CVEs from 2021
Total
6,258
critical
critical 272
high
high 976
medium
medium 1,141
low
low 135
% Critical
4.3%
% with KEV
3.4%
% with exploit
3.4%
Top products
- office 13
- 365_apps 6
- office_long_term_servicing_channel 6
- library_automation_system 5
- single_connect 4
- http_server 3
- solidfire 2
- student_information_management_system 2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2021-31955 | unknown | — | 1.5 | 5y ago | Microsoft Windows Kernel contains an unspecified vulnerability that allows for information disclosure. Successful exploitation allows attackers to read the contents of kernel memory from a user-mode … | |
| CVE-2021-26858 | unknown | — | 1.5 | 5y ago | Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain. | |
| CVE-2021-20023 | unknown | — | 1.5 | 5y ago | SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Se… | |
| CVE-2021-26855 | unknown | — | 1.5 | 5y ago | Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain. | |
| CVE-2021-22900 | unknown | — | 1.5 | 5y ago | Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the admin… | |
| CVE-2021-30860 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerability is also known … | |
| CVE-2021-31755 | unknown | — | 1.5 | 5y ago | Tenda AC11 devices contain a stack buffer overflow vulnerability in /goform/setmac which allows attackers to execute code via a crafted post request. | |
| CVE-2021-35464 | unknown | — | 1.5 | 5y ago | ForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFram… | |
| CVE-2021-30869 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, and macOS contain a type confusion vulnerability in the XNU which may allow a malicious application to execute code with kernel privileges. | |
| CVE-2021-33742 | unknown | — | 1.5 | 5y ago | Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution. | |
| CVE-2021-27065 | unknown | — | 1.5 | 5y ago | Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain. | |
| CVE-2021-30657 | unknown | — | 1.5 | 5y ago | Apple macOS contains an unspecified logic issue in System Preferences that may allow a malicious application to bypass Gatekeeper checks. | |
| CVE-2021-1782 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condition vulnerability that may allow a malicious application to elevate privileges. | |
| CVE-2021-21985 | unknown | — | 1.5 | 5y ago | VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code executio… | |
| CVE-2021-42258 | unknown | — | 1.5 | 5y ago | BQE BillQuick Web Suite contains an SQL injection vulnerability when accessing the username parameter that may allow for unauthenticated, remote code execution. | |
| CVE-2021-27562 | unknown | — | 1.5 | 5y ago | Arm Trusted Firmware contains an out-of-bounds write vulnerability allowing the non-secure (NS) world to trigger a system halt, overwrite secure data, or print out secure data when calling secure fun… | |
| CVE-2021-34448 | unknown | — | 1.5 | 5y ago | Microsoft Windows Scripting Engine contains an unspecified vulnerability that allows for memory corruption. | |
| CVE-2021-36741 | unknown | — | 1.5 | 5y ago | Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker to upload files. | |
| CVE-2021-1498 | unknown | — | 1.5 | 5y ago | Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user. | |
| CVE-2021-1647 | unknown | — | 1.5 | 5y ago | Microsoft Defender contains an unspecified vulnerability that allows for remote code execution. | |
| CVE-2021-27085 | unknown | — | 1.5 | 5y ago | Microsoft Internet Explorer contains an unspecified vulnerability that allows for remote code execution. | |
| CVE-2021-36942 | unknown | — | 1.5 | 5y ago | Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to au… | |
| CVE-2021-35211 | unknown | — | 1.5 | 5y ago | SolarWinds Serv-U contains an unspecified memory escape vulnerability which can allow for remote code execution. | |
| CVE-2021-27104 | unknown | — | 1.5 | 5y ago | Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints. | |
| CVE-2021-38648 | unknown | — | 1.5 | 5y ago | Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation. | |
| CVE-2021-28663 | unknown | — | 1.5 | 5y ago | Arm Mali Graphics Processing Unit (GPU) kernel driver contains a use-after-free vulnerability that may allow a non-privileged user to make improper operations on GPU memory to gain root privilege, an… | |
| CVE-2021-22986 | unknown | — | 1.5 | 5y ago | F5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers with network access to execute system co… | |
| CVE-2021-22502 | unknown | — | 1.5 | 5y ago | Micro Focus Operation Bridge Report (OBR) contains an unspecified vulnerability that allows for remote code execution. | |
| CVE-2021-27102 | unknown | — | 1.5 | 5y ago | Accellion FTA contains an OS command injection vulnerability exploited via a local web service call. | |
| CVE-2021-28664 | unknown | — | 1.5 | 5y ago | Arm Mali Graphics Processing Unit (GPU) kernel driver contains an unspecified vulnerability that may allow a non-privileged user to gain write access to read-only memory, gain root privilege, corrupt… | |
| CVE-2021-31207 | unknown | — | 1.5 | 5y ago | Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass. | |
| CVE-2021-1497 | unknown | — | 1.5 | 5y ago | Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the root user. | |
