CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2023-28204	High	0.0%	AppleMultiple Products	Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.	May 22, 2023	KEV
CVE-2016-6415	High	93.0%	CiscoIOS, IOS XR, and IOS XE	Cisco IOS, IOS XR, and IOS XE contain insufficient condition checks in the part of the code that handles Internet Key Exchange version 1 (IKEv1) security negotiation requests. contains an information disclosure vulnerability in the Internet Key Exchange version 1 (IKEv1) that could allow an attacker to retrieve memory contents. Successful exploitation could allow the attacker to retrieve memory contents, which can lead to information disclosure.	May 19, 2023	KEV
CVE-2023-21492	High	0.4%	SamsungMobile Devices	Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass.	May 19, 2023	KEV
CVE-2004-1464	High	1.7%	CiscoIOS	Cisco IOS contains an unspecified vulnerability that may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases, Hypertext Transport Protocol (HTTP) access to the Cisco device.	May 19, 2023	KEV
CVE-2016-3427	High	93.6%	OracleJava SE and JRockit	Oracle Java SE and JRockit contains an unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Management Extensions (JMX). This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.	May 12, 2023	KEV
CVE-2016-8735	High	93.7%	ApacheTomcat	Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension (JMX) ports. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues for CVE-2016-3427 which affected credential types.	May 12, 2023	KEV
CVE-2023-25717	High	94.2%	Ruckus WirelessMultiple Products	Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site request forgery (CSRF) or remote code execution (RCE). This vulnerability impacts Ruckus ZoneDirector, SmartZone, and Solo APs.	May 12, 2023	KEV
CVE-2010-3904	High	1.6%	LinuxKernel	Linux Kernel contains an improper input validation vulnerability in the Reliable Datagram Sockets (RDS) protocol implementation that allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.	May 12, 2023	KEV
CVE-2014-0196	High	61.8%	LinuxKernel	Linux Kernel contains a race condition vulnerability within the n_tty_write function that allows local users to cause a denial-of-service (DoS) or gain privileges via read and write operations with long strings.	May 12, 2023	KEV
CVE-2021-3560	High	12.4%	Red HatPolkit	Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation.	May 12, 2023	KEV
CVE-2015-5317	High	27.4%	JenkinsJenkins User Interface (UI)	Jenkins User Interface (UI) contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages.	May 12, 2023	KEV
CVE-2023-29336	High	79.5%	MicrosoftWin32k	Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges.	May 9, 2023	KEV
CVE-2021-45046	High 9	94.3%	ApacheLog4j2	Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.	May 1, 2023	KEV
CVE-2023-21839	High	94.1%	OracleWebLogic Server	Oracle WebLogic Server contains an unspecified vulnerability that allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server.	May 1, 2023	KEV
CVE-2023-1389	High	93.5%	TP-LinkArcher AX21	TP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution.	May 1, 2023	KEV
CVE-2023-28432	High	94.0%	MinIOMinIO	MinIO contains a vulnerability in a cluster deployment where MinIO returns all environment variables, which allows for information disclosure.	Apr 21, 2023	KEV
CVE-2023-2136	High	0.4%	GoogleChromium Skia	Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.	Apr 21, 2023	KEV
CVE-2023-27350	High	94.3%	PaperCutMF/NG	PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system.	Apr 21, 2023	KEV
CVE-2017-6742	High	5.6%	CiscoIOS and IOS XE Software	The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.	Apr 19, 2023	KEV
CVE-2019-8526	High	0.5%	ApplemacOS	Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation.	Apr 17, 2023	KEV

CVE-2023-28204KEV

High

Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

AppleEPSS 0.0%

CVE-2016-6415KEV

High

Cisco IOS, IOS XR, and IOS XE contain insufficient condition checks in the part of the code that handles Internet Key Exchange version 1 (IKEv1) security negotiation requests. contains an information disclosure vulnerability in the Internet Key Exchange version 1 (IKEv1) that could allow an attacker to retrieve memory contents. Successful exploitation could allow the attacker to retrieve memory contents, which can lead to information disclosure.

CiscoEPSS 93.0%

CVE-2023-21492KEV

High

Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass.

SamsungEPSS 0.4%

CVE-2004-1464KEV

High

Cisco IOS contains an unspecified vulnerability that may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases, Hypertext Transport Protocol (HTTP) access to the Cisco device.

CiscoEPSS 1.7%

CVE-2016-3427KEV

High

Oracle Java SE and JRockit contains an unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Management Extensions (JMX). This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.

OracleEPSS 93.6%

CVE-2016-8735KEV

High

Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension (JMX) ports. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues for CVE-2016-3427 which affected credential types.

ApacheEPSS 93.7%

CVE-2023-25717KEV

High

Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site request forgery (CSRF) or remote code execution (RCE). This vulnerability impacts Ruckus ZoneDirector, SmartZone, and Solo APs.

Ruckus WirelessEPSS 94.2%

CVE-2010-3904KEV

High

Linux Kernel contains an improper input validation vulnerability in the Reliable Datagram Sockets (RDS) protocol implementation that allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.

LinuxEPSS 1.6%

CVE-2014-0196KEV

High

Linux Kernel contains a race condition vulnerability within the n_tty_write function that allows local users to cause a denial-of-service (DoS) or gain privileges via read and write operations with long strings.

LinuxEPSS 61.8%

CVE-2021-3560KEV

High

Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation.

Red HatEPSS 12.4%

CVE-2015-5317KEV

High

Jenkins User Interface (UI) contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages.

JenkinsEPSS 27.4%

CVE-2023-29336KEV

High

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges.

MicrosoftEPSS 79.5%

CVE-2021-45046KEV

High

Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.

ApacheCVSS 9EPSS 94.3%

CVE-2023-21839KEV

High

Oracle WebLogic Server contains an unspecified vulnerability that allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server.

OracleEPSS 94.1%

CVE-2023-1389KEV

High

TP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution.

TP-LinkEPSS 93.5%

CVE-2023-28432KEV

High

MinIO contains a vulnerability in a cluster deployment where MinIO returns all environment variables, which allows for information disclosure.

MinIOEPSS 94.0%

CVE-2023-2136KEV

High

Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.

GoogleEPSS 0.4%

CVE-2023-27350KEV

High

PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system.

PaperCutEPSS 94.3%

CVE-2017-6742KEV

High

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.

CiscoEPSS 5.6%

CVE-2019-8526KEV

High

Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation.

AppleEPSS 0.5%

63 64 65 66 67 68 69