CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2020-27930	High	47.2%	AppleMultiple Products	Apple iOS, iPadOS, macOS, and watchOS FontParser contain a memory corruption vulnerability which may allow for code execution when processing maliciously crafted front.	Nov 3, 2021	KEV
CVE-2021-1871	High	0.9%	AppleiOS, iPadOS, and macOS	Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.	Nov 3, 2021	KEV
CVE-2021-30807	High	20.4%	AppleMultiple Products	Apple iOS, iPadOS, macOS, and watchOS IOMobileFrameBuffer contain a memory corruption vulnerability which may allow an application to execute code with kernel privileges.	Nov 3, 2021	KEV
CVE-2020-9818	High	0.5%	AppleiOS, iPadOS, and watchOS	Apple iOS, iPadOS, and watchOS Mail contains an out-of-bounds write vulnerability which may allow memory modification or application termination when processing a maliciously crafted mail message.	Nov 3, 2021	KEV
CVE-2020-17530	High	94.4%	ApacheStruts	Forced Object-Graph Navigation Language (OGNL) evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution.	Nov 3, 2021	KEV
CVE-2020-27932(1)	High	11.7%	AppleMultiple Products	Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges.	Nov 3, 2021	KEV
CVE-2021-20090	High	94.4%	ArcadyanBuffalo Firmware	Arcadyan Buffalo firmware contains a path traversal vulnerability that could allow unauthenticated, remote attackers to bypass authentication and access sensitive information. This vulnerability affects multiple routers across several different vendors.	Nov 3, 2021	KEV
CVE-2021-30860	High	72.9%	AppleMultiple Products	Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerability is also known under the moniker of FORCEDENTRY.	Nov 3, 2021	KEV
CVE-2020-27950(1)	High	37.1%	AppleMultiple Products	Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory.	Nov 3, 2021	KEV
CVE-2019-16256	High	61.2%	SIMallianceToolbox Browser	SIMalliance Toolbox Browser contains an command injection vulnerability that could allow remote attackers to retrieve location and IMEI information or execute a range of other attacks by modifying the attack message.	Nov 3, 2021	KEV
CVE-2017-9805	High	94.3%	ApacheStruts	Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads.	Nov 3, 2021	KEV
CVE-2021-30762	High	0.0%	AppleiOS	Apple iOS WebKit contains a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.	Nov 3, 2021	KEV
CVE-2017-5638	High	94.3%	ApacheStruts	Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution.	Nov 3, 2021	KEV
CVE-2020-9819	High	0.4%	AppleiOS, iPadOS, and watchOS	Apple iOS, iPadOS, and watchOS Mail contains a memory corruption vulnerability that may allow heap corruption when processing a maliciously crafted mail message.	Nov 3, 2021	KEV
CVE-2021-1870	High	1.2%	AppleiOS, iPadOS, and macOS	Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.	Nov 3, 2021	KEV
CVE-2021-1782	High	6.0%	AppleMultiple Products	Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condition vulnerability that may allow a malicious application to elevate privileges.	Nov 3, 2021	KEV
CVE-2021-40539	High	94.4%	ZohoManageEngine	Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution.	Nov 3, 2021	KEV
CVE-2018-0171	High	93.0%	CiscoIOS and IOS XE	Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected device, cause a denial-of-service (DoS) condition, or perform code execution on the affected device.	Nov 3, 2021	KEV
CVE-2020-3118	High	0.3%	CiscoIOS XR	Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute code with administrative privileges or cause a reload on an affected device.	Nov 3, 2021	KEV
CVE-2019-3398	High	93.9%	AtlassianConfluence Server and Data Center	Atlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote attacker to write files. Exploitation can lead to remote code execution.	Nov 3, 2021	KEV

CVE-2020-27930KEV

High

Apple iOS, iPadOS, macOS, and watchOS FontParser contain a memory corruption vulnerability which may allow for code execution when processing maliciously crafted front.

AppleEPSS 47.2%

CVE-2021-1871KEV

High

Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

AppleEPSS 0.9%

CVE-2021-30807KEV

High

Apple iOS, iPadOS, macOS, and watchOS IOMobileFrameBuffer contain a memory corruption vulnerability which may allow an application to execute code with kernel privileges.

AppleEPSS 20.4%

CVE-2020-9818KEV

High

Apple iOS, iPadOS, and watchOS Mail contains an out-of-bounds write vulnerability which may allow memory modification or application termination when processing a maliciously crafted mail message.

AppleEPSS 0.5%

CVE-2020-17530KEV

High

Forced Object-Graph Navigation Language (OGNL) evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution.

ApacheEPSS 94.4%

CVE-2020-27932KEV

High

Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges.

AppleEPSS 11.7%

CVE-2021-20090KEV

High

Arcadyan Buffalo firmware contains a path traversal vulnerability that could allow unauthenticated, remote attackers to bypass authentication and access sensitive information. This vulnerability affects multiple routers across several different vendors.

ArcadyanEPSS 94.4%

CVE-2021-30860KEV

High

Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerability is also known under the moniker of FORCEDENTRY.

AppleEPSS 72.9%

CVE-2020-27950KEV

High

Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory.

AppleEPSS 37.1%

CVE-2019-16256KEV

High

SIMalliance Toolbox Browser contains an command injection vulnerability that could allow remote attackers to retrieve location and IMEI information or execute a range of other attacks by modifying the attack message.

SIMallianceEPSS 61.2%

CVE-2017-9805KEV

High

Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads.

ApacheEPSS 94.3%

CVE-2021-30762KEV

High

Apple iOS WebKit contains a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

AppleEPSS 0.0%

CVE-2017-5638KEV

High

Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution.

ApacheEPSS 94.3%

CVE-2020-9819KEV

High

Apple iOS, iPadOS, and watchOS Mail contains a memory corruption vulnerability that may allow heap corruption when processing a maliciously crafted mail message.

Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condition vulnerability that may allow a malicious application to elevate privileges.

AppleEPSS 6.0%

CVE-2021-40539KEV

High

Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution.

ZohoEPSS 94.4%

CVE-2018-0171KEV

High

Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected device, cause a denial-of-service (DoS) condition, or perform code execution on the affected device.

CiscoEPSS 93.0%

CVE-2020-3118KEV

High

Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute code with administrative privileges or cause a reload on an affected device.

CiscoEPSS 0.3%

CVE-2019-3398KEV

High

Atlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote attacker to write files. Exploitation can lead to remote code execution.

AtlassianEPSS 93.9%

67 68 69 70 71 72 73