CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2016-10174	High	89.8%	NETGEARWNR2000v5 Router	The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution.	Mar 25, 2022	KEV
CVE-2015-3035(1)	High	92.9%	TP-LinkMultiple Archer Devices	Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.	Mar 25, 2022	KEV
CVE-2015-1187	High	81.2%	D-Link and TRENDnetMultiple Devices	The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution.	Mar 25, 2022	KEV
CVE-2020-9054	High	94.3%	ZyxelMultiple Network-Attached Storage (NAS) Devices	Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code.	Mar 25, 2022	KEV
CVE-2020-1631	High	5.4%	JuniperJunos OS	A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform remote code execution.	Mar 25, 2022	KEV
CVE-2005-2773	High	91.2%	Hewlett Packard (HP)OpenView Network Node Manager	HP OpenView Network Node Manager could allow a remote attacker to execute arbitrary commands on the system.	Mar 25, 2022	KEV
CVE-2009-0927	High	93.3%	AdobeReader and Acrobat	Stack-based buffer overflow in Adobe Reader and Adobe Acrobat allows remote attackers to execute arbitrary code.	Mar 25, 2022	KEV
CVE-2019-0903	High	34.4%	MicrosoftGraphics Device Interface (GDI)	A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.	Mar 25, 2022	KEV
CVE-2009-2055	High	0.4%	CiscoIOS XR	Cisco IOS XR,when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).	Mar 25, 2022	KEV
CVE-2015-1427	High	92.3%	ElasticElasticsearch	The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.	Mar 25, 2022	KEV
CVE-2015-4068	High	80.9%	ArcserveUnified Data Protection (UDP)	Directory traversal vulnerability in Arcserve UDP allows remote attackers to obtain sensitive information or cause a denial of service.	Mar 25, 2022	KEV
CVE-2016-0752	High	92.7%	RailsRuby on Rails	Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files.	Mar 25, 2022	KEV
CVE-2021-42237	High	94.4%	SitecoreXP	Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution.	Mar 25, 2022	KEV
CVE-2019-6340	High 8.1	94.4%	DrupalCore	In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.	Mar 25, 2022	KEVExploit
CVE-2012-1823	High 9.8	94.4%	PHPPHP	sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code.	Mar 25, 2022	KEVExploit
CVE-2016-11021	High	91.3%	D-LinkDCS-930L Devices	setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command.	Mar 25, 2022	KEV
CVE-2020-2021	High	21.1%	Palo Alto NetworksPAN-OS	Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication.	Mar 25, 2022	KEV
CVE-2020-25223	High	94.4%	SophosSG UTM	A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.	Mar 25, 2022	KEV
CVE-2018-6961	High	93.6%	VMwareSD-WAN Edge	VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution.	Mar 25, 2022	KEV
CVE-2020-7247	High	94.1%	OpenBSDOpenSMTPD	smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session.	Mar 25, 2022	KEV

CVE-2016-10174KEV

High

The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution.

NETGEAREPSS 89.8%

CVE-2015-3035KEV

High

Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.

TP-LinkEPSS 92.9%

CVE-2015-1187KEV

High

The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution.

D-Link and TRENDnetEPSS 81.2%

CVE-2020-9054KEV

High

Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code.

ZyxelEPSS 94.3%

CVE-2020-1631KEV

High

A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform remote code execution.

JuniperEPSS 5.4%

CVE-2005-2773KEV

High

HP OpenView Network Node Manager could allow a remote attacker to execute arbitrary commands on the system.

Hewlett Packard (HP)EPSS 91.2%

CVE-2009-0927KEV

High

Stack-based buffer overflow in Adobe Reader and Adobe Acrobat allows remote attackers to execute arbitrary code.

AdobeEPSS 93.3%

CVE-2019-0903KEV

High

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

MicrosoftEPSS 34.4%

CVE-2009-2055KEV

High

Cisco IOS XR,when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).

CiscoEPSS 0.4%

CVE-2015-1427KEV

High

The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.

ElasticEPSS 92.3%

CVE-2015-4068KEV

High

Directory traversal vulnerability in Arcserve UDP allows remote attackers to obtain sensitive information or cause a denial of service.

ArcserveEPSS 80.9%

CVE-2016-0752KEV

High

Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files.

RailsEPSS 92.7%

CVE-2021-42237KEV

High

Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution.

SitecoreEPSS 94.4%

CVE-2019-6340KEV

High

In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.

DrupalCVSS 8.1EPSS 94.4%

Exploit

CVE-2012-1823KEV

High

sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code.

PHPCVSS 9.8EPSS 94.4%

Exploit

CVE-2016-11021KEV

High

setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command.

D-LinkEPSS 91.3%

CVE-2020-2021KEV

High

Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication.

Palo Alto NetworksEPSS 21.1%

CVE-2020-25223KEV

High

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.

SophosEPSS 94.4%

CVE-2018-6961KEV

High

VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution.

VMwareEPSS 93.6%

CVE-2020-7247KEV

High

smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session.

OpenBSDEPSS 94.1%

50 51 52 53 54 55 56