CVEs from 2021
Total
4,866
critical
critical 279
high
high 1,005
medium
medium 1,166
low
low 138
% Critical
5.7%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- office 13
- primavera_gateway 10
- weblogic_server 9
- modicon_m340_bmxp342020 8
- log4j 8
- primavera_unifier 8
- retail_service_backbone 7
- communications_unified_inventory_management 7
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-22986 | unknown | — | 2.5 | 5y ago | F5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers with network access to execute system co… | |||
| CVE-2021-35464 | unknown | — | 2.5 | 5y ago | ForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFram… | |||
| CVE-2021-27065 | unknown | — | 2.5 | 5y ago | Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain. | |||
| CVE-2021-1498 | unknown | — | 2.5 | 5y ago | Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user. | |||
| CVE-2021-21972 | unknown | — | 2.5 | 5y ago | VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute commands with unrest… | |||
| CVE-2021-21985 | unknown | — | 2.5 | 5y ago | VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code executio… | |||
| CVE-2021-40444 | unknown | — | 2.5 | 5y ago | Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution. | |||
| CVE-2021-38647 | unknown | — | 2.5 | 5y ago | Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution. | |||
| CVE-2021-34527 | unknown | — | 2.5 | 5y ago | Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation allows an atta… | |||
| CVE-2021-1675 | unknown | — | 2.5 | 5y ago | Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution. | |||
| CVE-2021-31207 | unknown | — | 2.5 | 5y ago | Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass. | |||
| CVE-2021-39144 | unknown | — | 2.5 | 5y ago | XStream contains a remote code execution vulnerability that allows an attacker to manipulate the processed input stream and replace or inject objects that result in the execution of a local command o… | |||
| CVE-2021-3129 | unknown | — | 2.5 | 5y ago | Laravel Ignition contains a file upload vulnerability that allows unauthenticated remote attackers to execute malicious code due to insecure usage of file_get_contents() and file_put_contents(). | |||
| CVE-2021-22054 | unknown | — | 1.5 | 3mo ago | Omnissa Workspace One UEM formerly known as VMware Workspace One UEM contains a server-side request forgery (SSRF) vulnerability that could allow a malicious actor with network access to UEM to send … | |||
| CVE-2021-22681 | unknown | — | 1.5 | 3mo ago | Multiple Rockwell products contain an insufficient protected credentials vulnerability. Studio 5000 Logix Designer software may allow a key to be discovered. This key is used to verify Logix controll… | |||
| CVE-2021-22175 | unknown | — | 1.5 | 3mo ago | GitLab contains a server-side request forgery (SSRF) vulnerability when requests to the internal network for webhooks are enabled. | |||
| CVE-2021-26828 | unknown | — | 1.5 | 6mo ago | OpenPLC ScadaBR contains an unrestricted upload of file with dangerous type vulnerability that allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm. | |||
| CVE-2021-26829 | unknown | — | 1.5 | 6mo ago | OpenPLC ScadaBR contains a cross-site scripting vulnerability via system_settings.shtm. | |||
| CVE-2021-43226 | unknown | — | 1.5 | 8mo ago | Microsoft Windows Common Log File System Driver contains a privilege escalation vulnerability that could allow a local, privileged attacker to bypass certain security mechanisms. | |||
| CVE-2021-32030 | unknown | — | 1.5 | 1y ago | ASUS Lyra Mini and ASUS GT-AC2900 devices contain an improper authentication vulnerability that allows an attacker to gain unauthorized access to the administrative interface. The impacted products c… | |||
| CVE-2021-20035 | unknown | — | 1.5 | 1y ago | SonicWall SMA100 appliances contain an OS command injection vulnerability in the management interface that allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user, whic… | |||
| CVE-2021-44207 | unknown | — | 1.5 | 1y ago | Acclaim Systems USAHERDS contains a hard-coded credentials vulnerability that could allow an attacker to achieve remote code execution on the system that runs the application. The MachineKey must be … | |||
| CVE-2021-40407 | unknown | — | 1.5 | 2y ago | Reolink RLC-410W IP cameras contain an authenticated OS command injection vulnerability in the device network settings functionality. | |||
| CVE-2021-41277 | unknown | — | 1.5 | 2y ago | Metabase contains a local file inclusion vulnerability in the custom map support in the API to read GeoJSON formatted data. | |||
| CVE-2021-20124 | unknown | — | 1.5 | 2y ago | Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download a… | |||
| CVE-2021-20123 | unknown | — | 1.5 | 2y ago | Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the un… | |||
| CVE-2021-33045 | unknown | — | 1.5 | 2y ago | Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication. | |||
