March 22, 2023

A zero-day vulnerability refers to a security vulnerability for which no mitigation or patch is available at the time it is disclosed or made public.Existing software patches are unable to properly defend against zero-day exploits, meaning attacks of this nature present a serious security risk to organizations. Until the underlying vulnerability is mitigated, a zero-day exploit is akin to a pathogen for which no vaccine is available.

And in 2021 , a year where cybersecurity defenders have caught the highest number ever, Whopping 85 Zero days are identified and most of them are exploited in wild. Google Chrome tops the list with 17 Zero days followed by Microsoft and Apple respectively

Also this year seen two fold increase in the Zero days findings compared to earlier years . For instance year 2020 seen only 37 and year 2019 seen 28. this shows how the hunters are actively searched for the bugs in the products to exploit it

Zero Day Trend Year Wise

Below table shows the full list of Zero days identified in 2021

Sl.NoSoftwareCVE DetailsTypeVulnerability Disclosed DatePatch Release Date
1Accellion FTACWE-89SQL injection11-01-202111-01-2021
2Windows DefenderCVE-2021-1647Input validation error12-01-202112-01-2021
3SonicWall SMA 100CVE-2021-20016SQL injection23-01-202104-02-2021
4Apple iOSCVE-2021-1782Race condition26-01-202126-01-2021
5Apple iOSCVE-2021-1871Business Logic Errors26-01-202126-01-2021
6Apple iOSCVE-2021-1870Business Logic Errors26-01-202126-01-2021
7Google ChromeCVE-2021-21148Heap-based buffer overflow04-02-202104-02-2021
8Microsoft Internet ExplorerCVE-2021-26411Double Free04-02-202109-03-2021
9Microsoft WindowsCVE-2021-1732Buffer overflow09-02-202109-02-2021
10Adobe Acrobat ReaderCVE-2021-21017Heap-based buffer overflow09-02-202109-02-2021
11Google ChromeCVE-2021-21166Improper control of a resource through its lifetime02-03-202102-03-2021
12Microsoft Exchange ServerCVE-2021-27065Input validation error02-03-202102-03-2021
13Microsoft Exchange ServerCVE-2021-26858Input validation error02-03-202102-03-2021
14Microsoft Exchange ServerCVE-2021-26857Input validation error02-03-202102-03-2021
15Microsoft Exchange ServerCVE-2021-26855Server-Side Request Forgery (SSRF)02-03-202102-03-2021
16SupermicroCWE-264Security restrictions bypass03-03-202103-03-2021
17WordPress PagebuilderCVE-2021-24175Improper Authentication08-03-202109-03-2021
18Google ChromeCVE-2021-21193Use-after-free12-03-202112-03-2021
19Apple iOSCVE-2021-1879Universal cross-site scripting26-03-202126-03-2021
20SonicWall On-premise Email SecurityCVE-2021-20021Improper Authentication12-04-202112-04-2021
21SonicWall On-premise Email SecurityCVE-2021-20022Arbitrary file upload12-04-202112-04-2021
22Microsoft WindowsCVE-2021-28310Buffer overflow13-04-202113-04-2021
23Pulse Connect SecureCVE-2021-22893Improper Authentication20-04-202104-05-2021
24Google ChromeCVE-2021-21224Type Confusion20-04-202120-04-2021
25SonicWall On-premise Email SecurityCVE-2021-20023Path traversal20-04-202120-04-2021
26MacOSCVE-2021-30657Security features bypass26-04-202126-04-2021
27MacOSCVE-2021-30661Use-after-free26-04-202126-04-2024
28MacOSCVE-2021-30665Buffer overflow03-05-202103-05-2021
29MacOSCVE-2021-30663Integer overflow03-05-202103-05-2021
30Apple iOSCVE-2021-30666Buffer overflow03-05-202103-05-2021
31Google AndroidCVE-2021-28663Use-after-free03-05-202103-05-2021
32Google AndroidCVE-2021-28664Buffer overflow03-05-202103-05-2021
33Google AndroidCVE-2021-1905Use-after-free03-05-202103-05-2021
34Google AndroidCVE-2021-1906Detection of Error Condition Without Action03-05-202103-05-2021
35Adobe Acrobat Reader DCCVE-2021-28550Use-after-free11-05-202111-05-2021
36MacOSCVE-2021-30713Input validation error24-05-202124-05-2021
37Fancy Product DesignerCVE-2021-24370Arbitrary file upload31-05-202102-06-2021
38Microsoft WindowsCVE-2021-31955Improper Privilege Management08-06-202108-06-2021
39Microsoft WindowsCVE-2021-31956Permissions, Privileges, and Access Controls08-06-202108-06-2021
40Microsoft WindowsCVE-2021-33742Buffer overflow08-06-202108-06-2021
41Microsoft WindowsCVE-2021-33739Improper Privilege Management08-06-202108-06-2021
