2017-6327	High	76.8%	SymantecSymantec Messaging Gateway	Symantec Messaging Gateway contains an unspecified vulnerability which can allow for remote code execution. With the ability to perform remote code execution, an attacker may also desire to perform privilege escalating actions.	Nov 3, 2021	KEV
CVE-2020-29583	High	94.4%	ZyxelMultiple Products	Zyxel firewalls (ATP, USG, VM) and AP Controllers (NXC2500 and NXC5500) contain a use of hard-coded credentials vulnerability in an undocumented account ("zyfwp") with an unchangeable password.	Nov 3, 2021	KEV
CVE-2021-20023	High	48.6%	SonicWallSonicWall Email Security	SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20022 to achieve privilege escalation.	Nov 3, 2021	KEV
CVE-2020-6287	High	94.4%	SAPNetWeaver	SAP NetWeaver Application Server Java Platforms contains a missing authentication for critical function vulnerability allowing unauthenticated access to execute configuration tasks and create administrative users.	Nov 3, 2021	KEV
CVE-2019-7481	High	94.4%	SonicWallSMA100	SonicWall SMA100 contains a SQL injection vulnerability allowing an unauthenticated user to gain read-only access to unauthorized resources.	Nov 3, 2021	KEV
CVE-2021-1906	High	0.1%	QualcommMultiple Chipsets	Multiple Qualcomm chipsets contain a detection of error condition without action vulnerability when improper handling of address deregistration on failure can lead to new GPU address allocation failure.	Nov 3, 2021	KEV
CVE-2020-10199	High	94.4%	SonatypeNexus Repository	Sonatype Nexus Repository contains an unspecified vulnerability that allows for remote code execution.	Nov 3, 2021	KEV

CVE-2017-9248KEV

High

Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys (Telerik.Web.UI.DialogParametersEncryptionKey and/or the MachineKey), perform cross-site-scripting (XSS) attacks, compromise the ASP.NET ViewState, and/or upload and download files.

ProgressEPSS 87.8%

CVE-2021-20016KEV

High

SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker.

SonicWallEPSS 78.0%

CVE-2021-31755KEV

High

Tenda AC11 devices contain a stack buffer overflow vulnerability in /goform/setmac which allows attackers to execute code via a crafted post request.

TendaEPSS 94.3%

CVE-2020-10181KEV

High

Sumavision Enhanced Multimedia Router (EMR) contains a cross-site request forgery (CSRF) vulnerability allowing the creation of users with elevated privileges as administrator on a device.

SumavisionEPSS 20.6%

CVE-2017-16651KEV

High

Roundcube Webmail contains a file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default.

RoundcubeEPSS 37.8%

CVE-2020-11652KEV

High

SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.

SaltStackEPSS 94.3%

CVE-2018-2380KEV

High

SAP Customer Relationship Management (CRM) contains a path traversal vulnerability that allows an attacker to exploit insufficient validation of path information provided by users.

SAPEPSS 45.5%

CVE-2020-10221KEV

High

rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fileName POST parameter.

rConfigEPSS 91.4%

CVE-2020-12271KEV

High

Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords).

SophosEPSS 88.9%

CVE-2020-10987KEV

High

Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter.

TendaEPSS 93.6%

CVE-2020-16846KEV

High

SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affects any users running the Salt API.

SaltStackEPSS 94.4%

CVE-2021-20022KEV

High

SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20023 to achieve privilege escalation.

SonicWallEPSS 20.0%

CVE-2019-11539KEV

High

Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands.

IvantiEPSS 93.9%

CVE-2017-6327KEV

High

Symantec Messaging Gateway contains an unspecified vulnerability which can allow for remote code execution. With the ability to perform remote code execution, an attacker may also desire to perform privilege escalating actions.

SymantecEPSS 76.8%

CVE-2020-29583KEV

High

Zyxel firewalls (ATP, USG, VM) and AP Controllers (NXC2500 and NXC5500) contain a use of hard-coded credentials vulnerability in an undocumented account ("zyfwp") with an unchangeable password.

ZyxelEPSS 94.4%

CVE-2021-20023KEV

High

SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20022 to achieve privilege escalation.

SonicWallEPSS 48.6%

CVE-2020-6287KEV

High

SAP NetWeaver Application Server Java Platforms contains a missing authentication for critical function vulnerability allowing unauthenticated access to execute configuration tasks and create administrative users.

SAPEPSS 94.4%

CVE-2019-7481KEV

High

SonicWall SMA100 contains a SQL injection vulnerability allowing an unauthenticated user to gain read-only access to unauthorized resources.

SonicWallEPSS 94.4%

CVE-2021-1906KEV

High

Multiple Qualcomm chipsets contain a detection of error condition without action vulnerability when improper handling of address deregistration on failure can lead to new GPU address allocation failure.

QualcommEPSS 0.1%

CVE-2020-10199KEV

High

Sonatype Nexus Repository contains an unspecified vulnerability that allows for remote code execution.

SonatypeEPSS 94.4%

106 107 108 109 110 111 112