CVEs from 2021
Total
6,258
critical
critical 272
high
high 976
medium
medium 1,141
low
low 135
% Critical
4.3%
% with KEV
3.4%
% with exploit
3.4%
Top products
- office 13
- 365_apps 6
- office_long_term_servicing_channel 6
- library_automation_system 5
- single_connect 4
- http_server 3
- solidfire 2
- student_information_management_system 2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2021-20028 | unknown | — | 1.5 | 4y ago | SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection. | |
| CVE-2021-38646 | unknown | — | 1.5 | 4y ago | Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution. | |
| CVE-2021-42237 | unknown | — | 1.5 | 4y ago | Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution. | |
| CVE-2021-22941 | unknown | — | 1.5 | 4y ago | Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller. | |
| CVE-2021-21973 | unknown | — | 1.5 | 4y ago | VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure. | |
| CVE-2021-41379 | unknown | — | 1.5 | 4y ago | Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation. | |
| CVE-2021-36934 | unknown | — | 1.5 | 4y ago | If a Volume Shadow Copy (VSS) shadow copy of the system drive is available, users can read the SAM file which would allow any user to escalate privileges to SYSTEM level. | |
| CVE-2021-20038 | unknown | — | 1.5 | 4y ago | SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution. | |
| CVE-2021-35247 | unknown | — | 1.5 | 4y ago | SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability that allows attackers to build and send queries without sanitization. | |
| CVE-2021-21975 | unknown | — | 1.5 | 4y ago | Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to s… | |
| CVE-2021-25296 | unknown | — | 1.5 | 4y ago | Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server. | |
| CVE-2021-40870 | unknown | — | 1.5 | 4y ago | Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal. | |
| CVE-2021-25298 | unknown | — | 1.5 | 4y ago | Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server. | |
| CVE-2021-33766 | unknown | — | 1.5 | 4y ago | Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target. | |
| CVE-2021-25297 | unknown | — | 1.5 | 4y ago | Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server. | |
| CVE-2021-22991 | unknown | — | 1.5 | 4y ago | The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls. | |
| CVE-2021-22017 | unknown | — | 1.5 | 4y ago | Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. | |
| CVE-2021-36260 | unknown | — | 1.5 | 4y ago | A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation. | |
| CVE-2021-27860 | unknown | — | 1.5 | 4y ago | A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. | |
| CVE-2021-43890 | unknown | — | 1.5 | 5y ago | Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability. | |
| CVE-2021-45046 | unknown | — | 1.5 | 5y ago | Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in… | |
| CVE-2021-35394 | unknown | — | 1.5 | 5y ago | RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution. | |
| CVE-2021-44515 | unknown | — | 1.5 | 5y ago | Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server. | |
| CVE-2021-44168 | unknown | — | 1.5 | 5y ago | Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files. | |
| CVE-2021-44077 | unknown | — | 1.5 | 5y ago | Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution | |
| CVE-2021-37415 | unknown | — | 1.5 | 5y ago | Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication | |
| CVE-2021-42292 | unknown | — | 1.5 | 5y ago | A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution. | |
| CVE-2021-40449 | unknown | — | 1.5 | 5y ago | Unspecified vulnerability allows for an authenticated user to escalate privileges. | |
| CVE-2021-42321 | unknown | — | 1.5 | 5y ago | An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution. | |
| CVE-2021-1498 | unknown | — | 1.5 | 5y ago | Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user. | |
| CVE-2021-26857 | unknown | — | 1.5 | 5y ago | Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain. | |
| CVE-2021-31955 | unknown | — | 1.5 | 5y ago | Microsoft Windows Kernel contains an unspecified vulnerability that allows for information disclosure. Successful exploitation allows attackers to read the contents of kernel memory from a user-mode … | |
| CVE-2021-22900 | unknown | — | 1.5 | 5y ago | Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the admin… | |
| CVE-2021-31979 | unknown | — | 1.5 | 5y ago | Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation. | |
| CVE-2021-1906 | unknown | — | 1.5 | 5y ago | Multiple Qualcomm chipsets contain a detection of error condition without action vulnerability when improper handling of address deregistration on failure can lead to new GPU address allocation failu… | |
