CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2021-27561	High	94.1%	YealinkDevice Management	Yealink Device Management contains a server-side request forgery (SSRF) vulnerability that allows for unauthenticated remote code execution.	Nov 3, 2021	KEV
CVE-2019-18935	High	93.7%	ProgressTelerik UI for ASP.NET AJAX	Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe process.	Nov 3, 2021	KEV
CVE-2020-14883	High	94.4%	OracleWebLogic Server	Oracle WebLogic Server contains an unspecified vulnerability in the Console component with high impacts to confidentilaity, integrity, and availability.	Nov 3, 2021	KEV
CVE-2020-8644	High	94.0%	PlaySMSPlaySMS	PlaySMS contains a server-side template injection vulnerability that allows for remote code execution.	Nov 3, 2021	KEV
CVE-2020-8243	High	20.5%	IvantiPulse Connect Secure	Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution.	Nov 3, 2021	KEV
CVE-2021-22900	High	0.8%	IvantiPulse Connect Secure	Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.	Nov 3, 2021	KEV
CVE-2020-14871	High	88.9%	OracleSolaris and Zettabyte File System (ZFS)	Oracle Solaris and Oracle ZFS Storage Appliance Kit contain an unspecified vulnerability causing high impacts to confidentiality, integrity, and availability of affected systems.	Nov 3, 2021	KEV
CVE-2021-22899	High	16.6%	IvantiPulse Connect Secure	Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles.	Nov 3, 2021	KEV
CVE-2020-14750	High	94.4%	OracleWebLogic Server	Oracle WebLogic Server contains an unspecified vulnerability allowing an unauthenticated attacker to perform remote code execution. This vulnerability is related to CVE-2020-14882.	Nov 3, 2021	KEV
CVE-2012-3152	High	93.5%	OracleFusion Middleware	Oracle Fusion Middleware Reports Developer contains an unspecified vulnerability that allows remote attackers to affect confidentiality and integrity of affected systems.	Nov 3, 2021	KEV
CVE-2021-22894	High	25.7%	IvantiPulse Connect Secure	Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciously crafted meeting room.	Nov 3, 2021	KEV
CVE-2019-19356	High	91.1%	NetisWF2419 Devices	Netis WF2419 devices contains an unspecified vulnerability that allows an attacker to perform remote code execution as root through the router's web management page.	Nov 3, 2021	KEV
CVE-2020-2555	High	93.1%	OracleMultiple Products	Multiple Oracle products contain a remote code execution vulnerability that allows an unauthenticated attacker with network access via T3 or HTTP to takeover the affected system. Impacted Oracle products: Oracle Coherence in Fusion Middleware, Oracle Utilities Framework, Oracle Retail Assortment Planning, Oracle Commerce, Oracle Communications Diameter Signaling Router (DSR).	Nov 3, 2021	KEV
CVE-2021-36955	High	20.6%	MicrosoftWindows	Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.	Nov 3, 2021	KEV
CVE-2020-1147	High	93.4%	Microsoft.NET Framework, SharePoint, Visual Studio	Microsoft .NET Framework, Microsoft SharePoint, and Visual Studio contain a remote code execution vulnerability when the software fails to check the source markup of XML file input. Successful exploitation allows an attacker to execute code in the context of the process responsible for deserialization of the XML content.	Nov 3, 2021	KEV

CVE-2021-27561KEV

High

Yealink Device Management contains a server-side request forgery (SSRF) vulnerability that allows for unauthenticated remote code execution.

YealinkEPSS 94.1%

CVE-2019-18935KEV

High

Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe process.

ProgressEPSS 93.7%

CVE-2020-14883KEV

High

Oracle WebLogic Server contains an unspecified vulnerability in the Console component with high impacts to confidentilaity, integrity, and availability.

OracleEPSS 94.4%

CVE-2020-8644KEV

High

PlaySMS contains a server-side template injection vulnerability that allows for remote code execution.

PlaySMSEPSS 94.0%

CVE-2020-8243KEV

High

Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution.

IvantiEPSS 20.5%

CVE-2021-22900KEV

High

Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.

IvantiEPSS 0.8%

CVE-2020-14871KEV

High

Oracle Solaris and Oracle ZFS Storage Appliance Kit contain an unspecified vulnerability causing high impacts to confidentiality, integrity, and availability of affected systems.

OracleEPSS 88.9%

CVE-2021-22899KEV

High

Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles.

IvantiEPSS 16.6%

CVE-2020-14750KEV

High

Oracle WebLogic Server contains an unspecified vulnerability allowing an unauthenticated attacker to perform remote code execution. This vulnerability is related to CVE-2020-14882.

OracleEPSS 94.4%

CVE-2012-3152KEV

High

Oracle Fusion Middleware Reports Developer contains an unspecified vulnerability that allows remote attackers to affect confidentiality and integrity of affected systems.

OracleEPSS 93.5%

CVE-2021-22894KEV

High

Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciously crafted meeting room.

IvantiEPSS 25.7%

CVE-2019-19356KEV

High

Netis WF2419 devices contains an unspecified vulnerability that allows an attacker to perform remote code execution as root through the router's web management page.

NetisEPSS 91.1%

CVE-2020-2555KEV

High

Multiple Oracle products contain a remote code execution vulnerability that allows an unauthenticated attacker with network access via T3 or HTTP to takeover the affected system. Impacted Oracle products: Oracle Coherence in Fusion Middleware, Oracle Utilities Framework, Oracle Retail Assortment Planning, Oracle Commerce, Oracle Communications Diameter Signaling Router (DSR).

OracleEPSS 93.1%

CVE-2021-36955KEV

High

Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 20.6%

CVE-2020-1147KEV

High

Microsoft .NET Framework, Microsoft SharePoint, and Visual Studio contain a remote code execution vulnerability when the software fails to check the source markup of XML file input. Successful exploitation allows an attacker to execute code in the context of the process responsible for deserialization of the XML content.

MicrosoftEPSS 93.4%

106 107 108 109 110 111 112