Search and browse vulnerability records from NVD
Showing 50 of 42013 CVEs
| CVE ID | Severity | Description | EPSS | Published | |
|---|---|---|---|---|---|
|
CVE-2021-1048
KEV
|
7.8 HIGH |
In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204573007References: Upstream kernel |
1.0% | 2021-12-15 | |
|
CVE-2021-43890
KEV
|
7.1 HIGH |
We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader. An attacker could craft a malicious attachment to be used in phishing campaigns. The attacker would then have to convince the user to open the specially crafted attachment. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Please see the Security Updates table for the link to the updated app. Alternatively you can download and install the Installer using the links provided in the FAQ section. Please see the Mitigations and Workaround sections for important information about steps you can take to protect your system from this vulnerability. December 27 2023 Update: In recent months, Microsoft Threat Intelligence has seen an increase in activity from threat actors leveraging social engineering and phishing techniques to target Windows OS users and utilizing the ms-appinstaller URI scheme. To address this increase in activity, we have updated the App Installer to disable the ms-appinstaller protocol by default and recommend other potential mitigations. |
10.3% | 2021-12-15 | |
| 7.8 HIGH |
Microsoft Office Graphics Remote Code Execution Vulnerability |
5.1% | 2021-12-15 | ||
| 7.8 HIGH |
Microsoft Excel Remote Code Execution Vulnerability |
2.1% | 2021-12-15 | ||
|
CVE-2021-43226
KEV
|
7.8 HIGH |
Windows Common Log File System Driver Elevation of Privilege Vulnerability |
3.1% | 2021-12-15 | |
| 7.5 HIGH |
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. |
81.1% | 2021-12-14 | ||
| 7.8 HIGH |
CPAN 2.28 allows Signature Verification Bypass. |
0.8% | 2021-12-13 | ||
| 7.8 HIGH |
An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a v cycle. |
0.3% | 2021-12-07 | ||
| 7.1 HIGH |
The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral. |
0.3% | 2021-12-07 | ||
|
CVE-2021-43798
KEV
|
7.5 HIGH |
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline. |
88.8% | 2021-12-07 | |
| 7.5 HIGH |
calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py. |
5.0% | 2021-12-07 | ||
| 8.1 HIGH |
NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. |
1.9% | 2021-12-01 | ||
| 7.8 HIGH |
vim is vulnerable to Heap-based Buffer Overflow |
1.8% | 2021-12-01 | ||
| 8.8 HIGH |
The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user |
1.3% | 2021-11-29 | ||
| 8.8 HIGH |
A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. This issue exists in service_attr_req gets called by process_request (in sdpd-request.c), which also allocates the response buffer. |
1.4% | 2021-11-29 | ||
| 8.1 HIGH |
An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential on an Azure AD Application or Service Principal (which is not recommended). This vulnerability allows a user or service in the tenant with application read access to read the private key data that was added to the application. Azure AD addressed this vulnerability by preventing disclosure of any private key values added to the application. Microsoft has identified services that could manifest this vulnerability, and steps that customers should take to be protected. Refer to the FAQ section for more information. For more details on this issue, please refer to the MSRC Blog Entry. |
3.1% | 2021-11-24 | ||
|
CVE-2021-38003
KEV
|
8.8 HIGH |
Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
36.2% | 2021-11-23 | |
| 8.1 HIGH |
When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1. |
1.0% | 2021-11-22 | ||
| 7.2 HIGH |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function |
2.5% | 2021-11-15 | ||
| 7.2 HIGH |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function |
2.6% | 2021-11-15 | ||
| 7.2 HIGH |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function |
2.5% | 2021-11-15 | ||
| 7.2 HIGH |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function |