| CVE-2021-33044 | unknown | — | 1.5 | 2y ago | Dahua IP cameras and related products contain an authentication bypass vulnerability when the NetKeyboard type argument is specified by the client during authentication. | |||
| CVE-2021-31196 | unknown | — | 1.5 | 2y ago | Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution. | |||
| CVE-2021-40655 | unknown | — | 1.5 | 2y ago | D-Link DIR-605 routers contain an information disclosure vulnerability that allows attackers to obtain a username and password by forging a post request to the /getcfg.php page. | |||
| CVE-2021-36380 | unknown | — | 1.5 | 2y ago | Sunhillo SureLine contains an OS command injection vulnerability that allows an attacker to cause a denial-of-service or utilize the device for persistence on the network via shell metacharacters in … | |||
| CVE-2021-29256 | unknown | — | 1.5 | 3y ago | Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information. | |||
| CVE-2021-25395 | unknown | — | 1.5 | 3y ago | Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised. | |||
| CVE-2021-25487 | unknown | — | 1.5 | 3y ago | Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in set_skb_priv(), leading to remote code execution… | |||
| CVE-2021-25489 | unknown | — | 1.5 | 3y ago | Samsung mobile devices contain an improper input validation vulnerability within the modem interface driver that results in a format string bug leading to kernel panic. | |||
| CVE-2021-25394 | unknown | — | 1.5 | 3y ago | Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised. | |||
| CVE-2021-25371 | unknown | — | 1.5 | 3y ago | Samsung mobile devices contain an unspecified vulnerability within DSP driver that allows attackers to load ELF libraries inside DSP. | |||
| CVE-2021-25372 | unknown | — | 1.5 | 3y ago | Samsung mobile devices contain an improper boundary check vulnerability within DSP driver that allows for out-of-bounds memory access. | |||
| CVE-2021-44026 | unknown | — | 1.5 | 3y ago | Roundcube Webmail is vulnerable to SQL injection via search or search_params. | |||
| CVE-2021-30900 | unknown | — | 1.5 | 3y ago | Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges. | |||
| CVE-2021-25337 | unknown | — | 1.5 | 4y ago | Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with … | |||
| CVE-2021-25370 | unknown | — | 1.5 | 4y ago | Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. … | |||
| CVE-2021-25369 | unknown | — | 1.5 | 4y ago | Samsung mobile devices using Mali GPU contains an improper access control vulnerability in sec_log file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This … | |||
| CVE-2021-38406 | unknown | — | 1.5 | 4y ago | Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files (improper input validation) resulting in an out-of-bounds write that allows for code exec… | |||
| CVE-2021-31010 | unknown | — | 1.5 | 4y ago | In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions. | |||
| CVE-2021-30983 | unknown | — | 1.5 | 4y ago | Apple iOS and iPadOS contain a buffer overflow vulnerability that could allow an application to execute code with kernel privileges. | |||
| CVE-2021-38163 | unknown | — | 1.5 | 4y ago | SAP NetWeaver contains a vulnerability that allows unrestricted file upload. | |||
| CVE-2021-1048 | unknown | — | 1.5 | 4y ago | Android kernel contains a use-after-free vulnerability that allows for privilege escalation. | |||
| CVE-2021-30883 | unknown | — | 1.5 | 4y ago | Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for remote code execution. | |||
| CVE-2021-41357 | unknown | — | 1.5 | 4y ago | Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2021-40450 | unknown | — | 1.5 | 4y ago | Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2021-42287 | unknown | — | 1.5 | 4y ago | Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2021-27852 | unknown | — | 1.5 | 4y ago | Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. | |||
| CVE-2021-42278 | unknown | — | 1.5 | 4y ago | Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2021-22600 | unknown | — | 1.5 | 4y ago | Linux Kernel contains a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service (DoS) or possibly fo… | |||
| CVE-2021-39793 | unknown | — | 1.5 | 4y ago | Google Pixel contains a possible out-of-bounds write due to a logic error in the code that could lead to local escalation of privilege. | |||
| CVE-2021-45382 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file. | |||
| CVE-2021-34484 | unknown | — | 1.5 | 4y ago | Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2021-28799 | unknown | — | 1.5 | 4y ago | QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device. | |||
| CVE-2021-38646 | unknown | — | 1.5 | 4y ago | Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution. | |||
| CVE-2021-34486 | unknown | — | 1.5 | 4y ago | Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation. | |||
| CVE-2021-20028 | unknown | — | 1.5 | 4y ago | SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection. | |||
| CVE-2021-22941 | unknown | — | 1.5 | 4y ago | Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller. | |||
