CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2021-30761	High	0.4%	AppleiOS	Apple iOS WebKit contains a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.	Nov 3, 2021	KEV
CVE-2021-42258	High	94.1%	BQEBillQuick Web Suite	BQE BillQuick Web Suite contains an SQL injection vulnerability when accessing the username parameter that may allow for unauthenticated, remote code execution.	Nov 3, 2021	KEV
CVE-2020-4427	High	92.7%	IBMData Risk Manager	IBM Data Risk Manager contains a security bypass vulnerability that could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system.	Nov 3, 2021	KEV
CVE-2021-31201	High	1.5%	MicrosoftEnhanced Cryptographic Provider	Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.	Nov 3, 2021	KEV
CVE-2017-6327	High	76.8%	SymantecSymantec Messaging Gateway	Symantec Messaging Gateway contains an unspecified vulnerability which can allow for remote code execution. With the ability to perform remote code execution, an attacker may also desire to perform privilege escalating actions.	Nov 3, 2021	KEV
CVE-2019-11539	High	93.9%	IvantiPulse Connect Secure and Pulse Policy Secure	Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands.	Nov 3, 2021	KEV
CVE-2021-20022	High	20.0%	SonicWallSonicWall Email Security	SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20023 to achieve privilege escalation.	Nov 3, 2021	KEV
CVE-2020-16846	High	94.4%	SaltStackSalt	SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affects any users running the Salt API.	Nov 3, 2021	KEV
CVE-2020-10987	High	93.6%	TendaAC1900 Router AC15 Model	Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter.	Nov 3, 2021	KEV
CVE-2020-12271	High	88.9%	SophosSFOS	Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords).	Nov 3, 2021	KEV
CVE-2020-10221	High	91.4%	rConfigrConfig	rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fileName POST parameter.	Nov 3, 2021	KEV
CVE-2018-2380	High	45.5%	SAPCustomer Relationship Management (CRM)	SAP Customer Relationship Management (CRM) contains a path traversal vulnerability that allows an attacker to exploit insufficient validation of path information provided by users.	Nov 3, 2021	KEV
CVE-2020-11652	High	94.3%	SaltStackSalt	SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.	Nov 3, 2021	KEV
CVE-2017-16651	High	37.8%	RoundcubeRoundcube Webmail	Roundcube Webmail contains a file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default.	Nov 3, 2021	KEV
CVE-2020-10181	High	20.6%	SumavisionEnhanced Multimedia Router (EMR)	Sumavision Enhanced Multimedia Router (EMR) contains a cross-site request forgery (CSRF) vulnerability allowing the creation of users with elevated privileges as administrator on a device.	Nov 3, 2021	KEV
CVE-2021-31755	High	94.3%	TendaAC11 Router	Tenda AC11 devices contain a stack buffer overflow vulnerability in /goform/setmac which allows attackers to execute code via a crafted post request.	Nov 3, 2021	KEV
CVE-2021-20016	High	78.0%	SonicWallSSLVPN SMA100	SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker.	Nov 3, 2021	KEV
CVE-2017-9248	High	87.8%	ProgressASP.NET AJAX and Sitefinity	Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys (Telerik.Web.UI.DialogParametersEncryptionKey and/or the MachineKey), perform cross-site-scripting (XSS) attacks, compromise the ASP.NET ViewState, and/or upload and download files.	Nov 3, 2021	KEV
CVE-2018-20062	High	94.3%	ThinkPHPnoneCms	ThinkPHP "noneCms" contains an unspecified vulnerability that allows for remote code execution through crafted use of the filter parameter.	Nov 3, 2021	KEV
CVE-2021-20021	High	91.7%	SonicWallSonicWall Email Security	SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20022 and CVE-2021-20023 to achieve privilege escalation.	Nov 3, 2021	KEV

CVE-2021-30761KEV

High

Apple iOS WebKit contains a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

AppleEPSS 0.4%

CVE-2021-42258KEV

High

BQE BillQuick Web Suite contains an SQL injection vulnerability when accessing the username parameter that may allow for unauthenticated, remote code execution.

BQEEPSS 94.1%

CVE-2020-4427KEV

High

IBM Data Risk Manager contains a security bypass vulnerability that could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system.

IBMEPSS 92.7%

CVE-2021-31201KEV

High

Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 1.5%

CVE-2017-6327KEV

High

Symantec Messaging Gateway contains an unspecified vulnerability which can allow for remote code execution. With the ability to perform remote code execution, an attacker may also desire to perform privilege escalating actions.

SymantecEPSS 76.8%

CVE-2019-11539KEV

High

Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands.

IvantiEPSS 93.9%

CVE-2021-20022KEV

High

SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20023 to achieve privilege escalation.

SonicWallEPSS 20.0%

CVE-2020-16846KEV

High

SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affects any users running the Salt API.

SaltStackEPSS 94.4%

CVE-2020-10987KEV

High

Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter.

TendaEPSS 93.6%

CVE-2020-12271KEV

High

Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords).

SophosEPSS 88.9%

CVE-2020-10221KEV

High

rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fileName POST parameter.

rConfigEPSS 91.4%

CVE-2018-2380KEV

High

SAP Customer Relationship Management (CRM) contains a path traversal vulnerability that allows an attacker to exploit insufficient validation of path information provided by users.

SAPEPSS 45.5%

CVE-2020-11652KEV

High

SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.

SaltStackEPSS 94.3%

CVE-2017-16651KEV

High

Roundcube Webmail contains a file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default.

RoundcubeEPSS 37.8%

CVE-2020-10181KEV

High

Sumavision Enhanced Multimedia Router (EMR) contains a cross-site request forgery (CSRF) vulnerability allowing the creation of users with elevated privileges as administrator on a device.

SumavisionEPSS 20.6%

CVE-2021-31755KEV

High

Tenda AC11 devices contain a stack buffer overflow vulnerability in /goform/setmac which allows attackers to execute code via a crafted post request.

TendaEPSS 94.3%

CVE-2021-20016KEV

High

SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker.

SonicWallEPSS 78.0%

CVE-2017-9248KEV

High

Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys (Telerik.Web.UI.DialogParametersEncryptionKey and/or the MachineKey), perform cross-site-scripting (XSS) attacks, compromise the ASP.NET ViewState, and/or upload and download files.

ProgressEPSS 87.8%

CVE-2018-20062KEV

High

ThinkPHP "noneCms" contains an unspecified vulnerability that allows for remote code execution through crafted use of the filter parameter.

ThinkPHPEPSS 94.3%

CVE-2021-20021KEV

High

SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20022 and CVE-2021-20023 to achieve privilege escalation.

SonicWallEPSS 91.7%

62 63 64 65 66 67 68