CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2021-25297	High	79.9%	NagiosNagios XI	Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.	Jan 18, 2022	KEV
CVE-2020-11978	High	94.3%	ApacheAirflow	A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow.	Jan 18, 2022	KEV
CVE-2021-25296	High	93.6%	NagiosNagios XI	Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.	Jan 18, 2022	KEV
CVE-2021-21975	High	94.4%	VMwarevRealize Operations Manager API	Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials.	Jan 18, 2022	KEV
CVE-2020-14864	High	94.0%	OracleIntelligence Enterprise Edition	Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file.	Jan 18, 2022	KEV
CVE-2021-25298	High	75.5%	NagiosNagios XI	Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.	Jan 18, 2022	KEV
CVE-2020-13927	High	94.1%	ApacheAirflow's Experimental API	The previous default setting for Airflow's Experimental API was to allow all API requests without authentication.	Jan 18, 2022	KEV
CVE-2021-40870	High	94.2%	AviatrixAviatrix Controller	Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.	Jan 18, 2022	KEV
CVE-2021-22991	High	73.1%	F5BIG-IP Traffic Management Microkernel	The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls.	Jan 18, 2022	KEV
CVE-2015-7450	High	93.5%	IBMWebSphere Application Server and Server Hypervisor Edition	Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands	Jan 10, 2022	KEV
CVE-2019-1458	High	91.9%	MicrosoftWin32k	A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP.	Jan 10, 2022	KEV
CVE-2019-7609	High	94.4%	ElasticKibana	Kibana contain an arbitrary code execution flaw in the Timelion visualizer.	Jan 10, 2022	KEV
CVE-2018-13383	High	1.3%	FortinetFortiOS and FortiProxy	A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users.	Jan 10, 2022	KEV
CVE-2018-13382	High	86.1%	FortinetFortiOS and FortiProxy	An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password.	Jan 10, 2022	KEV
CVE-2019-2725	High	94.5%	OracleWebLogic Server	Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).	Jan 10, 2022	KEV
CVE-2019-10149	High	94.0%	EximMail Transfer Agent (MTA)	Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.	Jan 10, 2022	KEV
CVE-2013-3900	High	80.2%	MicrosoftWinVerifyTrust function	A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files.	Jan 10, 2022	KEV
CVE-2020-6572	High	19.1%	GoogleChrome Media	Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page.	Jan 10, 2022	KEV
CVE-2021-36260(2)	High	94.4%	HikvisionSecurity cameras web server	A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation.	Jan 10, 2022	KEV
CVE-2017-1000486	High	93.7%	PrimetekPrimefaces Application	Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution	Jan 10, 2022	KEV

CVE-2021-25297KEV

High

Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.

NagiosEPSS 79.9%

CVE-2020-11978KEV

High

A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow.

ApacheEPSS 94.3%

CVE-2021-25296KEV

High

Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.

NagiosEPSS 93.6%

CVE-2021-21975KEV

High

Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials.

VMwareEPSS 94.4%

CVE-2020-14864KEV

High

Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file.

OracleEPSS 94.0%

CVE-2021-25298KEV

High

Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.

NagiosEPSS 75.5%

CVE-2020-13927KEV

High

The previous default setting for Airflow's Experimental API was to allow all API requests without authentication.

ApacheEPSS 94.1%

CVE-2021-40870KEV

High

Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.

AviatrixEPSS 94.2%

CVE-2021-22991KEV

High

The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls.

F5EPSS 73.1%

CVE-2015-7450KEV

High

Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands

IBMEPSS 93.5%

CVE-2019-1458KEV

High

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP.

MicrosoftEPSS 91.9%

CVE-2019-7609KEV

High

Kibana contain an arbitrary code execution flaw in the Timelion visualizer.

ElasticEPSS 94.4%

CVE-2018-13383KEV

High

A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users.

FortinetEPSS 1.3%

CVE-2018-13382KEV

High

An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password.

FortinetEPSS 86.1%

CVE-2019-2725KEV

High

Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).

OracleEPSS 94.5%

CVE-2019-10149KEV

High

Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

EximEPSS 94.0%

CVE-2013-3900KEV

High

A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files.

MicrosoftEPSS 80.2%

CVE-2020-6572KEV

High

Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page.

GoogleEPSS 19.1%

CVE-2021-36260KEV

High

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation.

HikvisionEPSS 94.4%

CVE-2017-1000486KEV

High

Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution

PrimetekEPSS 93.7%

93 94 95 96 97 98 99