CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2018-0296	High	94.4%	CiscoAdaptive Security Appliance (ASA)	Cisco Adaptive Security Appliance (ASA) contains an improper input validation vulnerability with HTTP URLs. Exploitation could allow an attacker to cause a denial-of-service (DoS) condition or information disclosure.	Nov 3, 2021	KEV
CVE-2020-8196	High	66.2%	CitrixApplication Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance	Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.	Nov 3, 2021	KEV
CVE-2020-12812	High	47.0%	FortinetFortiOS	Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication (FortiToken) if they change the case in their username.	Nov 3, 2021	KEV
CVE-2020-29557	High	89.8%	D-LinkDIR-825 R1 Devices	D-Link DIR-825 R1 devices contain a buffer overflow vulnerability in the web interface that may allow for remote code execution.	Nov 3, 2021	KEV
CVE-2019-1653	High	94.4%	CiscoSmall Business RV320 and RV325 Routers	Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contain improper access controls for URLs. Exploitation could allow an attacker to download the router configuration or detailed diagnostic information.	Nov 3, 2021	KEV
CVE-2020-16017	High	21.4%	GoogleChrome	Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.	Nov 3, 2021	KEV
CVE-2021-38000	High	3.2%	GoogleChromium Intents	Google Chromium Intents contains an improper input validation vulnerability that allows a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Nov 3, 2021	KEV
CVE-2021-30554	High	3.9%	GoogleChromium WebGL	Google Chromium WebGL contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Nov 3, 2021	KEV
CVE-2019-3396	High 9.8	94.5%	AtlassianConfluence Server and Data Server	Atlassian Confluence Server and Data Center contain a server-side template injection vulnerability that may allow an attacker to achieve path traversal and remote code execution.	Nov 3, 2021	KEVExploit
CVE-2021-30551	High	77.2%	GoogleChromium V8	Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Nov 3, 2021	KEV
CVE-2021-37973	High	12.6%	GoogleChromium Portals	Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge.	Nov 3, 2021	KEV
CVE-2020-16010	High	24.1%	GoogleChrome for Android UI	Google Chrome for Android UI contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.	Nov 3, 2021	KEV
CVE-2020-15999	High	92.9%	GoogleChrome FreeType	Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG images embedded into fonts. This vulnerability is part of an exploit chain with CVE-2020-17087 on Windows and CVE-2020-16010 on Android.	Nov 3, 2021	KEV
CVE-2020-6418	High	86.4%	GoogleChromium V8	Google Chromium V8 Engine contains a type confusion vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Nov 3, 2021	KEV
CVE-2020-16013	High	26.1%	GoogleChromium V8	Google Chromium V8 Engine contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Nov 3, 2021	KEV
CVE-2021-21206	High	21.9%	GoogleChromium Blink	Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Nov 3, 2021	KEV
CVE-2021-38003	High	71.4%	GoogleChromium V8	Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Nov 3, 2021	KEV
CVE-2021-21166	High	36.3%	GoogleChromium	Google Chromium contains a race condition vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Nov 3, 2021	KEV
CVE-2020-0683	High	32.7%	MicrosoftWindows	Microsoft Windows Installer contains a privilege escalation vulnerability when MSI packages process symbolic links, which allows attackers to bypass access restrictions to add or remove files.	Nov 3, 2021	KEV
CVE-2021-1647	High	77.4%	MicrosoftDefender	Microsoft Defender contains an unspecified vulnerability that allows for remote code execution.	Nov 3, 2021	KEV

CVE-2018-0296KEV

High

Cisco Adaptive Security Appliance (ASA) contains an improper input validation vulnerability with HTTP URLs. Exploitation could allow an attacker to cause a denial-of-service (DoS) condition or information disclosure.

CiscoEPSS 94.4%

CVE-2020-8196KEV

High

Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.

CitrixEPSS 66.2%

CVE-2020-12812KEV

High

Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication (FortiToken) if they change the case in their username.

FortinetEPSS 47.0%

CVE-2020-29557KEV

High

D-Link DIR-825 R1 devices contain a buffer overflow vulnerability in the web interface that may allow for remote code execution.

D-LinkEPSS 89.8%

CVE-2019-1653KEV

High

Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contain improper access controls for URLs. Exploitation could allow an attacker to download the router configuration or detailed diagnostic information.

CiscoEPSS 94.4%

CVE-2020-16017KEV

High

Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.

GoogleEPSS 21.4%

CVE-2021-38000KEV

High

Google Chromium Intents contains an improper input validation vulnerability that allows a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 3.2%

CVE-2021-30554KEV

High

Google Chromium WebGL contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 3.9%

CVE-2019-3396KEV

High

Atlassian Confluence Server and Data Center contain a server-side template injection vulnerability that may allow an attacker to achieve path traversal and remote code execution.

AtlassianCVSS 9.8EPSS 94.5%

Exploit

CVE-2021-30551KEV

High

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 77.2%

CVE-2021-37973KEV

High

Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge.

GoogleEPSS 12.6%

CVE-2020-16010KEV

High

Google Chrome for Android UI contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.

GoogleEPSS 24.1%

CVE-2020-15999KEV

High

Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG images embedded into fonts. This vulnerability is part of an exploit chain with CVE-2020-17087 on Windows and CVE-2020-16010 on Android.

GoogleEPSS 92.9%

CVE-2020-6418KEV

High

Google Chromium V8 Engine contains a type confusion vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 86.4%

CVE-2020-16013KEV

High

Google Chromium V8 Engine contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 26.1%

CVE-2021-21206KEV

High

Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 21.9%

CVE-2021-38003KEV

High

Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 71.4%

CVE-2021-21166KEV

High

Google Chromium contains a race condition vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 36.3%

CVE-2020-0683KEV

High

Microsoft Windows Installer contains a privilege escalation vulnerability when MSI packages process symbolic links, which allows attackers to bypass access restrictions to add or remove files.

MicrosoftEPSS 32.7%

CVE-2021-1647KEV

High

Microsoft Defender contains an unspecified vulnerability that allows for remote code execution.

MicrosoftEPSS 77.4%

71 72 73 74 75 76 77