213 CVEs published in 2021. 213 flagged on the CISA Known Exploited Vulnerabilities catalog. Every guide includes runnable Linux, Windows PowerShell, and Bash remediation commands.
213 fix guides from 2021 ⚠ 213 actively exploited (CISA KEV)CVE-2021-1497 lets unauthenticated attackers run code on Cisco HyperFlex HX via the web management UI. Patched builds and HX hardening steps
CVE-2021-1498 is a sibling vulnerability in the same Cisco HyperFlex HX advisory as CVE-2021-1497. Same patched build.
CVE-2021-1870 is a remote code execution flaw in iOS and iPadOS, macOS. Verified patched version and mitigations from the official advisory.
CVE-2021-1871 is a remote code execution flaw in iOS and iPadOS, macOS. Verified patched version and mitigations from the official advisory.
CVE-2021-20016 is a sql injection flaw in SonicWall SMA100. Verified patched version and mitigations from the official advisory.
CVE-2021-20021 is a privilege escalation flaw in Email Security. Verified patched version and mitigations from the official advisory.
CVE-2021-20028 is a sql injection flaw in SonicWall SRA/SMA100. Verified patched version and mitigations from the official advisory.
CVE-2021-20038 is a stack buffer overflow flaw in SonicWall SMA100. Verified patched version and mitigations from the official advisory.
Path Traversal in Buffalo WSR-2533DHPL2 (Arcadyan). Actively exploited. Verified patched versions and remediation steps.
Remote Code Execution in VMware Cloud Foundation. Actively exploited. Verified patched versions and remediation steps.
Remote Code Execution in VMware vCenter Server and VMware Cloud Foundation. Actively exploited. Verified patched versions and remediation st
Arbitrary File Upload in VMware vCenter Server. Actively exploited. Verified patched versions and remediation steps.
CVE-2021-22205 is the GitLab ExifTool image parser RCE that was mass-exploited in late 2021. Affected versions, patched builds, and post-com
Remote Code Execution in Operation Bridge Reporter. (Micro Focus). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-22681 is an insufficiently protected credentials flaw in Rockwell Automation Studio 5000 Logix Designer, RSLogix 5000, Logix Contro
Remote Code Execution in Pulse Connect Secure (Ivanti). Actively exploited. Verified patched versions and remediation steps.
Improper Access Control in Citrix ShareFile storage zones controller. Actively exploited. Verified patched versions and remediation steps.
Command Injection in BIG-IP; BIG-IQ (F5). Actively exploited. Verified patched versions and remediation steps.
Remote Code Execution in BIG-IP (F5). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-26084 is a security vulnerability flaw in Confluence Data Center, Confluence Server. Verified patched version and mitigations from
CVE-2021-26855: Microsoft Exchange Server Remote Code Execution in Microsoft Exchange Server 2016 Cumulative Update 19. Patch commands and v
SQL Injection in FTA (Accellion). Actively exploited. Verified patched versions and remediation steps.
Server-Side Request Forgery in FTA (Accellion). Actively exploited. Verified patched versions and remediation steps.
Command Injection in FTA (Accellion). Actively exploited. Verified patched versions and remediation steps.
Command Injection in Device Management (Yealink). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-27852 is an unsafe deserialization in Survey. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2021-27860 is a vulnerability in WARP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2021-28550 is the Adobe Acrobat / Reader DC use-after-free that allowed RCE via crafted PDF. Apply current Acrobat updates.
CVE-2021-28799 is an access control bypass in HBS 3. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2021-30116 is a vulnerability in n/a. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2021-30633 is an use-after-free flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-31166: Use-After-Free in Microsoft HTTP Protocol Stack. Runnable fix commands and patched builds.
CVE-2021-3129 is a security vulnerability flaw in Ignition. Verified patched version and mitigations from the official advisory.
Buffer Overflow in AC11 Router (Tenda). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-32030 is an authentication bypass flaw in Routers. Verified patched version and mitigations from the official advisory.
