CVEs from 2021
Total
6,257
critical
critical 272
high
high 976
medium
medium 1,141
low
low 135
% Critical
4.3%
% with KEV
3.4%
% with exploit
3.4%
Top products
- office 13
- 365_apps 6
- office_long_term_servicing_channel 6
- library_automation_system 5
- single_connect 4
- http_server 3
- solidfire 2
- student_information_management_system 2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2021-33771 | unknown | — | 1.5 | 5y ago | Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation. | |
| CVE-2021-28664 | unknown | — | 1.5 | 5y ago | Arm Mali Graphics Processing Unit (GPU) kernel driver contains an unspecified vulnerability that may allow a non-privileged user to gain write access to read-only memory, gain root privilege, corrupt… | |
| CVE-2021-28663 | unknown | — | 1.5 | 5y ago | Arm Mali Graphics Processing Unit (GPU) kernel driver contains a use-after-free vulnerability that may allow a non-privileged user to make improper operations on GPU memory to gain root privilege, an… | |
| CVE-2021-27102 | unknown | — | 1.5 | 5y ago | Accellion FTA contains an OS command injection vulnerability exploited via a local web service call. | |
| CVE-2021-27562 | unknown | — | 1.5 | 5y ago | Arm Trusted Firmware contains an out-of-bounds write vulnerability allowing the non-secure (NS) world to trigger a system halt, overwrite secure data, or print out secure data when calling secure fun… | |
| CVE-2021-27104 | unknown | — | 1.5 | 5y ago | Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints. | |
| CVE-2021-21972 | unknown | — | 1.5 | 5y ago | VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute commands with unrest… | |
| CVE-2021-27059 | unknown | — | 1.5 | 5y ago | Microsoft Office contains an unspecified vulnerability that allows for remote code execution. | |
| CVE-2021-32648 | unknown | — | 1.5 | 5y ago | In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. | |
| CVE-2021-39144 | unknown | — | 1.5 | 5y ago | XStream contains a remote code execution vulnerability that allows an attacker to manipulate the processed input stream and replace or inject objects that result in the execution of a local command o… | |
| CVE-2021-3129 | unknown | — | 1.5 | 5y ago | Laravel Ignition contains a file upload vulnerability that allows unauthenticated remote attackers to execute malicious code due to insecure usage of file_get_contents() and file_put_contents(). | |
| CVE-2021-21315 | unknown | — | 1.5 | 5y ago | In this vulnerability, an attacker can send a malicious payload that will exploit the name parameter. After successful exploitation, attackers can execute remote. | |
| CVE-2021-21311 | unknown | — | 1.5 | 5y ago | Adminer contains a server-side request forgery vulnerability that, when exploited, allows a remote attacker to obtain potentially sensitive information. |