31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 751–800 of 1,619 in KEV · page 16 of 33
| ID | Title | Summary |
|---|---|---|
| CVE-2021-38645 | Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2021-38406 | Delta Electronics DOPSoft 2 Improper Input Validation Vulnerability KEVDelta Electronics | Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files (improper input validation) resulting in an out-o… |
| CVE-2021-38163 | SAP NetWeaver Unrestricted File Upload Vulnerability KEVSAP | SAP NetWeaver contains a vulnerability that allows unrestricted file upload. |
| CVE-2021-38003 | Google Chromium V8 Memory Corruption Vulnerability KEVGoogle | Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability … |
| CVE-2021-38000 | Google Chromium Intents Improper Input Validation Vulnerability KEVGoogle | Google Chromium Intents contains an improper input validation vulnerability that allows a remote attacker to arbitrarily browser to a malicious URL via a craft… |
| CVE-2021-37976 | Google Chromium Information Disclosure Vulnerability KEVGoogle | Google Chromium contains an information disclosure vulnerability within the core memory component that allows a remote attacker to obtain potentially sensitive… |
| CVE-2021-37975 | Google Chromium V8 Use-After-Free Vulnerability KEVGoogle | Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.… |
| CVE-2021-37973 | Google Chromium Portals Use-After-Free Vulnerability KEVGoogle | Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform… |
| CVE-2021-37415 | Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability KEVZoho | Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication |
| CVE-2021-36955 | Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2021-36948 | Microsoft Windows Update Medic Service Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows Update Medic Service contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2021-36942 | Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability KEVMicrosoft | Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interfac… |
| CVE-2021-36934 | Microsoft Windows SAM Local Privilege Escalation Vulnerability KEVMicrosoft | If a Volume Shadow Copy (VSS) shadow copy of the system drive is available, users can read the SAM file which would allow any user to escalate privileges to SY… |
| CVE-2021-36742 | Trend Micro Multiple Products Improper Input Validation Vulnerability KEVTrend Micro | Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege esca… |
| CVE-2021-36741 | Trend Micro Multiple Products Improper Input Validation Vulnerability KEVTrend Micro | Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker … |
| CVE-2021-36380 | Sunhillo SureLine OS Command Injection Vulnerablity KEVSunhillo | Sunhillo SureLine contains an OS command injection vulnerability that allows an attacker to cause a denial-of-service or utilize the device for persistence on … |
| CVE-2021-36260 | Hikvision Improper Input Validation KEVHikvision | A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation. |
| CVE-2021-3560 | Red Hat Polkit Incorrect Authorization Vulnerability KEVRed Hat | Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalati… |
| CVE-2021-35587 | Oracle Fusion Middleware Unspecified Vulnerability KEVOracle | Oracle Fusion Middleware Access Manager allows an unauthenticated attacker with network access via HTTP to takeover the Access Manager product. |
| CVE-2021-35464 | ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability KEVForgeRock | ForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccve… |
| CVE-2021-35395 | Realtek AP-Router SDK Buffer Overflow Vulnerability KEVRealtek | Realtek AP-Router SDK HTTP web server boa contains a buffer overflow vulnerability due to unsafe copies of some overly long parameters submitted in the form th… |
| CVE-2021-35394 | Realtek Jungle SDK Remote Code Execution Vulnerability KEVRealtek | RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution. |
| CVE-2021-35247 | SolarWinds Serv-U Improper Input Validation Vulnerability KEVSolarWinds | SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability that allows attackers to build and send queries without saniti… |
| CVE-2021-35211 | SolarWinds Serv-U Remote Code Execution Vulnerability KEVSolarWinds | SolarWinds Serv-U contains an unspecified memory escape vulnerability which can allow for remote code execution. |
| CVE-2021-3493 | Linux Kernel Privilege Escalation Vulnerability KEVLinux | The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to… |
| CVE-2021-34527 | Microsoft Windows Print Spooler Remote Code Execution Vulnerability KEVMicrosoft | Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations… |
| CVE-2021-34523 | Microsoft Exchange Server Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2021-34486 | Microsoft Windows Event Tracing Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation. |
| CVE-2021-34484 | Microsoft Windows User Profile Service Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2021-34473 | Microsoft Exchange Server Remote Code Execution Vulnerability KEVMicrosoft | Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. |
| CVE-2021-34448 | Microsoft Windows Scripting Engine Memory Corruption Vulnerability KEVMicrosoft | Microsoft Windows Scripting Engine contains an unspecified vulnerability that allows for memory corruption. |
| CVE-2021-33771 | Microsoft Windows Kernel Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2021-33766 | Microsoft Exchange Server Information Disclosure KEVMicrosoft | Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target. |
| CVE-2021-33742 | Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability KEVMicrosoft | Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution. |
| CVE-2021-33739 | Microsoft Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2021-33045 | Dahua IP Camera Authentication Bypass Vulnerability KEVDahua | Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication. |
| CVE-2021-33044 | Dahua IP Camera Authentication Bypass Vulnerability KEVDahua | Dahua IP cameras and related products contain an authentication bypass vulnerability when the NetKeyboard type argument is specified by the client during authe… |
| CVE-2021-32648 | October CMS Improper Authentication KEVOctober CMS | In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially craf… |
| CVE-2021-32030 | ASUS Routers Improper Authentication Vulnerability KEVASUS | ASUS Lyra Mini and ASUS GT-AC2900 devices contain an improper authentication vulnerability that allows an attacker to gain unauthorized access to the administr… |
| CVE-2021-31979 | Microsoft Windows Kernel Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2021-31956 | Microsoft Windows NTFS Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows New Technology File System (NTFS) contains an unspecified vulnerability that allows attackers to escalate privileges via a specially crafted … |
| CVE-2021-31955 | Microsoft Windows Kernel Information Disclosure Vulnerability KEVMicrosoft | Microsoft Windows Kernel contains an unspecified vulnerability that allows for information disclosure. Successful exploitation allows attackers to read the con… |
| CVE-2021-31755 | Tenda AC11 Router Stack Buffer Overflow Vulnerability KEVTenda | Tenda AC11 devices contain a stack buffer overflow vulnerability in /goform/setmac which allows attackers to execute code via a crafted post request. |
| CVE-2021-3156 | Sudo Heap-Based Buffer Overflow Vulnerability KEVSudo | Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation. |
| CVE-2021-3129 | Laravel Ignition File Upload Vulnerability KEVLaravel | Laravel Ignition contains a file upload vulnerability that allows unauthenticated remote attackers to execute malicious code due to insecure usage of file_get_… |
| CVE-2021-31207 | Microsoft Exchange Server Security Feature Bypass Vulnerability KEVMicrosoft | Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass. |
| CVE-2021-31201 | Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2021-31199 | Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2021-31196 | Microsoft Exchange Server Information Disclosure Vulnerability KEVMicrosoft | Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution. |
| CVE-2021-31166 | Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability KEVMicrosoft | Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution. |