| CVE-2021-27085 | unknown | — | 1.5 | 5y ago | Microsoft Internet Explorer contains an unspecified vulnerability that allows for remote code execution. | |
| CVE-2021-26858 | unknown | — | 1.5 | 5y ago | Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain. | |
| CVE-2021-26855 | unknown | — | 1.5 | 5y ago | Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain. | |
| CVE-2021-22899 | unknown | — | 1.5 | 5y ago | Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles. | |
| CVE-2021-30807 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, macOS, and watchOS IOMobileFrameBuffer contain a memory corruption vulnerability which may allow an application to execute code with kernel privileges. | |
| CVE-2021-1782 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condition vulnerability that may allow a malicious application to elevate privileges. | |
| CVE-2021-26084 | unknown | — | 1.5 | 5y ago | Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execute code. | |
| CVE-2021-38649 | unknown | — | 1.5 | 5y ago | Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation. | |
| CVE-2021-23874 | unknown | — | 1.5 | 5y ago | McAfee Total Protection (MTP) contains an improper privilege management vulnerability that allows a local user to gain elevated privileges and execute code, bypassing MTP self-defense. | |
| CVE-2021-27103 | unknown | — | 1.5 | 5y ago | Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html. | |
| CVE-2021-31199 | unknown | — | 1.5 | 5y ago | Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation. | |
| CVE-2021-28310 | unknown | — | 1.5 | 5y ago | Microsoft Windows Win32k contains an unspecified vulnerability that allows for privilege escalation. | |
| CVE-2021-20023 | unknown | — | 1.5 | 5y ago | SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Se… | |
| CVE-2021-35464 | unknown | — | 1.5 | 5y ago | ForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFram… | |
| CVE-2021-27059 | unknown | — | 1.5 | 5y ago | Microsoft Office contains an unspecified vulnerability that allows for remote code execution. | |
| CVE-2021-42258 | unknown | — | 1.5 | 5y ago | BQE BillQuick Web Suite contains an SQL injection vulnerability when accessing the username parameter that may allow for unauthenticated, remote code execution. | |
| CVE-2021-20021 | unknown | — | 1.5 | 5y ago | SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This… | |
| CVE-2021-27561 | unknown | — | 1.5 | 5y ago | Yealink Device Management contains a server-side request forgery (SSRF) vulnerability that allows for unauthenticated remote code execution. | |
| CVE-2021-36948 | unknown | — | 1.5 | 5y ago | Microsoft Windows Update Medic Service contains an unspecified vulnerability that allows for privilege escalation. | |
| CVE-2021-20022 | unknown | — | 1.5 | 5y ago | SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability ha… | |
| CVE-2021-34523 | unknown | — | 1.5 | 5y ago | Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. | |
| CVE-2021-30860 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerability is also known … | |
| CVE-2021-34473 | unknown | — | 1.5 | 5y ago | Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. | |
| CVE-2021-31207 | unknown | — | 1.5 | 5y ago | Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass. | |
| CVE-2021-21985 | unknown | — | 1.5 | 5y ago | VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code executio… | |
| CVE-2021-40539 | unknown | — | 1.5 | 5y ago | Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution. | |
| CVE-2021-1497 | unknown | — | 1.5 | 5y ago | Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the root user. | |
| CVE-2021-36741 | unknown | — | 1.5 | 5y ago | Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker to upload files. | |
| CVE-2021-36942 | unknown | — | 1.5 | 5y ago | Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to au… | |
| CVE-2021-22005 | unknown | — | 1.5 | 5y ago | VMware vCenter Server contains a file upload vulnerability in the Analytics service that allows a user with network access to port 443 to execute code. | |
| CVE-2021-36742 | unknown | — | 1.5 | 5y ago | Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation. | |
| CVE-2021-35211 | unknown | — | 1.5 | 5y ago | SolarWinds Serv-U contains an unspecified memory escape vulnerability which can allow for remote code execution. | |
| CVE-2021-38647 | unknown | — | 1.5 | 5y ago | Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution. | |
| CVE-2021-35395 | unknown | — | 1.5 | 5y ago | Realtek AP-Router SDK HTTP web server boa contains a buffer overflow vulnerability due to unsafe copies of some overly long parameters submitted in the form that lead to denial-of-service (DoS). | |