| CVE-2021-20021 | unknown | — | 1.5 | 5y ago | SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This… | |
| CVE-2021-22899 | unknown | — | 1.5 | 5y ago | Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles. | |
| CVE-2021-26857 | unknown | — | 1.5 | 5y ago | Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain. | |
| CVE-2021-33771 | unknown | — | 1.5 | 5y ago | Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation. | |
| CVE-2021-31956 | unknown | — | 1.5 | 5y ago | Microsoft Windows New Technology File System (NTFS) contains an unspecified vulnerability that allows attackers to escalate privileges via a specially crafted application. | |
| CVE-2021-1906 | unknown | — | 1.5 | 5y ago | Multiple Qualcomm chipsets contain a detection of error condition without action vulnerability when improper handling of address deregistration on failure can lead to new GPU address allocation failu… | |
| CVE-2021-22506 | unknown | — | 1.5 | 5y ago | Micro Focus Access Manager contains an information leakage vulnerability resulting from a SAML service provider redirection issue when the Assertion Consumer Service URL is used. | |
| CVE-2021-21972 | unknown | — | 1.5 | 5y ago | VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute commands with unrest… | |
| CVE-2021-33739 | unknown | — | 1.5 | 5y ago | Microsoft Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation. | |
| CVE-2021-30713 | unknown | — | 1.5 | 5y ago | Apple macOS Transparency, Consent, and Control (TCC) contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences. | |
| CVE-2021-36742 | unknown | — | 1.5 | 5y ago | Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation. | |
| CVE-2021-1675 | unknown | — | 1.5 | 5y ago | Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution. | |
| CVE-2021-38649 | unknown | — | 1.5 | 5y ago | Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation. | |
| CVE-2021-26084 | unknown | — | 1.5 | 5y ago | Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execute code. | |
| CVE-2021-40444 | unknown | — | 1.5 | 5y ago | Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution. | |
| CVE-2021-20016 | unknown | — | 1.5 | 5y ago | SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker. | |
| CVE-2021-34527 | unknown | — | 1.5 | 5y ago | Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation allows an atta… | |
| CVE-2021-22894 | unknown | — | 1.5 | 5y ago | Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciously crafted meeting ro… | |
| CVE-2021-27103 | unknown | — | 1.5 | 5y ago | Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html. | |
| CVE-2021-36955 | unknown | — | 1.5 | 5y ago | Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation. | |
| CVE-2021-1732 | unknown | — | 1.5 | 5y ago | Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. | |
| CVE-2021-22005 | unknown | — | 1.5 | 5y ago | VMware vCenter Server contains a file upload vulnerability in the Analytics service that allows a user with network access to port 443 to execute code. | |
| CVE-2021-30116 | unknown | — | 1.5 | 5y ago | Kaseya Virtual System/Server Administrator (VSA) contains an information disclosure vulnerability allowing an attacker to obtain the sessionId that can be used to execute further attacks against the … | |
| CVE-2021-22893 | unknown | — | 1.5 | 5y ago | Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services. | |
| CVE-2021-1879 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, and watchOS WebKit contain an unspecified vulnerability that allows for universal cross-site scripting (XSS) when processing maliciously crafted web content. This vulnerability cou… | |
| CVE-2021-28550 | unknown | — | 1.5 | 5y ago | Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user. | |
| CVE-2021-31201 | unknown | — | 1.5 | 5y ago | Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation. | |
| CVE-2021-21017 | unknown | — | 1.5 | 5y ago | Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user. | |
| CVE-2021-27101 | unknown | — | 1.5 | 5y ago | Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to document_root.html. | |
| CVE-2021-20090 | unknown | — | 1.5 | 5y ago | Arcadyan Buffalo firmware contains a path traversal vulnerability that could allow unauthenticated, remote attackers to bypass authentication and access sensitive information. This vulnerability affe… | |
| CVE-2021-28310 | unknown | — | 1.5 | 5y ago | Microsoft Windows Win32k contains an unspecified vulnerability that allows for privilege escalation. | |
| CVE-2021-27561 | unknown | — | 1.5 | 5y ago | Yealink Device Management contains a server-side request forgery (SSRF) vulnerability that allows for unauthenticated remote code execution. | |
| CVE-2021-38645 | unknown | — | 1.5 | 5y ago | Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability that allows for privilege escalation. | |
| CVE-2021-32648 | unknown | — | 1.5 | 5y ago | In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. | |
| CVE-2021-39144 | unknown | — | 1.5 | 5y ago | XStream contains a remote code execution vulnerability that allows an attacker to manipulate the processed input stream and replace or inject objects that result in the execution of a local command o… | |
