CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2020-16009	High	84.4%	GoogleChromium V8	Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Nov 3, 2021	KEV
CVE-2020-4006	High	12.8%	VMwareMultiple Products	VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative configurator on port 8443 and a valid password for the configurator administrator account can execute commands with unrestricted privileges on the underlying operating system.	Nov 3, 2021	KEV
CVE-2020-11651	High	94.4%	SaltStackSalt	SaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerability allows a remote user to access some methods without authentication, which can be used to retrieve user tokens from the salt master and/or run commands on salt minions. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.	Nov 3, 2021	KEV
CVE-2021-41773	High	94.4%	ApacheHTTP Server	Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default �require all denied� or if CGI scripts are enabled. The original patch issued under this CVE ID is insufficient, please review remediation information under CVE-2021-42013.	Nov 3, 2021	KEV
CVE-2021-30632	High	84.9%	GoogleChromium V8	Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Nov 3, 2021	KEV
CVE-2021-37976	High	14.6%	GoogleChromium	Google Chromium contains an information disclosure vulnerability within the core memory component that allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Nov 3, 2021	KEV
CVE-2021-30666	High	1.5%	AppleiOS	Apple iOS WebKit contains a buffer-overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.	Nov 3, 2021	KEV
CVE-2020-1350	High	93.8%	MicrosoftWindows	Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed.	Nov 3, 2021	KEV
CVE-2020-8260	High	75.9%	IvantiPulse Connect Secure	Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction.	Nov 3, 2021	KEV
CVE-2018-18325	High	93.2%	DotNetNuke (DNN)DotNetNuke (DNN)	DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. This CVE ID resolves an incomplete patch for CVE-2018-15811.	Nov 3, 2021	KEV
CVE-2020-0674	High	93.6%	MicrosoftInternet Explorer	Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote code execution in the context of the current user.	Nov 3, 2021	KEV
CVE-2018-7600	High 9.8	94.5%	DrupalDrupal Core	Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.	Nov 3, 2021	KEVExploit
CVE-2019-17558	High 7.5	94.5%	ApacheSolr	The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution.	Nov 3, 2021	KEVExploit
CVE-2020-8193	High 6.5	94.3%	CitrixApplication Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance	Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL endpoints. The attacker must have access to the NetScaler IP (NSIP) in order to perform exploitation.	Nov 3, 2021	KEVExploit
CVE-2019-13608	High	74.1%	CitrixStoreFront Server	Citrix StoreFront Server contains an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information.	Nov 3, 2021	KEV
CVE-2020-3566	High	5.1%	CiscoIOS XR	Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash.	Nov 3, 2021	KEV
CVE-2020-3569	High	5.6%	CiscoIOS XR	Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash.	Nov 3, 2021	KEV
CVE-2019-11634	High	30.8%	CitrixWorkspace Application and Receiver for Windows	Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives.	Nov 3, 2021	KEV
CVE-2020-8195	High	73.1%	CitrixApplication Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance	Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.	Nov 3, 2021	KEV
CVE-2020-5902	High	94.4%	F5BIG-IP	F5 BIG-IP Traffic Management User Interface (TMUI) contains a remote code execution vulnerability in undisclosed pages.	Nov 3, 2021	KEV

CVE-2020-16009KEV

High

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 84.4%

CVE-2020-4006KEV

High

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative configurator on port 8443 and a valid password for the configurator administrator account can execute commands with unrestricted privileges on the underlying operating system.

VMwareEPSS 12.8%

CVE-2020-11651KEV

High

SaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerability allows a remote user to access some methods without authentication, which can be used to retrieve user tokens from the salt master and/or run commands on salt minions. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.

SaltStackEPSS 94.4%

CVE-2021-41773KEV

High

Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default �require all denied� or if CGI scripts are enabled. The original patch issued under this CVE ID is insufficient, please review remediation information under CVE-2021-42013.

ApacheEPSS 94.4%

CVE-2021-30632KEV

High

Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 84.9%

CVE-2021-37976KEV

High

Google Chromium contains an information disclosure vulnerability within the core memory component that allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 14.6%

CVE-2021-30666KEV

High

Apple iOS WebKit contains a buffer-overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

AppleEPSS 1.5%

CVE-2020-1350KEV

High

Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed.

MicrosoftEPSS 93.8%

CVE-2020-8260KEV

High

Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction.

IvantiEPSS 75.9%

CVE-2018-18325KEV

High

DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. This CVE ID resolves an incomplete patch for CVE-2018-15811.

DotNetNuke (DNN)EPSS 93.2%

CVE-2020-0674KEV

High

Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote code execution in the context of the current user.

MicrosoftEPSS 93.6%

CVE-2018-7600KEV

High

Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.

DrupalCVSS 9.8EPSS 94.5%

Exploit

CVE-2019-17558KEV

High

The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution.

ApacheCVSS 7.5EPSS 94.5%

Exploit

CVE-2020-8193KEV

High

Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL endpoints. The attacker must have access to the NetScaler IP (NSIP) in order to perform exploitation.

CitrixCVSS 6.5EPSS 94.3%

Exploit

CVE-2019-13608KEV

High

Citrix StoreFront Server contains an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information.

CitrixEPSS 74.1%

CVE-2020-3566KEV

High

Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash.

Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives.

CitrixEPSS 30.8%

CVE-2020-8195KEV

High

Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.

CitrixEPSS 73.1%

CVE-2020-5902KEV

High

F5 BIG-IP Traffic Management User Interface (TMUI) contains a remote code execution vulnerability in undisclosed pages.

F5EPSS 94.4%

70 71 72 73 74 75 76