CVE-2021-33044 is an authentication bypass flaw in Some Dahua IP Camera, Video Intercom, PTZ Dome Camera, Thermal Camera devices. Verified p
CVE-2021-33045 is an authentication bypass flaw in Some Dahua IP Camera, Video Intercom, NVR, XVR devices. Verified patched version and miti
CVE-2021-34473: Microsoft Exchange Server Remote Code Execution in Microsoft Exchange Server 2013 Cumulative Update 23. Patch commands and v
CVE-2021-34523: Microsoft Exchange Server Elevation of Privilege in Microsoft Exchange Server 2013 Cumulative Update 23. Patch commands and
CVE-2021-35211: a vulnerability in Serv-U Managed File Transfer Server and . Patched version and vendor advisory inside.
Command Injection in Jungle Software Development Kit (SDK) (Realtek). Actively exploited. Verified patched versions and remediation steps.
Remote Code Execution in AP-Router SDK (Realtek). Actively exploited. Verified patched versions and remediation steps.
Remote Code Execution in Access Management (AM) (ForgeRock). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-35587 lets unauthenticated attackers take over Oracle Access Manager. Apply Oracle CPU October 2021 or later. Patch steps and verif
Command Injection in Security cameras web server (Hikvision). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-36380 is a command injection flaw in Sunhillo SureLine. Verified patched version and mitigations from the official advisory.
Authentication Bypass in ManageEngine ServiceDesk Plus (SDP) (Zoho). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-37973 is an use-after-free flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-38163 is the SAP NetWeaver Visual Composer 7.0 RT unrestricted file upload that gives unauthenticated RCE on AS Java. SAP Note numb
CVE-2021-38647: Open Management Infrastructure Remote Code Execution in Open Management Infrastructure. Patch commands and verification.
CVE-2021-39226 is an authentication bypass in grafana. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2021-40407 is an OS command injection in n/a. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2021-40438 is a server-side request forgery flaw in Apache HTTP Server. Verified patched version and mitigations from the official advis
Remote Code Execution in ManageEngine (Zoho). Actively exploited. Verified patched versions and remediation steps.
Path Traversal in Aviatrix Controller. Actively exploited. Verified patched versions and remediation steps.
CVE-2021-41277 is an information disclosure in metabase. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2021-42013 is a path traversal flaw in Apache HTTP Server. Verified patched version and mitigations from the official advisory.
Command Injection in XP (Sitecore). Actively exploited. Verified patched versions and remediation steps.
Remote Code Execution in BillQuick Web Suite (BQE). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-44026 is a sql injection flaw in Roundcube. Verified patched version and mitigations from the official advisory.
Remote Code Execution in ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus (Zoho). Actively exploited. Verified patched versions and
CVE-2021-44228 is an insecure deserialization flaw in Apache Log4j2. Verified patched version and mitigations from the official advisory.
Remote Code Execution in Desktop Central (Zoho). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-44529 is a code injection flaw in Ivanti EPM. Verified patched version and mitigations from the official advisory.
CVE-2021-45046 is the Log4j sibling to Log4Shell that broke the 2.15.0 patch. Upgrade to 2.16.0 (Java 8) or 2.12.2 (Java 7). Verified steps.
Command Injection in Multiple Routers (D-Link). Actively exploited. Verified patched versions and remediation steps.
Use-After-Free in Android. Actively exploited. Verified patched versions and remediation steps.
CVE-2021-1647: Microsoft Defender Remote Code Execution in Microsoft System Center Endpoint Protection. Patch commands and verification.
CVE-2021-1675: Windows Print Spooler Remote Code Execution in Windows 10 Version 1809. Patch commands and verification.
CVE-2021-1732: Windows Win32k Elevation of Privilege in Windows 10 Version 1803. Patch commands and verification.