| CVE-2021-21973 | unknown | — | 1.5 | 4y ago | VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure. | |||
| CVE-2021-41379 | unknown | — | 1.5 | 4y ago | Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2021-20038 | unknown | — | 1.5 | 4y ago | SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution. | |||
| CVE-2021-35247 | unknown | — | 1.5 | 4y ago | SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability that allows attackers to build and send queries without sanitization. | |||
| CVE-2021-22991 | unknown | — | 1.5 | 4y ago | The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls. | |||
| CVE-2021-33766 | unknown | — | 1.5 | 4y ago | Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target. | |||
| CVE-2021-40870 | unknown | — | 1.5 | 4y ago | Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal. | |||
| CVE-2021-27860 | unknown | — | 1.5 | 4y ago | A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. | |||
| CVE-2021-22017 | unknown | — | 1.5 | 4y ago | Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. | |||
| CVE-2021-43890 | unknown | — | 1.5 | 5y ago | Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability. | |||
| CVE-2021-44515 | unknown | — | 1.5 | 5y ago | Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server. | |||
| CVE-2021-35394 | unknown | — | 1.5 | 5y ago | RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution. | |||
| CVE-2021-44168 | unknown | — | 1.5 | 5y ago | Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files. | |||
| CVE-2021-37415 | unknown | — | 1.5 | 5y ago | Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication | |||
| CVE-2021-42292 | unknown | — | 1.5 | 5y ago | A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution. | |||
| CVE-2021-20021 | unknown | — | 1.5 | 5y ago | SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This… | |||
| CVE-2021-22506 | unknown | — | 1.5 | 5y ago | Micro Focus Access Manager contains an information leakage vulnerability resulting from a SAML service provider redirection issue when the Assertion Consumer Service URL is used. | |||
| CVE-2021-23874 | unknown | — | 1.5 | 5y ago | McAfee Total Protection (MTP) contains an improper privilege management vulnerability that allows a local user to gain elevated privileges and execute code, bypassing MTP self-defense. | |||
| CVE-2021-26411 | unknown | — | 1.5 | 5y ago | Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption. | |||
| CVE-2021-26858 | unknown | — | 1.5 | 5y ago | Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain. | |||
| CVE-2021-35211 | unknown | — | 1.5 | 5y ago | SolarWinds Serv-U contains an unspecified memory escape vulnerability which can allow for remote code execution. | |||
| CVE-2021-22900 | unknown | — | 1.5 | 5y ago | Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the admin… | |||
| CVE-2021-34448 | unknown | — | 1.5 | 5y ago | Microsoft Windows Scripting Engine contains an unspecified vulnerability that allows for memory corruption. | |||
| CVE-2021-1879 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, and watchOS WebKit contain an unspecified vulnerability that allows for universal cross-site scripting (XSS) when processing maliciously crafted web content. This vulnerability cou… | |||
| CVE-2021-30713 | unknown | — | 1.5 | 5y ago | Apple macOS Transparency, Consent, and Control (TCC) contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences. | |||
| CVE-2021-1782 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condition vulnerability that may allow a malicious application to elevate privileges. | |||
| CVE-2021-22893 | unknown | — | 1.5 | 5y ago | Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services. | |||
| CVE-2021-20023 | unknown | — | 1.5 | 5y ago | SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Se… | |||
| CVE-2021-20016 | unknown | — | 1.5 | 5y ago | SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker. | |||
| CVE-2021-20022 | unknown | — | 1.5 | 5y ago | SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability ha… | |||
| CVE-2021-27561 | unknown | — | 1.5 | 5y ago | Yealink Device Management contains a server-side request forgery (SSRF) vulnerability that allows for unauthenticated remote code execution. | |||
| CVE-2021-27104 | unknown | — | 1.5 | 5y ago | Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints. | |||
| CVE-2021-27102 | unknown | — | 1.5 | 5y ago | Accellion FTA contains an OS command injection vulnerability exploited via a local web service call. | |||
| CVE-2021-27101 | unknown | — | 1.5 | 5y ago | Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to document_root.html. | |||
| CVE-2021-27103 | unknown | — | 1.5 | 5y ago | Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html. | |||
| CVE-2021-31201 | unknown | — | 1.5 | 5y ago | Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2021-31979 | unknown | — | 1.5 | 5y ago | Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation. |