CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2021-22017	High	79.5%	VMwarevCenter Server	Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization.	Jan 10, 2022	KEV
CVE-2019-1458	High	91.9%	MicrosoftWin32k	A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP.	Jan 10, 2022	KEV
CVE-2019-1579	High	93.0%	Palo Alto NetworksPAN-OS	Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled.	Jan 10, 2022	KEV
CVE-2021-36260	High	94.4%	HikvisionSecurity cameras web server	A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation.	Jan 10, 2022	KEV
CVE-2020-6572	High	19.1%	GoogleChrome Media	Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page.	Jan 10, 2022	KEV
CVE-2013-3900	High	80.2%	MicrosoftWinVerifyTrust function	A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files.	Jan 10, 2022	KEV
CVE-2019-10149	High	94.0%	EximMail Transfer Agent (MTA)	Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.	Jan 10, 2022	KEV
CVE-2015-7450	High	93.5%	IBMWebSphere Application Server and Server Hypervisor Edition	Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands	Jan 10, 2022	KEV
CVE-2018-13382	High	86.1%	FortinetFortiOS and FortiProxy	An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password.	Jan 10, 2022	KEV
CVE-2018-13383	High	1.3%	FortinetFortiOS and FortiProxy	A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users.	Jan 10, 2022	KEV
CVE-2019-2725	High	94.5%	OracleWebLogic Server	Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).	Jan 10, 2022	KEV
CVE-2021-4102	High	4.4%	GoogleChromium V8	Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Dec 15, 2021	KEV
CVE-2021-43890	High	16.4%	MicrosoftWindows	Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability.	Dec 15, 2021	KEV
CVE-2021-44228	High	94.4%	ApacheLog4j2	Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.	Dec 10, 2021	KEV
CVE-2020-17463	High	15.3%	Fuel CMSFuel CMS	FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.	Dec 10, 2021	KEV
CVE-2020-8816	High	90.8%	Pi-holeAdminLTE	Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.	Dec 10, 2021	KEV
CVE-2021-35394	High	93.8%	RealtekJungle Software Development Kit (SDK)	RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution.	Dec 10, 2021	KEV
CVE-2019-0193	High	93.2%	ApacheSolr	The optional Apache Solr module DataImportHandler contains a code injection vulnerability.	Dec 10, 2021	KEV
CVE-2019-7238	High	94.4%	SonatypeNexus Repository Manager	Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution.	Dec 10, 2021	KEV
CVE-2021-44515	High	94.3%	ZohoDesktop Central	Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.	Dec 10, 2021	KEV

CVE-2021-22017KEV

High

Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization.

VMwareEPSS 79.5%

CVE-2019-1458KEV

High

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP.

MicrosoftEPSS 91.9%

CVE-2019-1579KEV

High

Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled.

Palo Alto NetworksEPSS 93.0%

CVE-2021-36260KEV

High

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation.

HikvisionEPSS 94.4%

CVE-2020-6572KEV

High

Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page.

GoogleEPSS 19.1%

CVE-2013-3900KEV

High

A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files.

MicrosoftEPSS 80.2%

CVE-2019-10149KEV

High

Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

EximEPSS 94.0%

CVE-2015-7450KEV

High

Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands

IBMEPSS 93.5%

CVE-2018-13382KEV

High

An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password.

FortinetEPSS 86.1%

CVE-2018-13383KEV

High

A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users.

FortinetEPSS 1.3%

CVE-2019-2725KEV

High

Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).

OracleEPSS 94.5%

CVE-2021-4102KEV

High

Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 4.4%

CVE-2021-43890KEV

High

Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability.

MicrosoftEPSS 16.4%

CVE-2021-44228KEV

High

Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.

ApacheEPSS 94.4%

CVE-2020-17463KEV

High

FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.

Fuel CMSEPSS 15.3%

CVE-2020-8816KEV

High

Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.

Pi-holeEPSS 90.8%

CVE-2021-35394KEV

High

RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution.

RealtekEPSS 93.8%

CVE-2019-0193KEV

High

The optional Apache Solr module DataImportHandler contains a code injection vulnerability.

ApacheEPSS 93.2%

CVE-2019-7238KEV

High

Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution.

SonatypeEPSS 94.4%

CVE-2021-44515KEV

High

Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.

ZohoEPSS 94.3%

59 60 61 62 63 64 65