CVE-2021-1782 is a race condition flaw in iOS and iPadOS, macOS. Verified patched version and mitigations from the official advisory.
CVE-2021-1789 is a remote code execution flaw in iOS and iPadOS, macOS. Verified patched version and mitigations from the official advisory.
CVE-2021-1905 is a Use-After-Free flaw in Qualcomm, Inc. Snapdragon Auto. Actively exploited per CISA KEV. Verified patched builds and fix s
CVE-2021-20022 is an unrestricted file upload flaw in Email Security. Verified patched version and mitigations from the official advisory.
CVE-2021-20123 is a security vulnerability flaw in Draytek VigorConnect. Verified patched version and mitigations from the official advisory
CVE-2021-20124 is a security vulnerability flaw in Draytek VigorConnect. Verified patched version and mitigations from the official advisory
CVE-2021-21017 is a path traversal in Acrobat Reader. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2021-21148 is a memory corruption flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-21166 is a security vulnerability flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-21193 is an use-after-free flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-21206 is an use-after-free flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-21220 is a security vulnerability flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-21224 is a type confusion flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-21311 is a SSRF flaw in Vrana adminer. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2021-21315 is a OS Command Injection flaw in Sebhildebrandt systeminformation. Actively exploited per CISA KEV. Verified patched builds
CVE-2021-21551 is an OS command injection in dbutil. Verified patched version, official vendor advisory, and how to confirm the fix landed.
Server-Side Request Forgery in VMware vRealize Operations. Actively exploited. Verified patched versions and remediation steps.
CVE-2021-22054 is a server-side request forgery flaw in VMware Workspace ONE UEM console. Verified patched version and mitigations from the
Information Disclosure in Access Manager. (Micro Focus). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-22555 is a Out-of-Bounds Write flaw in N/a Linux Kernel. Actively exploited per CISA KEV. Verified patched builds and fix steps.
Buffer Overflow in Pulse Connect Secure (Ivanti). Actively exploited. Verified patched versions and remediation steps.
Remote Code Execution in Pulse Connect Secure (Ivanti). Actively exploited. Verified patched versions and remediation steps.
Arbitrary File Upload in Pulse Secure Secure (Ivanti). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-23874: Privilege Escalation in Mcafee, llc McAfee Total Protection (MTP). Patched builds and fix steps.
Command Injection in Nagios XI. Actively exploited. Verified patched versions and remediation steps.
Command Injection in Nagios XI. Actively exploited. Verified patched versions and remediation steps.
Command Injection in Nagios XI. Actively exploited. Verified patched versions and remediation steps.
CVE-2021-25487: Out-of-Bounds Read in Samsung Mobile Samsung Mobile Devices. Patched builds and fix steps.
CVE-2021-26411 is a internet explorer memory corruption in Microsoft Internet Explorer 9. CVSS 8.8 High. Patch commands, mitigations, and ve
CVE-2021-26828 is a security vulnerability flaw in OpenPLC ScadaBR through. Verified patched version and mitigations from the official advis
CVE-2021-26857: Microsoft Exchange Server Remote Code Execution in Microsoft Exchange Server 2016 Cumulative Update 19. Patch commands and v
CVE-2021-26858: Microsoft Exchange Server Remote Code Execution in Microsoft Exchange Server 2019. Patch commands and verification.
CVE-2021-27059 is a microsoft office remote code execution in Microsoft Office 2016. CVSS 7.6 High. Patch commands, mitigations, and verific
CVE-2021-27065: Microsoft Exchange Server Remote Code Execution in Microsoft Exchange Server 2019. Patch commands and verification.
CVE-2021-27085: Internet Explorer Remote Code Execution in Internet Explorer 11. Patch commands and verification.
