CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2021-27103	High	2.9%	AccellionFTA	Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html.	Nov 3, 2021	KEV
CVE-2021-27101	High	0.8%	AccellionFTA	Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to document_root.html.	Nov 3, 2021	KEV
CVE-2021-20021	High	91.7%	SonicWallSonicWall Email Security	SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20022 and CVE-2021-20023 to achieve privilege escalation.	Nov 3, 2021	KEV
CVE-2020-1350	High	93.8%	MicrosoftWindows	Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed.	Nov 3, 2021	KEV
CVE-2021-31755	High	94.3%	TendaAC11 Router	Tenda AC11 devices contain a stack buffer overflow vulnerability in /goform/setmac which allows attackers to execute code via a crafted post request.	Nov 3, 2021	KEV
CVE-2019-16759	High 9.8	94.4%	vBulletinvBulletin	The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.	Nov 3, 2021	KEVExploit
CVE-2021-35464	High 9.8	94.4%	ForgeRockAccess Management (AM)	ForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame) to execute code in the context of the current user (unless ForgeRock AM is running as root user, which the vendor does not recommend).	Nov 3, 2021	KEVExploit
CVE-2020-10181	High	20.6%	SumavisionEnhanced Multimedia Router (EMR)	Sumavision Enhanced Multimedia Router (EMR) contains a cross-site request forgery (CSRF) vulnerability allowing the creation of users with elevated privileges as administrator on a device.	Nov 3, 2021	KEV
CVE-2021-27561	High	94.1%	YealinkDevice Management	Yealink Device Management contains a server-side request forgery (SSRF) vulnerability that allows for unauthenticated remote code execution.	Nov 3, 2021	KEV
CVE-2010-5326	High	16.9%	SAPNetWeaver	SAP NetWeaver Application Server Java Platforms Invoker Servlet does not require authentication, allowing for remote code execution via a HTTP or HTTPS request.	Nov 3, 2021	KEV
CVE-2019-0708	High	94.5%	MicrosoftRemote Desktop Services	Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests. Successful exploitation allows for remote code execution. The vulnerability is also known under the moniker of BlueKeep.	Nov 3, 2021	KEV
CVE-2017-7269	High	94.4%	MicrosoftInternet Information Services (IIS)	Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 which allows remote attackers to execute code via a long header beginning with "If: <http://" in a PROPFIND request.	Nov 3, 2021	KEV
CVE-2016-3718	High	83.8%	ImageMagickImageMagick	ImageMagick contains an unspecified vulnerability that allows attackers to perform server-side request forgery (SSRF) via a crafted image.	Nov 3, 2021	KEV
CVE-2019-20085	High	94.2%	TVTNVMS-1000	TVT devices utilizing NVMS-1000 software contain a directory traversal vulnerability via GET /.. requests.	Nov 3, 2021	KEV

CVE-2021-27103KEV

High

Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html.

AccellionEPSS 2.9%

CVE-2021-27101KEV

High

Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to document_root.html.

AccellionEPSS 0.8%

CVE-2021-20021KEV

High

SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20022 and CVE-2021-20023 to achieve privilege escalation.

SonicWallEPSS 91.7%

CVE-2020-1350KEV

High

Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed.

MicrosoftEPSS 93.8%

CVE-2021-31755KEV

High

Tenda AC11 devices contain a stack buffer overflow vulnerability in /goform/setmac which allows attackers to execute code via a crafted post request.

TendaEPSS 94.3%

CVE-2019-16759KEV

High

The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.

vBulletinCVSS 9.8EPSS 94.4%

Exploit

CVE-2021-35464KEV

High

ForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame) to execute code in the context of the current user (unless ForgeRock AM is running as root user, which the vendor does not recommend).

ForgeRockCVSS 9.8EPSS 94.4%

Exploit

CVE-2020-10181KEV

High

Sumavision Enhanced Multimedia Router (EMR) contains a cross-site request forgery (CSRF) vulnerability allowing the creation of users with elevated privileges as administrator on a device.

SumavisionEPSS 20.6%

CVE-2021-27561KEV

High

Yealink Device Management contains a server-side request forgery (SSRF) vulnerability that allows for unauthenticated remote code execution.

YealinkEPSS 94.1%

CVE-2010-5326KEV

High

SAP NetWeaver Application Server Java Platforms Invoker Servlet does not require authentication, allowing for remote code execution via a HTTP or HTTPS request.

SAPEPSS 16.9%

CVE-2019-0708KEV

High

Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests. Successful exploitation allows for remote code execution. The vulnerability is also known under the moniker of BlueKeep.

MicrosoftEPSS 94.5%

CVE-2017-7269KEV

High

Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 which allows remote attackers to execute code via a long header beginning with "If: <http://" in a PROPFIND request.

MicrosoftEPSS 94.4%

CVE-2016-3718KEV

High

ImageMagick contains an unspecified vulnerability that allows attackers to perform server-side request forgery (SSRF) via a crafted image.

ImageMagickEPSS 83.8%

CVE-2019-20085KEV

High

TVT devices utilizing NVMS-1000 software contain a directory traversal vulnerability via GET /.. requests.

TVTEPSS 94.2%

1 2 3 4 5 6 7