CVEs from 2021
Total
4,791
critical
critical 281
high
high 1,022
medium
medium 1,179
low
low 138
% Critical
5.9%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- mbed_tls 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-46658 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-46666 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-35604 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-4115 | medium | — | 5.5 | 4y ago | RHSA-2022:1546: polkit security update (Moderate) | |||
| CVE-2021-20180 | medium | — | 5.5 | 4y ago | information disclosure in ansible | |||
| CVE-2021-3999 | medium | — | 5.5 | 4y ago | RHSA-2022:0896: glibc security update (Moderate) | |||
| CVE-2021-31566 | medium | — | 5.5 | 4y ago | RHSA-2022:0892: libarchive security update (Moderate) | |||
| CVE-2021-23177 | medium | — | 5.5 | 4y ago | RHSA-2022:0892: libarchive security update (Moderate) | |||
| CVE-2021-39275 | medium | — | 5.5 | 4y ago | ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affe… | |||
| CVE-2021-34798 | medium | — | 5.5 | 4y ago | Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. | |||
| CVE-2021-3620 | medium | — | 5.5 | 4y ago | A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest th… | |||
| CVE-2021-31810 | medium | — | 5.5 | 4y ago | RHSA-2022:0672: ruby:2.5 security update (Moderate) | |||
| CVE-2021-32066 | medium | — | 5.5 | 4y ago | RHSA-2022:0672: ruby:2.5 security update (Moderate) | |||
| CVE-2021-27918 | medium | — | 5.5 | 4y ago | RHSA-2021:3076: go-toolset:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-3114 | medium | — | 5.5 | 4y ago | RHSA-2021:4226: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-33196 | medium | — | 5.5 | 4y ago | RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2021-36221 | medium | — | 5.5 | 4y ago | RHSA-2022:7457: container-tools:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-27358 | medium | — | 5.5 | 4y ago | RHSA-2021:4226: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-29622 | medium | — | 5.5 | 4y ago | Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redire… | |||
| CVE-2021-4122 | medium | — | 5.5 | 4y ago | RHSA-2022:0370: cryptsetup security update (Moderate) | |||
| CVE-2021-3521 | medium | — | 5.5 | 4y ago | RHSA-2022:0368: rpm security update (Moderate) | |||
| CVE-2021-3872 | medium | — | 5.5 | 4y ago | RHSA-2022:0366: vim security update (Moderate) | |||
| CVE-2021-4192 | medium | — | 5.5 | 4y ago | RHSA-2022:0366: vim security update (Moderate) | |||
| CVE-2021-4193 | medium | — | 5.5 | 4y ago | RHSA-2022:0366: vim security update (Moderate) | |||
| CVE-2021-3984 | medium | — | 5.5 | 4y ago | RHSA-2022:0366: vim security update (Moderate) | |||
| CVE-2021-22570 | medium | — | 5.5 | 4y ago | RHSA-2022:7464: protobuf security update (Moderate) | |||
| CVE-2021-44217 | medium | — | 5.5 | 4y ago | In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2021-41772 | medium | — | 5.5 | 5y ago | RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2021-41771 | medium | — | 5.5 | 5y ago | RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2021-45116 | medium | — | 5.5 | 5y ago | An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter … | |||
| CVE-2021-45452 | medium | — | 5.5 | 5y ago | Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. | |||
| CVE-2021-45115 | medium | — | 5.5 | 5y ago | An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that wa… | |||
| CVE-2021-23214 | medium | — | 5.5 | 5y ago | RHSA-2022:1830: postgresql:10 security update (Moderate) | |||
| CVE-2021-3677 | medium | — | 5.5 | 5y ago | RHSA-2021:5236: postgresql:13 security update (Moderate) | |||
| CVE-2021-20321 | medium | — | 5.5 | 5y ago | A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the syste… | |||
| CVE-2021-42550 | medium | — | 5.5 | 5y ago | Deserialization of Untrusted Data in logback | |||
| CVE-2021-22959 | medium | — | 5.5 | 5y ago | RHSA-2022:0350: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-22960 | medium | — | 5.5 | 5y ago | RHSA-2022:0350: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-43255 | medium | 5.5 | 5.5 | 5y ago | Microsoft Office Trust Center Spoofing Vulnerability | |||
| CVE-2021-42295 | medium | 5.5 | 5.5 | 5y ago | Visual Basic for Applications Information Disclosure Vulnerability | |||
| CVE-2021-43243 | medium | 5.5 | 5.5 | 5y ago | VP9 Video Extensions Information Disclosure Vulnerability | |||
| CVE-2021-4044 | medium | — | 5.5 | 5y ago | Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (… | |||
| CVE-2021-43818 | medium | — | 5.5 | 5y ago | RHSA-2022:1932: python-lxml security update (Moderate) | |||
| CVE-2021-43415 | medium | — | 5.5 | 5y ago | Improper Authentication in HashiCorp Nomad in github.com/hashicorp/nomad | |||
| CVE-2021-44420 | medium | — | 5.5 | 5y ago | In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. | |||
| CVE-2021-43797 | medium | — | 5.5 | 5y ago | HTTP request smuggling in netty | |||
| CVE-2021-43809 | medium | — | 5.5 | 5y ago | RHSA-2025:7539: ruby:2.5 security update (Moderate) | |||
| CVE-2021-43998 | medium | — | 5.5 | 5y ago | HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault | |||
| CVE-2021-27023 | medium | — | 5.5 | 5y ago | A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007 | |||
| CVE-2021-27025 | medium | — | 5.5 | 5y ago | A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'. | |||
| CVE-2021-41816 | medium | — | 5.5 | 5y ago | CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different n… | |||