Command Injection in FTA (Accellion). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-27876 is a Security Vulnerability flaw in N/a n/a. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2021-27877 is a Security Vulnerability flaw in N/a n/a. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2021-27878 is a vulnerability in n/a. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2021-28310 is a win32k elevation of privilege in Microsoft Windows 10 Version 1803. CVSS 7.8 High. Patch commands, mitigations, and veri
Privilege Escalation in Mali Graphics Processing Unit (GPU) (Arm). Actively exploited. Verified patched versions and remediation steps.
Privilege Escalation in Mali Graphics Processing Unit (GPU) (Arm). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-29256 is a privilege escalation flaw in Mali Graphics Processing Unit (GPU). Verified patched version and mitigations from the offi
CVE-2021-30551 is a type confusion flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-30554 is an use-after-free flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-30563 is a type confusion flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-30632 is a memory corruption flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-30661 is a remote code execution flaw in Safari, iOS and iPadOS, macOS, tvOS, watchOS. Verified patched version and mitigations fro
CVE-2021-30663 is a remote code execution flaw in macOS. Verified patched version and mitigations from the official advisory.
CVE-2021-30665 is a remote code execution flaw in macOS. Verified patched version and mitigations from the official advisory.
CVE-2021-30666 is a remote code execution flaw in iOS. Verified patched version and mitigations from the official advisory.
CVE-2021-30713 is a security vulnerability flaw in macOS. Verified patched version and mitigations from the official advisory.
CVE-2021-30761 is a remote code execution flaw in iOS. Verified patched version and mitigations from the official advisory.
CVE-2021-30762 is a remote code execution flaw in iOS. Verified patched version and mitigations from the official advisory.
CVE-2021-30807 is a denial of service flaw in macOS. Verified patched version and mitigations from the official advisory.
CVE-2021-30858 is a remote code execution flaw in iOS, macOS. Verified patched version and mitigations from the official advisory.
CVE-2021-30860 is a remote code execution flaw in iOS, macOS, watchOS. Verified patched version and mitigations from the official advisory.
CVE-2021-30869 is a type confusion flaw in iOS and iPadOS, macOS. Verified patched version and mitigations from the official advisory.
CVE-2021-30883 is a denial of service flaw in iOS and iPadOS, macOS. Verified patched version and mitigations from the official advisory.
CVE-2021-30900 is a denial of service flaw in iOS and iPadOS. Verified patched version and mitigations from the official advisory.
CVE-2021-30983 is a denial of service flaw in iOS and iPadOS. Verified patched version and mitigations from the official advisory.
CVE-2021-31010 is a denial of service flaw in macOS, watchOS. Verified patched version and mitigations from the official advisory.
CVE-2021-31196 - Remote Code Execution in Microsoft Exchange Server 2019 Cumulative Update 9. Runnable patch commands and verification on th
Buffer Overflow in Sudo. Actively exploited. Verified patched versions and remediation steps.
CVE-2021-31956 is a windows ntfs elevation of privilege in Microsoft Windows 10 Version 1809. CVSS 7.8 High. Patch commands, mitigations, an
CVE-2021-31979: Windows Kernel Elevation of Privilege in Windows 10 Version 1809. Patch commands and verification.
CVE-2021-32648 is a Authentication Bypass flaw in Octobercms october. Actively exploited per CISA KEV. Verified patched builds and fix steps
CVE-2021-33739: Microsoft DWM Core Library Elevation of Privilege in Windows 10 Version 1909. Patch commands and verification.
CVE-2021-33742: Windows MSHTML Platform Remote Code Execution in Windows 10 Version 1809. Patch commands and verification.
CVE-2021-33766 is a security vulnerability in Microsoft Exchange Server. This page lists verified fix commands and short-term mitigations yo
CVE-2021-33771: Windows Kernel Elevation of Privilege in Windows 10 Version 1809. Patch commands and verification.
CVE-2021-34484 is a Elevation of Privilege flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable
CVE-2021-34486 is a Use-After-Free flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable fix comm
CVE-2021-34527: Windows Print Spooler Remote Code Execution in Windows 10 Version 1809. Patch commands and verification.
