CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2020-29557	High	89.8%	D-LinkDIR-825 R1 Devices	D-Link DIR-825 R1 devices contain a buffer overflow vulnerability in the web interface that may allow for remote code execution.	Nov 3, 2021	KEV
CVE-2019-1653	High	94.4%	CiscoSmall Business RV320 and RV325 Routers	Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contain improper access controls for URLs. Exploitation could allow an attacker to download the router configuration or detailed diagnostic information.	Nov 3, 2021	KEV
CVE-2020-16017	High	21.4%	GoogleChrome	Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.	Nov 3, 2021	KEV
CVE-2021-38000	High	3.2%	GoogleChromium Intents	Google Chromium Intents contains an improper input validation vulnerability that allows a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Nov 3, 2021	KEV
CVE-2021-30554	High	3.9%	GoogleChromium WebGL	Google Chromium WebGL contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Nov 3, 2021	KEV
CVE-2021-30551	High	77.2%	GoogleChromium V8	Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Nov 3, 2021	KEV
CVE-2017-9822	High 8.8	94.3%	DotNetNuke (DNN)DotNetNuke (DNN)	DotNetNuke (DNN) contains a vulnerability that may allow for remote code execution via cookie deserialization.	Nov 3, 2021	KEVExploit
CVE-2021-37973	High	12.6%	GoogleChromium Portals	Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge.	Nov 3, 2021	KEV
CVE-2020-16010	High	24.1%	GoogleChrome for Android UI	Google Chrome for Android UI contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.	Nov 3, 2021	KEV
CVE-2020-15999	High	92.9%	GoogleChrome FreeType	Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG images embedded into fonts. This vulnerability is part of an exploit chain with CVE-2020-17087 on Windows and CVE-2020-16010 on Android.	Nov 3, 2021	KEV
CVE-2020-6418	High	86.4%	GoogleChromium V8	Google Chromium V8 Engine contains a type confusion vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Nov 3, 2021	KEV
CVE-2020-16013	High	26.1%	GoogleChromium V8	Google Chromium V8 Engine contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Nov 3, 2021	KEV
CVE-2021-21206	High	21.9%	GoogleChromium Blink	Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Nov 3, 2021	KEV
CVE-2021-38003	High	71.4%	GoogleChromium V8	Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Nov 3, 2021	KEV
CVE-2021-21166	High	36.3%	GoogleChromium	Google Chromium contains a race condition vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Nov 3, 2021	KEV
CVE-2020-0683	High	32.7%	MicrosoftWindows	Microsoft Windows Installer contains a privilege escalation vulnerability when MSI packages process symbolic links, which allows attackers to bypass access restrictions to add or remove files.	Nov 3, 2021	KEV
CVE-2021-1647	High	77.4%	MicrosoftDefender	Microsoft Defender contains an unspecified vulnerability that allows for remote code execution.	Nov 3, 2021	KEV
CVE-2021-33739	High	19.5%	MicrosoftWindows	Microsoft Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.	Nov 3, 2021	KEV
CVE-2021-21224	High	56.0%	GoogleChromium V8	Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Nov 3, 2021	KEV
CVE-2014-1812	High	80.3%	MicrosoftWindows	Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploits the vulnerability could decrypt the passwords and use them to elevate privileges on the domain.	Nov 3, 2021	KEV

CVE-2020-29557KEV

High

D-Link DIR-825 R1 devices contain a buffer overflow vulnerability in the web interface that may allow for remote code execution.

D-LinkEPSS 89.8%

CVE-2019-1653KEV

High

Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contain improper access controls for URLs. Exploitation could allow an attacker to download the router configuration or detailed diagnostic information.

CiscoEPSS 94.4%

CVE-2020-16017KEV

High

Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.

GoogleEPSS 21.4%

CVE-2021-38000KEV

High

Google Chromium Intents contains an improper input validation vulnerability that allows a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 3.2%

CVE-2021-30554KEV

High

Google Chromium WebGL contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 3.9%

CVE-2021-30551KEV

High

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 77.2%

CVE-2017-9822KEV

High

DotNetNuke (DNN) contains a vulnerability that may allow for remote code execution via cookie deserialization.

DotNetNuke (DNN)CVSS 8.8EPSS 94.3%

Exploit

CVE-2021-37973KEV

High

Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge.

GoogleEPSS 12.6%

CVE-2020-16010KEV

High

Google Chrome for Android UI contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.

GoogleEPSS 24.1%

CVE-2020-15999KEV

High

Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG images embedded into fonts. This vulnerability is part of an exploit chain with CVE-2020-17087 on Windows and CVE-2020-16010 on Android.

GoogleEPSS 92.9%

CVE-2020-6418KEV

High

Google Chromium V8 Engine contains a type confusion vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 86.4%

CVE-2020-16013KEV

High

Google Chromium V8 Engine contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 26.1%

CVE-2021-21206KEV

High

Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 21.9%

CVE-2021-38003KEV

High

Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 71.4%

CVE-2021-21166KEV

High

Google Chromium contains a race condition vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 36.3%

CVE-2020-0683KEV

High

Microsoft Windows Installer contains a privilege escalation vulnerability when MSI packages process symbolic links, which allows attackers to bypass access restrictions to add or remove files.

MicrosoftEPSS 32.7%

CVE-2021-1647KEV

High

Microsoft Defender contains an unspecified vulnerability that allows for remote code execution.

MicrosoftEPSS 77.4%

CVE-2021-33739KEV

High

Microsoft Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 19.5%

CVE-2021-21224KEV

High

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 56.0%

CVE-2014-1812KEV

High

Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploits the vulnerability could decrypt the passwords and use them to elevate privileges on the domain.

MicrosoftEPSS 80.3%

70 71 72 73 74 75 76