| CVE-2021-41819 | medium | — | 5.5 | 5y ago | RHSA-2022:6450: ruby:3.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-41281 | medium | — | 5.5 | 5y ago | Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a rem… | |||
| CVE-2021-41868 | medium | — | 5.5 | 5y ago | OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality. | |||
| CVE-2021-41867 | medium | — | 5.5 | 5y ago | An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat f… | |||
| CVE-2021-3918 | medium | — | 5.5 | 5y ago | RHSA-2022:0350: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-41190 | medium | — | 5.5 | 5y ago | RHSA-2022:7457: container-tools:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-41165 | medium | — | 5.5 | 5y ago | HTML comments vulnerability allowing to execute JavaScript code | |||
| CVE-2021-41164 | medium | — | 5.5 | 5y ago | Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML | |||
| CVE-2021-41817 | medium | — | 5.5 | 5y ago | RHSA-2022:6450: ruby:3.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-42574 | medium | — | 5.5 | 5y ago | An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft sour… | |||
| CVE-2021-35603 | medium | — | 5.5 | 5y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2021-35561 | medium | — | 5.5 | 5y ago | RHSA-2022:5837: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2021-3796 | medium | — | 5.5 | 5y ago | RHSA-2021:4517: vim security update (Moderate) | |||
| CVE-2021-3778 | medium | — | 5.5 | 5y ago | RHSA-2021:4517: vim security update (Moderate) | |||
| CVE-2021-23336 | medium | — | 5.5 | 5y ago | The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.pars… | |||
| CVE-2021-36085 | medium | — | 5.5 | 5y ago | RHSA-2021:4513: libsepol security update (Moderate) | |||
| CVE-2021-36084 | medium | — | 5.5 | 5y ago | RHSA-2021:4513: libsepol security update (Moderate) | |||
| CVE-2021-36087 | medium | — | 5.5 | 5y ago | RHSA-2021:4513: libsepol security update (Moderate) | |||
| CVE-2021-36086 | medium | — | 5.5 | 5y ago | RHSA-2021:4513: libsepol security update (Moderate) | |||
| CVE-2021-22925 | medium | — | 5.5 | 5y ago | curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parse… | |||
| CVE-2021-22876 | medium | — | 5.5 | 5y ago | curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip o… | |||
| CVE-2021-22898 | medium | — | 5.5 | 5y ago | curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers… | |||
| CVE-2021-3445 | medium | — | 5.5 | 5y ago | RHSA-2021:4464: dnf security and bug fix update (Moderate) | |||
| CVE-2021-20232 | medium | — | 5.5 | 5y ago | RHSA-2021:4451: gnutls and nettle security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-3580 | medium | — | 5.5 | 5y ago | RHSA-2021:4451: gnutls and nettle security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-20231 | medium | — | 5.5 | 5y ago | RHSA-2021:4451: gnutls and nettle security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-3565 | medium | — | 5.5 | 5y ago | RHSA-2021:4413: tpm2-tools security and enhancement update (Moderate) | |||
| CVE-2021-33560 | medium | — | 5.5 | 5y ago | RHSA-2021:4409: libgcrypt security and bug fix update (Moderate) | |||
| CVE-2021-3426 | medium | — | 5.5 | 5y ago | There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disc… | |||
| CVE-2021-3800 | medium | — | 5.5 | 5y ago | RHSA-2021:4385: glib2 security and bug fix update (Moderate) | |||
| CVE-2021-25214 | medium | — | 5.5 | 5y ago | RHSA-2021:4384: bind security and bug fix update (Moderate) | |||
| CVE-2021-28650 | medium | — | 5.5 | 5y ago | RHSA-2021:4381: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-30689 | medium | — | 5.5 | 5y ago | A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted … | |||
| CVE-2021-1799 | medium | — | 5.5 | 5y ago | A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watch… | |||
| CVE-2021-1844 | medium | — | 5.5 | 5y ago | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur… | |||
| CVE-2021-30720 | medium | — | 5.5 | 5y ago | A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to … | |||
| CVE-2021-30795 | medium | — | 5.5 | 5y ago | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web co… | |||
| CVE-2021-30797 | medium | — | 5.5 | 5y ago | This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code … | |||
| CVE-2021-30682 | medium | — | 5.5 | 5y ago | A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able… | |||
| CVE-2021-21806 | medium | — | 5.5 | 5y ago | An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution.… | |||
| CVE-2021-21779 | medium | — | 5.5 | 5y ago | A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further… | |||
| CVE-2021-30758 | medium | — | 5.5 | 5y ago | A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web conte… | |||
| CVE-2021-30749 | medium | — | 5.5 | 5y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing … | |||
| CVE-2021-21775 | medium | — | 5.5 | 5y ago | A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak… | |||
| CVE-2021-30744 | medium | — | 5.5 | 5y ago | Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big S… | |||
| CVE-2021-1765 | medium | — | 5.5 | 5y ago | This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted w… | |||
| CVE-2021-1788 | medium | — | 5.5 | 5y ago | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS… | |||
| CVE-2021-1801 | medium | — | 5.5 | 5y ago | This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.… | |||
| CVE-2021-30799 | medium | — | 5.5 | 5y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave… |