CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2021-3156	High	92.3%	SudoSudo	Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation.	Apr 6, 2022	KEV
CVE-2021-31166	High	93.1%	MicrosoftHTTP Protocol Stack	Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.	Apr 6, 2022	KEV
CVE-2022-22675	High	1.0%	ApplemacOS	macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges.	Apr 4, 2022	KEV
CVE-2022-22674	High	0.2%	ApplemacOS	macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory.	Apr 4, 2022	KEV
CVE-2021-45382	High	94.2%	D-LinkMultiple Routers	A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file.	Apr 4, 2022	KEV
CVE-2022-22965	High	94.4%	VMwareSpring Framework	Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.	Apr 4, 2022	KEV
CVE-2022-1040	High	94.4%	SophosFirewall	An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.	Mar 31, 2022	KEV
CVE-2021-34484	High	2.4%	MicrosoftWindows	Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.	Mar 31, 2022	KEV
CVE-2018-10561	High	93.3%	DasanGigabit Passive Optical Network (GPON) Routers	Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution.	Mar 31, 2022	KEV
CVE-2018-10562	High	94.0%	DasanGigabit Passive Optical Network (GPON) Routers	Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution.	Mar 31, 2022	KEV
CVE-2022-26871	High	13.6%	Trend MicroApex Central	An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution.	Mar 31, 2022	KEV
CVE-2021-21551	High	57.0%	Delldbutil Driver	Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service (DoS), or information disclosure.	Mar 31, 2022	KEV
CVE-2021-28799	High	91.1%	QNAPNetwork Attached Storage (NAS)	QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device.	Mar 31, 2022	KEV
CVE-2012-5076	High	91.7%	OracleJava SE	The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.	Mar 28, 2022	KEV
CVE-2018-8405	High	50.0%	MicrosoftDirectX Graphics Kernel (DXGKRNL)	An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.	Mar 28, 2022	KEV
CVE-2015-2426	High	91.8%	MicrosoftWindows	A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.	Mar 28, 2022	KEV
CVE-2017-0037	High	90.8%	MicrosoftEdge and Internet Explorer	Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution.	Mar 28, 2022	KEV
CVE-2021-38646	High	42.7%	MicrosoftOffice	Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.	Mar 28, 2022	KEV
CVE-2016-0151	High	44.1%	MicrosoftClient-Server Run-time Subsystem (CSRSS)	The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.	Mar 28, 2022	KEV
CVE-2018-8406	High	50.0%	MicrosoftDirectX Graphics Kernel (DXGKRNL)	An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.	Mar 28, 2022	KEV

CVE-2021-3156KEV

High

Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation.

SudoEPSS 92.3%

CVE-2021-31166KEV

High

Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.

MicrosoftEPSS 93.1%

CVE-2022-22675KEV

High

macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges.

AppleEPSS 1.0%

CVE-2022-22674KEV

High

macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory.

AppleEPSS 0.2%

CVE-2021-45382KEV

High

A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file.

D-LinkEPSS 94.2%

CVE-2022-22965KEV

High

Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.

VMwareEPSS 94.4%

CVE-2022-1040KEV

High

An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.

SophosEPSS 94.4%

CVE-2021-34484KEV

High

Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 2.4%

CVE-2018-10561KEV

High

Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution.

DasanEPSS 93.3%

CVE-2018-10562KEV

High

Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution.

DasanEPSS 94.0%

CVE-2022-26871KEV

High

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution.

Trend MicroEPSS 13.6%

CVE-2021-21551KEV

High

Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service (DoS), or information disclosure.

DellEPSS 57.0%

CVE-2021-28799KEV

High

QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device.

QNAPEPSS 91.1%

CVE-2012-5076KEV

High

The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.

OracleEPSS 91.7%

CVE-2018-8405KEV

High

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.

MicrosoftEPSS 50.0%

CVE-2015-2426KEV

High

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.

MicrosoftEPSS 91.8%

CVE-2017-0037KEV

High

Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution.

MicrosoftEPSS 90.8%

CVE-2021-38646KEV

High

Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.

MicrosoftEPSS 42.7%

CVE-2016-0151KEV

High

The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.

MicrosoftEPSS 44.1%

CVE-2018-8406KEV

High

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.

MicrosoftEPSS 50.0%

79 80 81 82 83 84 85