42Microsoft WindowsCVE-2021-31199Security restrictions bypass08-06-202108-06-2021
43Microsoft WindowsCVE-2021-31201Security restrictions bypass08-06-202108-06-2021
44Google ChromeCVE-2021-30551Type Confusion09-06-202109-06-2021
45Apple iOSCVE-2021-30761Buffer overflow14-06-202114-06-2021
46Apple iOSCVE-2021-30762Use-after-free14-06-202114-06-2021
47Google ChromeCVE-2021-30554Use-after-free17-06-202117-06-2021
48WD My Book LiveCVE-2021-35941Improper access control24-06-2021Not Patched
49Windows ServerCVE-2021-34527Code Injection02-07-202107-07-2021
50Kaseya VSACVE-2021-30116Input validation error03-07-202104-08-2021
51Serv-U FTP ServerCVE-2021-35211Buffer overflow09-07-202109-07-2021
52Microsoft WindowsCVE-2021-33771Buffer overflow13-07-202113-07-2021
53Microsoft WindowsCVE-2021-34448Buffer overflow13-07-202113-07-2021
54Microsoft WindowsCVE-2021-31979Buffer overflow13-07-202113-07-2021
55WooCommerceCVE-2021-32789SQL injection13-07-202113-07-2021
56Google ChromeCVE-2021-30563Type Confusion15-07-202115-07-2021
57Apple iOSCVE-2021-30807Buffer overflow26-07-202126-07-2021
58Trend Micro Apex OneCVE-2021-36741Arbitrary file upload28-07-202128-07-2021
59Trend Micro Apex OneCVE-2021-36742Buffer overflow28-07-202128-07-2021
60Microsoft WindowsCVE-2021-36948Buffer overflow10-08-202110-08-2021
61Apple iOSCVE-2021-30860Integer overflow25-08-202113-09-2021
62Microsoft WindowsCVE-2021-40444Code Injection07-09-202114-09-2021
63Zoho ManageEngine ADSelfService PlusCVE-2021-40539Improper access control07-09-202107-09-2021
64Apple iOSCVE-2021-30858Use-after-free13-09-202113-09-2021
65Google ChromeCVE-2021-30632Out-of-bounds write13-09-202113-09-2021
66Google ChromeCVE-2021-30633Use-after-free13-09-202113-09-2021
67PPX-AnyLinkCWE-94Code Injection13-09-2021Not Patched
68MacOSCVE-2021-30869Type Confusion23-09-202123-09-2021
69Google ChromeCVE-2021-37973Use-after-free24-09-202124-09-2021
70Google ChromeCVE-2021-37975Use-after-free30-09-202130-09-2021
71Google ChromeCVE-2021-37976Information disclosure30-09-202130-09-2021
72Apache HTTP ServerCVE-2021-41773Path traversal05-10-202105-10-2021
73Apple iOSCVE-2021-30883Integer overflow11-10-202111-10-2021
74Microsoft WindowsCVE-2021-40449Use-after-free12-10-202112-10-2021
75BillQuick Web SuiteCVE-2021-42258SQL injection22-10-202122-10-2021
76Google ChromeCVE-2021-38000Exposed dangerous method or function28-10-202128-10-2021
77Google ChromeCVE-2021-38003Improperly implemented security check for standard28-10-202128-10-2021
78Google AndroidCVE-2021-1048Use-after-free01-11-202101-11-2021
79Microsoft Exchange ServerCVE-2021-42321Input validation error09-11-202109-11-2021
80Microsoft OfficeCVE-2021-42292Input validation error09-11-202109-11-2021
81FatPipeFPSA006Arbitrary file upload18-11-202118-11-2021
82Microsoft WindowsCVE-2021-43890Permissions, Privileges, and Access Controls23-11-202114-12-2021
83Google ChromeCVE-2021-4102Use-after-free13-12-202113-12-2021
84Google ChromeCVE-2021-21220Use-after-free in Blink10-04-202113-04-2021
85Google ChromeCVE-2021-21220 Insufficient validation of untrusted input in V8 for x86_6410-04-202113-04-2021
Tags:

Leave a Reply

Related Post

Google blocks Pinduoduo App amid Security Concerns

Google blocks Pinduoduo App amid Security Concerns

March 22, 2023
Mandiant Report – Nation State Zero Day Exploits in 2022

Mandiant Report – Nation State Zero Day Exploits in 2022

March 22, 2023

You may have missed

Google blocks Pinduoduo App amid Security Concerns

Google blocks Pinduoduo App amid Security Concerns

March 22, 2023
Mandiant Report – Nation State Zero Day Exploits in 2022

Mandiant Report – Nation State Zero Day Exploits in 2022

March 22, 2023
Mispadu Banking Trojan

Mispadu Banking Trojan

March 22, 2023
DotRunpeX – Malware Injector Spreads in Wild

DotRunpeX – Malware Injector Spreads in Wild

March 21, 2023
Killnet Targets Healthcare Azure Resources

Killnet Targets Healthcare Azure Resources

March 21, 2023
NBA suffers a Data Breach – Third Party Provider Data Stolen

NBA suffers a Data Breach – Third Party Provider Data Stolen

March 21, 2023
%d bloggers like this: