CVEs from 2021
Total
6,232
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
4.4%
% with KEV
3.4%
% with exploit
3.4%
Top products
- office 13
- 365_apps 6
- office_long_term_servicing_channel 6
- library_automation_system 5
- single_connect 4
- http_server 3
- solidfire 2
- student_information_management_system 2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2021-3156 | critical | — | 10.0 | 4y ago | Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation. | |
| CVE-2021-4102 | critical | — | 10.0 | 5y ago | Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multipl… | |
| CVE-2021-44228 | critical | — | 10.0 | 5y ago | Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution. | |
| CVE-2021-30551 | critical | — | 10.0 | 5y ago | multiple issues in chromium | |
| CVE-2021-21148 | critical | — | 10.0 | 5y ago | multiple issues in chromium | |
| CVE-2021-22205 | critical | — | 10.0 | 5y ago | GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through Exi… | |
| CVE-2021-42013 | critical | — | 10.0 | 5y ago | Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under defa… | |
| CVE-2021-30952 | medium | — | 7.0 | 3mo ago | Moderate: webkit2gtk3 security, bug fix, and enhancement update | |
| CVE-2021-1789 | medium | — | 7.0 | 4y ago | Moderate: GNOME security, bug fix, and enhancement update | |
| CVE-2021-22204 | medium | — | 7.0 | 5y ago | Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image | |
| CVE-2021-1870 | medium | — | 7.0 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |
| CVE-2021-30663 | medium | — | 7.0 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |
| CVE-2021-30761 | medium | — | 7.0 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |
| CVE-2021-30665 | medium | — | 7.0 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |
| CVE-2021-30661 | medium | — | 7.0 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |
| CVE-2021-30762 | medium | — | 7.0 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |
| CVE-2021-30858 | medium | — | 7.0 | 5y ago | Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers t… | |
| CVE-2021-30666 | medium | — | 7.0 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |
| CVE-2021-1871 | medium | — | 7.0 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |
| CVE-2021-44026 | unknown | — | 1.5 | 3y ago | Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params. |