CVE-2021-3493 is a local privilege escalation in linux kernel. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2021-3560 is an incorrect authorization flaw in polkit. Verified patched version and mitigations from the official advisory.
CVE-2021-36741 is a path traversal flaw in Trend Micro Apex One, Trend Micro OfficeScan, Trend Micro Worry-Free Business Security. Verified
CVE-2021-36742 is a security vulnerability flaw in Trend Micro Apex One, Trend Micro OfficeScan, Trend Micro Worry-Free Business Security. V
CVE-2021-36934 is a security vulnerability in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can ru
CVE-2021-36942 is a windows lsa spoofing in Microsoft Windows Server 2019. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2021-36948: Windows Update Medic Service Elevation of Privilege in Windows 10 Version 1809. Patch commands and verification.
CVE-2021-36955: Windows Common Log File System Driver Elevation of Privilege in Windows 10 Version 1809. Patch commands and verification.
CVE-2021-37975 is an use-after-free flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-38003 is a security vulnerability flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-38406 is a Out-of-Bounds Write flaw in Delta Electronics DOPSoft 2. Actively exploited per CISA KEV. Verified patched builds and fi
CVE-2021-38645: Open Management Infrastructure Elevation of Privilege in Open Management Infrastructure. Patch commands and verification.
CVE-2021-38646 is a Remote Code Execution flaw in Microsoft Office. Actively exploited per CISA KEV. Verified patched builds and runnable fi
CVE-2021-38648: Open Management Infrastructure Elevation of Privilege in Open Management Infrastructure. Patch commands and verification.
CVE-2021-38649: Open Management Infrastructure Elevation of Privilege in Open Management Infrastructure. Patch commands and verification.
CVE-2021-39144 is a Code Injection flaw in X-stream xstream. Actively exploited per CISA KEV. Verified patched builds and fix steps.
Out-of-Bounds Write in Android (Google). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-4034 (PwnKit) is the 12-year-old polkit pkexec bug that gives any local user instant root on most Linux distros. Verified fix and p
CVE-2021-40444: Microsoft MSHTML Remote Code Execution in Windows 10 Version 1809. Patch commands and verification.
CVE-2021-40449 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2021-40450 is a Elevation of Privilege flaw in Microsoft Win32k. Actively exploited per CISA KEV. Verified patched builds and runnable f
CVE-2021-40655 is a security vulnerability flaw in DIR-605 Router. Verified patched version and mitigations from the official advisory.
CVE-2021-4102 is an use-after-free flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-41357 is a Elevation of Privilege flaw in Microsoft Win32k. Actively exploited per CISA KEV. Verified patched builds and runnable f
CVE-2021-41773 is a path traversal flaw in Apache HTTP Server. Verified patched version and mitigations from the official advisory.
CVE-2021-42278: Elevation of Privilege in Microsoft Active Directory. Runnable fix commands and patched builds.
CVE-2021-42287: Elevation of Privilege in Microsoft Active Directory. Runnable fix commands and patched builds.
CVE-2021-42292 is a security vulnerability in Microsoft Office. This page lists verified fix commands and short-term mitigations you can run
CVE-2021-42321 is a security vulnerability in Microsoft Exchange Server. This page lists verified fix commands and short-term mitigations yo
CVE-2021-43226 - Privilege Escalation in Windows 10 Version 1809. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2021-43798 is a Path Traversal flaw in Grafana grafana. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2021-43890 is a security vulnerability in App Installer. This page lists verified fix commands and short-term mitigations you can run to
CVE-2021-44207 is a security vulnerability flaw in Acclaim USAHERDS through. Verified patched version and mitigations from the official advi
Use-After-Free in Android. Actively exploited. Verified patched versions and remediation steps.
