CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2019-1069	High	30.5%	MicrosoftTask Scheduler	A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations.	Mar 15, 2022	KEV
CVE-2019-1405	High	57.1%	MicrosoftWindows	A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation.	Mar 15, 2022	KEV
CVE-2019-1315	High	7.5%	MicrosoftWindows	A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.	Mar 15, 2022	KEV
CVE-2019-1253	High	30.2%	MicrosoftWindows	A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.	Mar 15, 2022	KEV
CVE-2018-8120	High	94.1%	MicrosoftWin32k	A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.	Mar 15, 2022	KEV
CVE-2020-5135	High	25.0%	SonicWallSonicOS	A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall.	Mar 15, 2022	KEV
CVE-2022-26486	High	2.2%	MozillaFirefox	Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution.	Mar 7, 2022	KEV
CVE-2022-26485	High	7.1%	MozillaFirefox	Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution.	Mar 7, 2022	KEV
CVE-2017-6077	High	86.1%	NETGEARWireless Router DGN2200	NETGEAR DGN2200 wireless routers contain a vulnerability that allows for remote code execution.	Mar 7, 2022	KEV
CVE-2020-8218	High	91.1%	Pulse SecurePulse Connect Secure	A code injection vulnerability exists in Pulse Connect Secure that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.	Mar 7, 2022	KEV
CVE-2019-11581	High	94.4%	AtlassianJira Server and Data Center	Atlassian Jira Server and Data Center contain a server-side template injection vulnerability which can allow for remote code execution.	Mar 7, 2022	KEV
CVE-2016-6277	High	94.3%	NETGEARMultiple Routers	NETGEAR confirmed multiple routers allow unauthenticated web pages to pass form input directly to the command-line interface, permitting remote code execution.	Mar 7, 2022	KEV
CVE-2021-21973	High	90.3%	VMwarevCenter Server and Cloud Foundation	VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure.	Mar 7, 2022	KEV
CVE-2013-0629	High	84.0%	AdobeColdFusion	Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories.	Mar 7, 2022	KEV
CVE-2013-0625	High	78.1%	AdobeColdFusion	Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.	Mar 7, 2022	KEV
CVE-2013-0631	High	83.3%	AdobeColdFusion	Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server.	Mar 7, 2022	KEV
CVE-2009-3960	High	88.7%	AdobeBlazeDS	Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure.	Mar 7, 2022	KEV
CVE-2018-0159	High	7.0%	CiscoIOS Software and Cisco IOS XE Software	A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial-of-service (DoS) condition.	Mar 3, 2022	KEV
CVE-2015-2387	High	31.2%	MicrosoftATM Font Driver	ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application.	Mar 3, 2022	KEV
CVE-2015-7645	High	84.5%	AdobeFlash Player	Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.	Mar 3, 2022	KEV

CVE-2019-1069KEV

High

A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations.

MicrosoftEPSS 30.5%

CVE-2019-1405KEV

High

A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation.

MicrosoftEPSS 57.1%

CVE-2019-1315KEV

High

A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.

MicrosoftEPSS 7.5%

CVE-2019-1253KEV

High

A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.

MicrosoftEPSS 30.2%

CVE-2018-8120KEV

High

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.

MicrosoftEPSS 94.1%

CVE-2020-5135KEV

High

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall.

SonicWallEPSS 25.0%

CVE-2022-26486KEV

High

Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution.

MozillaEPSS 2.2%

CVE-2022-26485KEV

High

Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution.

MozillaEPSS 7.1%

CVE-2017-6077KEV

High

NETGEAR DGN2200 wireless routers contain a vulnerability that allows for remote code execution.

NETGEAREPSS 86.1%

CVE-2020-8218KEV

High

A code injection vulnerability exists in Pulse Connect Secure that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.

Pulse SecureEPSS 91.1%

CVE-2019-11581KEV

High

Atlassian Jira Server and Data Center contain a server-side template injection vulnerability which can allow for remote code execution.

AtlassianEPSS 94.4%

CVE-2016-6277KEV

High

NETGEAR confirmed multiple routers allow unauthenticated web pages to pass form input directly to the command-line interface, permitting remote code execution.

NETGEAREPSS 94.3%

CVE-2021-21973KEV

High

VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure.

VMwareEPSS 90.3%

CVE-2013-0629KEV

High

Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories.

AdobeEPSS 84.0%

CVE-2013-0625KEV

High

Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.

AdobeEPSS 78.1%

CVE-2013-0631KEV

High

Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server.

AdobeEPSS 83.3%

CVE-2009-3960KEV

High

Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure.

AdobeEPSS 88.7%

CVE-2018-0159KEV

High

A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial-of-service (DoS) condition.

CiscoEPSS 7.0%

CVE-2015-2387KEV

High

ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application.

MicrosoftEPSS 31.2%

CVE-2015-7645KEV

High

Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.

AdobeEPSS 84.5%

85 86 87 88 89 90 91