31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 851–900 of 1,619 in KEV · page 18 of 33
| ID | Title | Summary |
|---|---|---|
| CVE-2021-26086 | Atlassian Jira Server and Data Center Path Traversal Vulnerability KEVAtlassian | Atlassian Jira Server and Data Center contain a path traversal vulnerability that allows a remote attacker to read particular files in the /WEB-INF/web.xml end… |
| CVE-2021-26085 | Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability KEVAtlassian | Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability … |
| CVE-2021-26084 | Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability KEVAtlassian | Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attack… |
| CVE-2021-25489 | Samsung Mobile Devices Improper Input Validation Vulnerability KEVSamsung | Samsung mobile devices contain an improper input validation vulnerability within the modem interface driver that results in a format string bug leading to kern… |
| CVE-2021-25487 | Samsung Mobile Devices Out-of-Bounds Read Vulnerability KEVSamsung | Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in set_skb_… |
| CVE-2021-25395 | Samsung Mobile Devices Race Condition Vulnerability KEVSamsung | Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio p… |
| CVE-2021-25394 | Samsung Mobile Devices Race Condition Vulnerability KEVSamsung | Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio p… |
| CVE-2021-25372 | Samsung Mobile Devices Improper Boundary Check Vulnerability KEVSamsung | Samsung mobile devices contain an improper boundary check vulnerability within DSP driver that allows for out-of-bounds memory access. |
| CVE-2021-25371 | Samsung Mobile Devices Unspecified Vulnerability KEVSamsung | Samsung mobile devices contain an unspecified vulnerability within DSP driver that allows attackers to load ELF libraries inside DSP. |
| CVE-2021-25370 | Samsung Mobile Devices Memory Corruption Vulnerability KEVSamsung | Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memo… |
| CVE-2021-25369 | Samsung Mobile Devices Improper Access Control Vulnerability KEVSamsung | Samsung mobile devices using Mali GPU contains an improper access control vulnerability in sec_log file. Exploitation of the vulnerability exposes sensitive ke… |
| CVE-2021-25337 | Samsung Mobile Devices Improper Access Control Vulnerability KEVSamsung | Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary fil… |
| CVE-2021-25298 | Nagios XI OS Command Injection KEVNagios | Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server. |
| CVE-2021-25297 | Nagios XI OS Command Injection KEVNagios | Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server. |
| CVE-2021-25296 | Nagios XI OS Command Injection KEVNagios | Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server. |
| CVE-2021-23874 | McAfee Total Protection (MTP) Improper Privilege Management Vulnerability KEVMcAfee | McAfee Total Protection (MTP) contains an improper privilege management vulnerability that allows a local user to gain elevated privileges and execute code, by… |
| CVE-2021-22991 | F5 BIG-IP Traffic Management Microkernel Buffer Overflow KEVF5 | The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls. |
| CVE-2021-22986 | F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability KEVF5 | F5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers … |
| CVE-2021-22941 | Citrix ShareFile Improper Access Control Vulnerability KEVCitrix | Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller. |
| CVE-2021-22900 | Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability KEVIvanti | Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a malicio… |
| CVE-2021-22899 | Ivanti Pulse Connect Secure Command Injection Vulnerability KEVIvanti | Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File… |
| CVE-2021-22894 | Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability KEVIvanti | Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root… |
| CVE-2021-22893 | Ivanti Pulse Connect Secure Use-After-Free Vulnerability KEVIvanti | Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services. |
| CVE-2021-22681 | Rockwell Multiple Products Insufficient Protected Credentials Vulnerability KEVRockwell | Multiple Rockwell products contain an insufficient protected credentials vulnerability. Studio 5000 Logix Designer software may allow a key to be discovered. T… |
| CVE-2021-22600 | Linux Kernel Privilege Escalation Vulnerability KEVLinux | Linux Kernel contains a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user could exploit this fo… |
