CVEs from 2021
Total
4,807
critical
critical 280
high
high 1,018
medium
medium 1,175
low
low 138
% Critical
5.8%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- communications_unified_inventory_management 7
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-22201 | critical | — | 9.5 | — | multiple issues in gitlab | |||
| CVE-2021-39935 | high | — | 9.5 | 4mo ago | GitLab Community and Enterprise Editions contain a server-side request forgery vulnerability which could allow unauthorized external users to perform Server Side Requests via the CI Lint API. | |||
| CVE-2021-30533 | high | — | 9.5 | 4y ago | Google Chromium PopupBlocker contains an insufficient policy enforcement vulnerability that allows a remote attacker to bypass navigation restrictions via a crafted iframe. This vulnerability could a… | |||
| CVE-2021-21686 | critical | — | 9.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2021-21689 | critical | — | 9.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2021-21685 | critical | — | 9.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2021-21688 | critical | — | 9.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2021-21692 | critical | — | 9.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2021-21691 | critical | — | 9.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2021-21687 | critical | — | 9.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2021-21694 | critical | — | 9.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2021-21693 | critical | — | 9.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2021-21690 | critical | — | 9.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2021-21695 | critical | — | 9.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2021-21696 | critical | — | 9.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2021-21697 | critical | — | 9.5 | 4y ago | multiple issues in jenkins | |||
| CVE-2021-0920 | high | — | 9.5 | 4y ago | Android kernel contains a race condition, which allows for a use-after-free vulnerability. Exploitation can allow for privilege escalation. | |||
| CVE-2021-41945 | critical | — | 9.5 | 4y ago | Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`. | |||
| CVE-2021-29607 | critical | — | 9.5 | 4y ago | TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseAdd` results in allowing attackers to exploit undefined behavior (dereferencing null pointers) a… | |||
| CVE-2021-44142 | critical | — | 9.5 | 4y ago | RHSA-2022:0332: samba security and bug fix update (Critical) | |||
| CVE-2021-43527 | critical | — | 9.5 | 5y ago | NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatu… | |||
| CVE-2021-40438 | high | — | 9.5 | 5y ago | A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. | |||
| CVE-2021-30633 | high | — | 9.5 | 5y ago | Google Chromium Indexed DB API contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted H… | |||
| CVE-2021-37973 | high | — | 9.5 | 5y ago | Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML pag… | |||
| CVE-2021-30632 | high | — | 9.5 | 5y ago | Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect m… | |||
| CVE-2021-37975 | high | — | 9.5 | 5y ago | Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multipl… | |||
| CVE-2021-37976 | high | — | 9.5 | 5y ago | Google Chromium contains an information disclosure vulnerability within the core memory component that allows a remote attacker to obtain potentially sensitive information from process memory via a c… | |||
| CVE-2021-21166 | high | — | 9.5 | 5y ago | Google Chromium contains a race condition vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web brow… | |||
| CVE-2021-30554 | high | — | 9.5 | 5y ago | Google Chromium WebGL contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple we… | |||
| CVE-2021-38000 | high | — | 9.5 | 5y ago | Google Chromium Intents contains an improper input validation vulnerability that allows a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. This vulnerability could a… | |||
| CVE-2021-21193 | high | — | 9.5 | 5y ago | Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple we… | |||
| CVE-2021-21224 | high | — | 9.5 | 5y ago | Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web … | |||
| CVE-2021-38003 | high | — | 9.5 | 5y ago | Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that … | |||
| CVE-2021-30563 | high | — | 9.5 | 5y ago | Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multipl… | |||
| CVE-2021-21206 | high | — | 9.5 | 5y ago | Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple we… | |||
| CVE-2021-39226 | high | — | 9.5 | 5y ago | Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and delete all snapshot data, potentially resulting in complete snapshot data loss. | |||
| CVE-2021-32619 | critical | — | 9.5 | 5y ago | Deno's static imports inside dynamically imported modules do not adhere to permission checks | |||
| CVE-2021-37635 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of h… | |||
| CVE-2021-37636 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseDenseCwiseDiv` is vulnerable to a division by 0 error. The [impleme… | |||
| CVE-2021-37637 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to `tf.raw_ops.CompressElement`. … | |||
| CVE-2021-37638 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for `row_partition_types` of `tf.raw_ops.RaggedTensorToTensor` API results in a null pointer dereferenc… | |||
| CVE-2021-37639 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null poi… | |||
| CVE-2021-37640 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseReshape` can be made to trigger an integral division by 0 exception… | |||
| CVE-2021-37641 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to `tf.raw_ops.RaggedGather` don't determine a valid ragged tensor code can trigger a read… | |||
| CVE-2021-37642 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.ResourceScatterDiv` is vulnerable to a division by 0 error. The [implemen… | |||
| CVE-2021-37643 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to `tf.raw_ops.MatrixDiagPartOp`, then the code triggers a null pointer derefer… | |||
| CVE-2021-37644 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to `num_elements` list argument of `tf.raw_ops.TensorListReserve` causes the r… | |||
| CVE-2021-37645 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` is vulnerable to an integer overflow issue c… | |||