CVE-2021-1879 is a denial of service flaw in iOS, iOS and iPadOS, watchOS. Verified patched version and mitigations from the official adviso
CVE-2021-1906 is a Security Vulnerability flaw in Qualcomm, Inc. Snapdragon Auto. Actively exploited per CISA KEV. Verified patched builds a
CVE-2021-20023 is a path traversal flaw in Email Security. Verified patched version and mitigations from the official advisory.
Server-Side Request Forgery in VMware Cloud Foundation. Actively exploited. Verified patched versions and remediation steps.
Security Vulnerability in VMware vCenter Server. Actively exploited. Verified patched versions and remediation steps.
CVE-2021-22175 is a vulnerability in GitLab. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2021-22204 is a Security Vulnerability flaw in Exiftool ExifTool. Actively exploited per CISA KEV. Verified patched builds and fix steps
CVE-2021-22600 is a vulnerability in Kernel. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2021-25337: Privilege Escalation in Samsung Mobile Samsung Mobile Devices. Patched builds and fix steps.
CVE-2021-25369: Information Disclosure in Samsung Mobile Samsung Mobile Devices. Patched builds and fix steps.
CVE-2021-25370: Security Vulnerability in Samsung Mobile Samsung Mobile Devices. Patched builds and fix steps.
CVE-2021-25371: Hidden Functionality in Samsung Mobile Samsung Mobile Devices. Patched builds and fix steps.
CVE-2021-25372: Out-of-Bounds Memory Access in Samsung Mobile Samsung Mobile Devices. Patched builds and fix steps.
CVE-2021-25394 is a Use-After-Free flaw in Samsung Mobile Samsung Mobile Devices. Actively exploited per CISA KEV. Verified patched builds a
CVE-2021-25395: Concurrent Execution using Shared Resource with Improper Synchronization in Samsung Mobile Samsung Mobile Devices. Patched b
CVE-2021-26085 is a remote code execution flaw in Confluence Data Center, Confluence Server. Verified patched version and mitigations from t
CVE-2021-26829 is a cross-site scripting flaw in OpenPLC ScadaBR through. Verified patched version and mitigations from the official advisor
Security Vulnerability in Trusted Firmware (Arm). Actively exploited. Verified patched versions and remediation steps.
CVE-2021-30533 is a remote code execution flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-30657 is a security vulnerability flaw in macOS. Verified patched version and mitigations from the official advisory.
CVE-2021-31199: Microsoft Enhanced Cryptographic Provider Elevation of Privilege in Windows 10 Version 1809. Patch commands and verification
CVE-2021-31201: Microsoft Enhanced Cryptographic Provider Elevation of Privilege in Windows 10 Version 1809. Patch commands and verification
CVE-2021-31207: Microsoft Exchange Server Security Feature Bypass in Microsoft Exchange Server 2013 Cumulative Update 23. Patch commands and
CVE-2021-31955: Windows Kernel Information Disclosure in Windows 10 Version 1809. Patch commands and verification.
CVE-2021-34448: Scripting Engine Memory Corruption in Windows 10 Version 1809. Patch commands and verification.
CVE-2021-35247 is a Improper Input Validation flaw in Solarwinds Serv-U. Actively exploited per CISA KEV. Verified patched builds and fix st
CVE-2021-37976 is a security vulnerability flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-38000 is a security vulnerability flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2021-39935 is a vulnerability in GitLab. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2021-41379 is a link resolution before file access in Microsoft Windows. This page lists verified fix commands and short-term mitigation
CVE-2021-25489: Improper Input Validation in Samsung Mobile Samsung Mobile Devices. Patched builds and fix steps.
CVE-2021-44168 is a Security Vulnerability flaw in Fortinet Fortinet FortiOS. Actively exploited per CISA KEV. Verified patched builds and f
CVE-2021-20035 is a OS Command Injection flaw in Sonicwall SMA100. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2021-26086 is a Path Traversal flaw in Atlassian Jira Data Center. Actively exploited per CISA KEV. Verified patched builds and fix step
CVE-2021-30952 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.