| CVE-2021-22555 | Linux Kernel Heap Out-of-Bounds Write Vulnerability KEVLinux | Linux Kernel contains a heap out-of-bounds write vulnerability that could allow an attacker to gain privileges or cause a DoS (via heap memory corruption) thro… |
| CVE-2021-22506 | Micro Focus Access Manager Information Leakage Vulnerability KEVMicro Focus | Micro Focus Access Manager contains an information leakage vulnerability resulting from a SAML service provider redirection issue when the Assertion Consumer S… |
| CVE-2021-22502 | Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability KEVMicro Focus | Micro Focus Operation Bridge Report (OBR) contains an unspecified vulnerability that allows for remote code execution. |
| CVE-2021-22205 | GitLab Community and Enterprise Editions Remote Code Execution Vulnerability KEVGitLab | GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse … |
| CVE-2021-22204 | ExifTool Remote Code Execution Vulnerability KEVPerl | Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image |
| CVE-2021-22175 | GitLab Server-Side Request Forgery (SSRF) Vulnerability KEVGitLab | GitLab contains a server-side request forgery (SSRF) vulnerability when requests to the internal network for webhooks are enabled. |
| CVE-2021-22054 | Omnissa Workspace ONE Server-Side Request Forgery KEVOmnissa | Omnissa Workspace One UEM formerly known as VMware Workspace One UEM contains a server-side request forgery (SSRF) vulnerability that could allow a malicious a… |
| CVE-2021-22017 | VMware vCenter Server Improper Access Control KEVVMware | Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. |
| CVE-2021-22005 | VMware vCenter Server File Upload Vulnerability KEVVMware | VMware vCenter Server contains a file upload vulnerability in the Analytics service that allows a user with network access to port 443 to execute code. |
| CVE-2021-21985 | VMware vCenter Server Improper Input Validation Vulnerability KEVVMware | VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Serve… |
| CVE-2021-21975 | VMware Server Side Request Forgery in vRealize Operations Manager API KEVVMware | Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations M… |
| CVE-2021-21973 | VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability KEVVMware | VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for i… |
| CVE-2021-21972 | VMware vCenter Server Remote Code Execution Vulnerability KEVVMware | VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to … |
| CVE-2021-21551 | Dell dbutil Driver Insufficient Access Control Vulnerability KEVDell | Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service (DoS), or information di… |
| CVE-2021-21315 | System Information Library for Node.JS Command Injection KEVNpm package | In this vulnerability, an attacker can send a malicious payload that will exploit the name parameter. After successful exploitation, attackers can execute remo… |
| CVE-2021-21311 | Adminer Server-Side Request Forgery Vulnerability KEVAdminer | Adminer contains a server-side request forgery vulnerability that, when exploited, allows a remote attacker to obtain potentially sensitive information. |
| CVE-2021-21224 | Google Chromium V8 Type Confusion Vulnerability KEVGoogle | Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This … |
| CVE-2021-21220 | Google Chromium V8 Improper Input Validation Vulnerability KEVGoogle | Google Chromium V8 Engine contains an improper input validation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafte… |
| CVE-2021-21206 | Google Chromium Blink Use-After-Free Vulnerability KEVGoogle | Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. Thi… |
| CVE-2021-21193 | Google Chromium Blink Use-After-Free Vulnerability KEVGoogle | Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. Thi… |
| CVE-2021-21166 | Google Chromium Race Condition Vulnerability KEVGoogle | Google Chromium contains a race condition vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vuln… |
| CVE-2021-21148 | Google Chromium V8 Heap Buffer Overflow Vulnerability KEVGoogle | Google Chromium V8 Engine contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML… |
| CVE-2021-21017 | Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability KEVAdobe | Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the con… |
| CVE-2021-20124 | Draytek VigorConnect Path Traversal Vulnerability KEVDrayTek | Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could l… |
| CVE-2021-20123 | Draytek VigorConnect Path Traversal Vulnerability KEVDrayTek | Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability… |