CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2019-2725	High	94.5%	OracleWebLogic Server	Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).	Jan 10, 2022	KEV
CVE-2021-22017	High	79.5%	VMwarevCenter Server	Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization.	Jan 10, 2022	KEV
CVE-2019-9670	High 9.8	94.4%	SynacorZimbra Collaboration Suite (ZCS)	Synacor Zimbra Collaboration Suite (ZCS) contains an improper restriction of XML external entity (XXE) vulnerability in the mailboxd component.	Jan 10, 2022	KEVExploit
CVE-2019-7609	High	94.4%	ElasticKibana	Kibana contain an arbitrary code execution flaw in the Timelion visualizer.	Jan 10, 2022	KEV
CVE-2018-13383	High	1.3%	FortinetFortiOS and FortiProxy	A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users.	Jan 10, 2022	KEV
CVE-2021-27860	High	42.6%	FatPipeWARP, IPVPN, and MPVPN software	A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem.	Jan 10, 2022	KEV
CVE-2017-1000486	High	93.7%	PrimetekPrimefaces Application	Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution	Jan 10, 2022	KEV
CVE-2019-1579	High	93.0%	Palo Alto NetworksPAN-OS	Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled.	Jan 10, 2022	KEV
CVE-2021-36260(2)	High	94.4%	HikvisionSecurity cameras web server	A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation.	Jan 10, 2022	KEV
CVE-2021-4102	High	4.4%	GoogleChromium V8	Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Dec 15, 2021	KEV
CVE-2021-43890	High	16.4%	MicrosoftWindows	Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability.	Dec 15, 2021	KEV
CVE-2019-7238	High	94.4%	SonatypeNexus Repository Manager	Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution.	Dec 10, 2021	KEV
CVE-2019-0193	High	93.2%	ApacheSolr	The optional Apache Solr module DataImportHandler contains a code injection vulnerability.	Dec 10, 2021	KEV
CVE-2021-44168	High	1.4%	FortinetFortiOS	Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files.	Dec 10, 2021	KEV
CVE-2019-13272	High	81.3%	LinuxKernel	Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability that allows local users to obtain root access.	Dec 10, 2021	KEV
CVE-2021-44515	High	94.3%	ZohoDesktop Central	Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.	Dec 10, 2021	KEV
CVE-2017-12149	High	94.3%	Red HatJBoss Application Server	The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data.	Dec 10, 2021	KEV
CVE-2017-17562	High	94.3%	EmbedthisGoAhead	Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.	Dec 10, 2021	KEV
CVE-2010-1871	High	93.8%	Red HatJBoss Seam 2	JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured.	Dec 10, 2021	KEV
CVE-2019-10758	High	94.4%	MongoDBmongo-express	mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method.	Dec 10, 2021	KEV

CVE-2019-2725KEV

High

Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).

OracleEPSS 94.5%

CVE-2021-22017KEV

High

Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization.

VMwareEPSS 79.5%

CVE-2019-9670KEV

High

Synacor Zimbra Collaboration Suite (ZCS) contains an improper restriction of XML external entity (XXE) vulnerability in the mailboxd component.

SynacorCVSS 9.8EPSS 94.4%

Exploit

CVE-2019-7609KEV

High

Kibana contain an arbitrary code execution flaw in the Timelion visualizer.

ElasticEPSS 94.4%

CVE-2018-13383KEV

High

A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users.

FortinetEPSS 1.3%

CVE-2021-27860KEV

High

A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem.

FatPipeEPSS 42.6%

CVE-2017-1000486KEV

High

Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution

PrimetekEPSS 93.7%

CVE-2019-1579KEV

High

Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled.

Palo Alto NetworksEPSS 93.0%

CVE-2021-36260KEV

High

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation.

HikvisionEPSS 94.4%

CVE-2021-4102KEV

High

Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 4.4%

CVE-2021-43890KEV

High

Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability.

MicrosoftEPSS 16.4%

CVE-2019-7238KEV

High

Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution.

SonatypeEPSS 94.4%

CVE-2019-0193KEV

High

The optional Apache Solr module DataImportHandler contains a code injection vulnerability.

ApacheEPSS 93.2%

CVE-2021-44168KEV

High

Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files.

FortinetEPSS 1.4%

CVE-2019-13272KEV

High

Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability that allows local users to obtain root access.

LinuxEPSS 81.3%

CVE-2021-44515KEV

High

Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.

ZohoEPSS 94.3%

CVE-2017-12149KEV

High

The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data.

Red HatEPSS 94.3%

CVE-2017-17562KEV

High

Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.

EmbedthisEPSS 94.3%

CVE-2010-1871KEV

High

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured.

Red HatEPSS 93.8%

CVE-2019-10758KEV

High

mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method.

MongoDBEPSS 94.4%

62 63 64 65 66 67 68