| CVE-2021-37646 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.StringNGrams` is vulnerable to an integer overflow issue caused by conver… | |||
| CVE-2021-37647 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse tensor, `tf.raw_ops.SparseTensorSliceDataset` implementation… | |||
| CVE-2021-37648 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for `tf.raw_ops.SaveV2` does not properly validate the inputs and an attacker can trigger a null p… | |||
| CVE-2021-37649 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. The code for `tf.raw_ops.UncompressElement` can be made to trigger a null pointer dereference. The [implementation](https://gith… | |||
| CVE-2021-37650 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.ExperimentalDatasetToTFRecord` and `tf.raw_ops.DatasetToTFRecord` can tr… | |||
| CVE-2021-37651 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.FractionalAvgPoolGrad` can be tricked into accessing data outside of bou… | |||
| CVE-2021-37652 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can result in a use after free error if an a… | |||
| CVE-2021-37653 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in `tf.raw_ops.ResourceGather`. The [impleme… | |||
| CVE-2021-37654 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a `CHECK`-fail in debug builds of TensorFlow using `tf.raw_ops.Resource… | |||
| CVE-2021-37655 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments t… | |||
| CVE-2021-37656 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTenso… | |||
| CVE-2021-37657 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type … | |||
| CVE-2021-37658 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type … | |||
| CVE-2021-37659 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operat… | |||
| CVE-2021-37660 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that … | |||
| CVE-2021-37661 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in `boosted_trees_create_quantile_stream_resource` by using negat… | |||
| CVE-2021-37662 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in `BoostedTreesCalculateBes… | |||
| CVE-2021-37663 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker can trigger undefined behavior via bin… | |||
| CVE-2021-37664 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arg… | |||
| CVE-2021-37665 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined beh… | |||
| CVE-2021-37666 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTenso… | |||
| CVE-2021-37667 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.UnicodeEnco… | |||
| CVE-2021-37668 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.UnravelIndex` by t… | |||
| CVE-2021-37669 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.NonMaxSuppressionV… | |||
| CVE-2021-37670 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arg… | |||
| CVE-2021-37671 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.Map*` and `… | |||
| CVE-2021-37672 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arg… | |||
| CVE-2021-37673 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.MapStage`. The [implementatio… | |||
| CVE-2021-37674 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in `tf.raw_ops.MaxPoolGrad` caused by … | |||
| CVE-2021-37675 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability w… | |||
| CVE-2021-37676 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.SparseFillE… | |||
| CVE-2021-37677 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for `tf.raw_ops.Dequantize` has a vulnerability that could trigger a denial of ser… | |||
| CVE-2021-37678 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model fr… | |||
| CVE-2021-37679 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a `tf.map_fn` within another `tf.map_fn` call. However, if the input tensor is a `Ra… | |||
| CVE-2021-37680 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of fully connected layers in TFLite is [vulnerable to a division by zero error](https://… | |||
| CVE-2021-37681 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF in TFLite is [vulnerable to a null pointer error](https://github.com/tensorflow/… | |||
| CVE-2021-37682 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. [For example](https://gi… | |||
| CVE-2021-37683 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is [vulnerable to a division by 0 error](https://github.com/tensor… | |||
| CVE-2021-37684 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for … | |||
| CVE-2021-37685 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's [`expand_dims.cc`](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005… | |||
| CVE-2021-37687 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's [`GatherNd` implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d9… | |||
| CVE-2021-37686 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infini… | |||
| CVE-2021-37688 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a… | |||
| CVE-2021-37689 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a… | |||
| CVE-2021-37690 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions (such as `MutableHashTableShape`) produce extra output informa… | |||
| CVE-2021-37691 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH [implementation](ht… | |||
| CVE-2021-37692 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, `C.TF_… | |||
| CVE-2021-29619 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. Passing invalid arguments (e.g., discovered via fuzzing) to `tf.raw_ops.SparseCountSparseOutput` results in segfault. The fix wi… | |||
| CVE-2021-29618 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. Passing a complex argument to `tf.transpose` at the same time as passing `conjugate=True` argument results in a crash. The fix w… | |||
| CVE-2021-29617 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via `CHECK`-fail in `tf.strings.substr` with invalid arguments. The fix will be includ… | |||
| CVE-2021-29616 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. The implementation of TrySimplify(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorf… | |||
| CVE-2021-29615 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. The implementation of `ParseAttrValue`(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/te… |