CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2017-12235	High	4.9%	CiscoIOS software	A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service.	Mar 3, 2022	KEV
CVE-2015-2424	High	84.3%	MicrosoftPowerPoint	Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document.	Mar 3, 2022	KEV
CVE-2015-3043	High	83.9%	AdobeFlash Player	A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution.	Mar 3, 2022	KEV
CVE-2017-6744	High	19.0%	CiscoIOS software	The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6.	Mar 3, 2022	KEV
CVE-2016-0099	High	90.4%	MicrosoftWindows	A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator.	Mar 3, 2022	KEV
CVE-2022-20703	High	2.0%	CiscoSmall Business RV160, RV260, RV340, and RV345 Series Routers	A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).	Mar 3, 2022	KEV
CVE-2018-0155	High	14.5%	CiscoCatalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches	A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial-of-service (DoS) condition.	Mar 3, 2022	KEV
CVE-2017-6739	High	28.8%	CiscoIOS and IOS XE Software	The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.	Mar 3, 2022	KEV
CVE-2002-0367	High	1.2%	MicrosoftWindows	smss.exe debugging subsystem in Microsoft Windows does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges.	Mar 3, 2022	KEV
CVE-2022-20701	High	6.1%	CiscoSmall Business RV160, RV260, RV340, and RV345 Series Routers	A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).	Mar 3, 2022	KEV
CVE-2019-1652	High	93.0%	CiscoSmall Business RV320 and RV325 Dual Gigabit WAN VPN Routers	A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands.	Mar 3, 2022	KEV
CVE-2022-20699	High	89.9%	CiscoSmall Business RV160, RV260, RV340, and RV345 Series Routers	A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).	Mar 3, 2022	KEV
CVE-2020-11899	High	33.3%	Treck TCP/IP stackIPv6	The Treck TCP/IP stack contains an IPv6 out-of-bounds read vulnerability.	Mar 3, 2022	KEV
CVE-2021-41379	High	1.2%	MicrosoftWindows	Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation.	Mar 3, 2022	KEV
CVE-2020-1938	High 9.8	94.5%	ApacheTomcat	Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited.	Mar 3, 2022	KEVExploit
CVE-2022-20708	High	13.0%	CiscoSmall Business RV160, RV260, RV340, and RV345 Series Routers	A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).	Mar 3, 2022	KEV
CVE-2015-1642	High	72.9%	MicrosoftOffice	Microsoft Office contains a memory corruption vulnerability that allows remote attackers to execute arbitrary code via a crafted document.	Mar 3, 2022	KEV
CVE-2017-8570	High	94.2%	MicrosoftOffice	A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory.	Feb 25, 2022	KEV
CVE-2017-0222	High	62.0%	MicrosoftInternet Explorer	A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.	Feb 25, 2022	KEV
CVE-2022-24682	High	88.0%	SynacorZimbra Collaborate Suite (ZCS)	Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability in the Calendar feature that allows an attacker to execute arbitrary code.	Feb 25, 2022	KEV

CVE-2017-12235KEV

High

A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service.

CiscoEPSS 4.9%

CVE-2015-2424KEV

High

Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document.

MicrosoftEPSS 84.3%

CVE-2015-3043KEV

High

A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution.

AdobeEPSS 83.9%

CVE-2017-6744KEV

High

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6.

CiscoEPSS 19.0%

CVE-2016-0099KEV

High

A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator.

MicrosoftEPSS 90.4%

CVE-2022-20703KEV

High

A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).

CiscoEPSS 2.0%

CVE-2018-0155KEV

High

A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial-of-service (DoS) condition.

CiscoEPSS 14.5%

CVE-2017-6739KEV

High

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.

CiscoEPSS 28.8%

CVE-2002-0367KEV

High

smss.exe debugging subsystem in Microsoft Windows does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges.

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands.

The Treck TCP/IP stack contains an IPv6 out-of-bounds read vulnerability.

Treck TCP/IP stackEPSS 33.3%

CVE-2021-41379KEV

High

Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 1.2%

CVE-2020-1938KEV

High

Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited.

ApacheCVSS 9.8EPSS 94.5%

Microsoft Office contains a memory corruption vulnerability that allows remote attackers to execute arbitrary code via a crafted document.

MicrosoftEPSS 72.9%

CVE-2017-8570KEV

High

A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory.

MicrosoftEPSS 94.2%

CVE-2017-0222KEV

High

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.

MicrosoftEPSS 62.0%

CVE-2022-24682KEV

High

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability in the Calendar feature that allows an attacker to execute arbitrary code.

SynacorEPSS 88.0%

58 59 60 61 62 63 64