2.5% | 2021-11-15 | ||
| 7.2 HIGH |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function |
2.6% | 2021-11-15 | ||
| 7.2 HIGH |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function |
2.8% | 2021-11-15 | ||
| 7.2 HIGH |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function |
2.6% | 2021-11-15 | ||
| 7.2 HIGH |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function |
2.5% | 2021-11-15 | ||
| 8.8 HIGH |
The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group. |
10.0% | 2021-11-10 | ||
|
CVE-2021-42321
KEV
|
8.8 HIGH |
Microsoft Exchange Server Remote Code Execution Vulnerability |
90.4% | 2021-11-10 | |
| 7.8 HIGH |
Microsoft Word Remote Code Execution Vulnerability |
0.9% | 2021-11-10 | ||
|
CVE-2021-42292
KEV
|
7.8 HIGH |
Microsoft Excel Security Feature Bypass Vulnerability |
31.9% | 2021-11-10 | |
|
CVE-2021-42287
KEV
|
7.5 HIGH |
Active Directory Domain Services Elevation of Privilege Vulnerability |
74.3% | 2021-11-10 | |
|
CVE-2021-42278
KEV
|
7.5 HIGH |
Active Directory Domain Services Elevation of Privilege Vulnerability |
70.2% | 2021-11-10 | |
| 7.6 HIGH |
A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exists when Power BI Report Server Template file (pbix) containing HTML files is uploaded to the server and HTML files are accessed directly by the victim. Combining these 2 vulnerabilities together, an attacker is able to upload malicious Power BI templates files to the server using the victim's session and run scripts in the security context of the user and perform privilege escalation in case the victim has admin privileges when the victim access one of the HTML files present in the malicious Power BI template uploaded. The security update addresses the vulnerability by helping to ensure that Power BI Report Server properly sanitize file uploads. |
0.6% | 2021-11-10 | ||
|
CVE-2021-30807
KEV
|
7.8 HIGH |
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. |
28.8% | 2021-10-19 | |
| 7.8 HIGH |
vim is vulnerable to Heap-based Buffer Overflow |
1.4% | 2021-10-19 | ||
|
CVE-2021-20124
KEV
|
7.5 HIGH |
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. |
69.2% | 2021-10-13 | |
|
CVE-2021-20123
KEV
|
7.5 HIGH |
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. |
74.3% | 2021-10-13 | |
|
CVE-2021-41357
KEV
|
7.8 HIGH |
Win32k Elevation of Privilege Vulnerability |
2.0% | 2021-10-13 | |
|
CVE-2021-40450
KEV
|
7.8 HIGH |
Win32k Elevation of Privilege Vulnerability |
2.0% | 2021-10-13 | |
|
CVE-2021-40449
KEV
|
7.8 HIGH |
Win32k Elevation of Privilege Vulnerability |
73.4% | 2021-10-13 | |
| 7.5 HIGH |
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service. |
3.1% | 2021-10-11 | ||
|
CVE-2021-37975
KEV
|
8.8 HIGH |
Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
34.9% | 2021-10-08 | |
|
CVE-2021-30632
KEV
|
8.8 HIGH |
Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
64.5% | 2021-10-08 | |
|
CVE-2021-25487
KEV
|
7.3 HIGH |
Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer. |
0.6% | 2021-10-06 | |
| 7.8 HIGH |
XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a specially-crafted .cpp file. |
5.4% | 2021-10-04 | ||
| 7.8 HIGH |
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. |
0.3% | 2021-10-01 | ||
| 7.5 HIGH |
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network. |
4.2% | 2021-09-29 | ||
| 7.0 HIGH |
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. |
2.4% | 2021-09-26 | ||
|
CVE-2021-40655
KEV
|
7.5 HIGH |
An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page |
87.0% | 2021-09-24 | |
| 7.4 HIGH |
A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a Layer 2 (L2) loop in a configured VLAN, resulting in a denial of service (DoS) condition for that VLAN. The vulnerability is due to a logic error when processing specific link-local IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet that would flow inbound through the wired interface of an affected device. A successful exploit could allow the attacker to cause traffic drops in the affected VLAN, thus triggering the DoS condition. |
0.8% | 2021-09-23 |