NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2021-23163 | JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.33.6 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x. | 3.1 | 0.31% | 2022-07-06 | 2026-06-16 |
| CVE-2021-37136 | The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack | 7.5 | 5.65% | 2021-10-19 | 2026-06-17 |
| CVE-2021-37137 | The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk. | 7.5 | 6.28% | 2021-10-19 | 2026-06-17 |
| CVE-2021-3860 | JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query. | 8.8 | 1.00% | 2021-12-20 | 2026-06-17 |
| CVE-2021-41834 | JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation. | 5.3 | 0.53% | 2022-05-23 | 2026-06-17 |
| CVE-2021-42373 | A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given | 5.5 | 0.38% | 2021-11-15 | 2026-06-17 |
| CVE-2021-42374 | An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that | 5.3 | 0.58% | 2021-11-15 | 2026-06-17 |
| CVE-2021-42375 | An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input. | 5.5 | 0.38% | 2021-11-15 | 2026-06-17 |
| CVE-2021-42376 | A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. | 5.5 | 0.40% | 2021-11-15 | 2026-06-17 |
| CVE-2021-42377 | An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input. | 9.8 | 3.38% | 2021-11-15 | 2026-06-17 |
| CVE-2021-42378 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function | 7.2 | 2.54% | 2021-11-15 | 2026-06-17 |
| CVE-2021-42379 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function | 7.2 | 2.58% | 2021-11-15 | 2026-06-17 |
| CVE-2021-42380 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function | 7.2 | 2.79% | 2021-11-15 | 2026-06-17 |
| CVE-2021-42381 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function | 7.2 | 2.58% | 2021-11-15 | 2026-06-17 |
| CVE-2021-42382 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function | 7.2 | 2.54% | 2021-11-15 | 2026-06-17 |
| CVE-2021-42383 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function | 7.2 | 2.12% | 2021-11-15 | 2026-06-17 |
| CVE-2021-42384 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function | 7.2 | 2.54% | 2021-11-15 | 2026-06-17 |
| CVE-2021-42385 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function | 7.2 | 2.58% | 2021-11-15 | 2026-06-17 |
| CVE-2021-42386 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function | 7.2 | 2.54% | 2021-11-15 | 2026-06-17 |
| CVE-2021-42387 | Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in the length of a copy operation, without checking the upper bounds of the source of the copy operation. | 8.1 | 1.55% | 2022-03-14 | 2026-06-17 |