CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 120 / 119
«« 先頭 « 前へ 1 / 6 次へ »
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2021-37136 The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack 7.5 5.65% 2021-10-19 2026-06-17
CVE-2021-37137 The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk. 7.5 6.28% 2021-10-19 2026-06-17
CVE-2021-42373 A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given 5.5 0.38% 2021-11-15 2026-06-17
CVE-2021-42374 An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that 5.3 0.58% 2021-11-15 2026-06-17
CVE-2021-42375 An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input. 5.5 0.38% 2021-11-15 2026-06-17
CVE-2021-42376 A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. 5.5 0.40% 2021-11-15 2026-06-17
CVE-2021-42377 An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input. 9.8 3.38% 2021-11-15 2026-06-17
CVE-2021-42378 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function 7.2 2.54% 2021-11-15 2026-06-17
CVE-2021-42379 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function 7.2 2.58% 2021-11-15 2026-06-17
CVE-2021-42380 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function 7.2 2.79% 2021-11-15 2026-06-17
CVE-2021-42381 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function 7.2 2.58% 2021-11-15 2026-06-17
CVE-2021-42382 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function 7.2 2.54% 2021-11-15 2026-06-17
CVE-2021-42383 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function 7.2 2.12% 2021-11-15 2026-06-17
CVE-2021-42384 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function 7.2 2.54% 2021-11-15 2026-06-17
CVE-2021-42385 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function 7.2 2.58% 2021-11-15 2026-06-17
CVE-2021-42386 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function 7.2 2.54% 2021-11-15 2026-06-17
CVE-2021-3860 JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query. 8.8 1.00% 2021-12-20 2026-06-17
CVE-2021-42392 The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution. 9.8 63.21% 2022-01-10 2026-06-17
CVE-2021-43298 The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver's response time until the unauthorized (401) response. 9.8 2.26% 2022-01-25 2026-06-17
CVE-2021-43299 Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. 9.8 2.48% 2022-02-16 2026-06-17
«« 先頭 « 前へ 1 / 6 次へ »
cvelogic Threat Intelligence