| CVE-2021-1905 | unknown | — | 1.5 | 5y ago | Multiple Qualcomm Chipsets contain a use after free vulnerability due to improper handling of memory mapping of multiple processes simultaneously. | |
| CVE-2021-22893 | unknown | — | 1.5 | 5y ago | Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services. | |
| CVE-2021-38648 | unknown | — | 1.5 | 5y ago | Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation. | |
| CVE-2021-36955 | unknown | — | 1.5 | 5y ago | Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation. | |
| CVE-2021-28664 | unknown | — | 1.5 | 5y ago | Arm Mali Graphics Processing Unit (GPU) kernel driver contains an unspecified vulnerability that may allow a non-privileged user to gain write access to read-only memory, gain root privilege, corrupt… | |
| CVE-2021-1675 | unknown | — | 1.5 | 5y ago | Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution. | |
| CVE-2021-22986 | unknown | — | 1.5 | 5y ago | F5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers with network access to execute system co… | |
| CVE-2021-22502 | unknown | — | 1.5 | 5y ago | Micro Focus Operation Bridge Report (OBR) contains an unspecified vulnerability that allows for remote code execution. | |
| CVE-2021-27065 | unknown | — | 1.5 | 5y ago | Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain. | |
| CVE-2021-28550 | unknown | — | 1.5 | 5y ago | Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user. | |
| CVE-2021-34527 | unknown | — | 1.5 | 5y ago | Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation allows an atta… | |
| CVE-2021-1732 | unknown | — | 1.5 | 5y ago | Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. | |
| CVE-2021-34448 | unknown | — | 1.5 | 5y ago | Microsoft Windows Scripting Engine contains an unspecified vulnerability that allows for memory corruption. | |
| CVE-2021-1647 | unknown | — | 1.5 | 5y ago | Microsoft Defender contains an unspecified vulnerability that allows for remote code execution. | |
| CVE-2021-30116 | unknown | — | 1.5 | 5y ago | Kaseya Virtual System/Server Administrator (VSA) contains an information disclosure vulnerability allowing an attacker to obtain the sessionId that can be used to execute further attacks against the … | |
| CVE-2021-30869 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, and macOS contain a type confusion vulnerability in the XNU which may allow a malicious application to execute code with kernel privileges. | |
| CVE-2021-33771 | unknown | — | 1.5 | 5y ago | Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation. | |
| CVE-2021-30713 | unknown | — | 1.5 | 5y ago | Apple macOS Transparency, Consent, and Control (TCC) contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences. | |
| CVE-2021-22506 | unknown | — | 1.5 | 5y ago | Micro Focus Access Manager contains an information leakage vulnerability resulting from a SAML service provider redirection issue when the Assertion Consumer Service URL is used. | |
| CVE-2021-30657 | unknown | — | 1.5 | 5y ago | Apple macOS contains an unspecified logic issue in System Preferences that may allow a malicious application to bypass Gatekeeper checks. | |
| CVE-2021-27101 | unknown | — | 1.5 | 5y ago | Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to document_root.html. | |
| CVE-2021-40444 | unknown | — | 1.5 | 5y ago | Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution. | |
| CVE-2021-31755 | unknown | — | 1.5 | 5y ago | Tenda AC11 devices contain a stack buffer overflow vulnerability in /goform/setmac which allows attackers to execute code via a crafted post request. | |
| CVE-2021-21017 | unknown | — | 1.5 | 5y ago | Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user. | |
| CVE-2021-31201 | unknown | — | 1.5 | 5y ago | Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation. | |
| CVE-2021-38645 | unknown | — | 1.5 | 5y ago | Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability that allows for privilege escalation. | |
| CVE-2021-20016 | unknown | — | 1.5 | 5y ago | SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker. | |
| CVE-2021-20090 | unknown | — | 1.5 | 5y ago | Arcadyan Buffalo firmware contains a path traversal vulnerability that could allow unauthenticated, remote attackers to bypass authentication and access sensitive information. This vulnerability affe… | |
| CVE-2021-33739 | unknown | — | 1.5 | 5y ago | Microsoft Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation. | |
| CVE-2021-31956 | unknown | — | 1.5 | 5y ago | Microsoft Windows New Technology File System (NTFS) contains an unspecified vulnerability that allows attackers to escalate privileges via a specially crafted application. | |
| CVE-2021-26411 | unknown | — | 1.5 | 5y ago | Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption. |