| CVE-2021-3129 | unknown | — | 1.5 | 5y ago | Laravel Ignition contains a file upload vulnerability that allows unauthenticated remote attackers to execute malicious code due to insecure usage of file_get_contents() and file_put_contents(). | |
| CVE-2021-21315 | unknown | — | 1.5 | 5y ago | In this vulnerability, an attacker can send a malicious payload that will exploit the name parameter. After successful exploitation, attackers can execute remote. | |
| CVE-2021-21311 | unknown | — | 1.5 | 5y ago | Adminer contains a server-side request forgery vulnerability that, when exploited, allows a remote attacker to obtain potentially sensitive information. | |
| CVE-2021-46908 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bpf: Use correct permission flag for mixed signed bounds arithmetic We forbid adding unknown scalars with mixed signed bounds due… | |
| CVE-2021-47014 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix wild memory access when clearing fragments while testing re-assembly/re-fragmentation using act_ct, it's p… | |
| CVE-2021-28704 | unknown | — | — | — | PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be starte… | |
| CVE-2021-4147 | unknown | — | — | — | A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition. | |
| CVE-2021-46989 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: hfsplus: prevent corruption in shrinking truncate I believe there are some issues introduced by commit 31651c607151 ("hfsplus: av… | |
| CVE-2021-47000 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ceph: fix inode leak on getattr error in __fh_to_dentry | |
| CVE-2021-47132 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mptcp: fix sk_forward_memory corruption on retransmission MPTCP sk_forward_memory handling is a bit special, as such field is pro… | |
| CVE-2021-42391 | unknown | — | — | — | Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0. | |
| CVE-2021-29424 | unknown | — | — | — | The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass ac… | |
| CVE-2021-46951 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tpm: efi: Use local variable for calculating final log size When tpm_read_log_efi is called multiple times, which happens when on… | |
| CVE-2021-42530 | unknown | — | — | — | XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploita… | |
| CVE-2021-25314 | unknown | — | — | — | ||
| CVE-2021-46948 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: sfc: farch: fix TX queue lookup in TX event handling We're starting from a TXQ label, not a TXQ type, so efx_channel_get_tx_queu… | |
| CVE-2021-44499 | unknown | — | — | — | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a… | |
| CVE-2021-47180 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: NFC: nci: fix memory leak in nci_allocate_device nfcmrvl_disconnect fails to free the hci_dev field in struct nci_dev. Fix this b… | |
| CVE-2021-44647 | unknown | — | — | — | Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service. | |
| CVE-2021-28715 | unknown | — | — | — | Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which C… | |
| CVE-2021-47023 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix port event handling on init For some reason there might be a crash during ports creation if port even… | |
| CVE-2021-3466 | unknown | — | — | — | A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that… | |
| CVE-2021-4456 | unknown | — | — | — | Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have unspecified impact. The functions `addr2cidr` and `cidrlookup` may return leading zeros in a CIDR… | |
| CVE-2021-46971 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix unconditional security_locked_down() call Currently, the lockdown state is queried unconditionally, even though it… | |
| CVE-2021-47117 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed We got follow bug_on when run fsstress with injecting IO … | |
| CVE-2021-20209 | unknown | — | — | — | A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured. | |
| CVE-2021-46966 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ACPI: custom_method: fix potential use-after-free issue In cm_write(), buf is always freed when reaching the end of the function.… | |
| CVE-2021-47030 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: fix memory leak in mt7615_coredump_work Similar to the issue fixed in mt7921_coredump_work, fix a possible memory l… | |
| CVE-2021-4442 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity tests to TCP_QUEUE_SEQ Qingyu Li reported a syzkaller bug where the repro changes RCV SEQ _after_ restoring data … | |
| CVE-2021-33114 | unknown | — | — | — | ||
| CVE-2021-32739 | unknown | — | — | — | Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a… | |
| CVE-2021-46967 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: vhost-vdpa: fix vm_flags for virtqueue doorbell mapping The virtqueue doorbell is usually implemented via registeres but we don't… | |
| CVE-2021-47075 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nvmet: fix memory leak in nvmet_alloc_ctrl() When creating ctrl in nvmet_alloc_ctrl(), if the cntlid_min is larger than cntlid_ma… |