CVEs from 2021
Total
4,791
critical
critical 281
high
high 1,022
medium
medium 1,179
low
low 138
% Critical
5.9%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- mbed_tls 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-2001 | medium | — | 5.5 | 5y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2010 | medium | — | 5.5 | 5y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2389 | medium | — | 5.5 | 5y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2011 | medium | — | 5.5 | 5y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2021 | medium | — | 5.5 | 5y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2022 | medium | — | 5.5 | 5y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2024 | medium | — | 5.5 | 5y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2028 | medium | — | 5.5 | 5y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2429 | medium | — | 5.5 | 5y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2030 | medium | — | 5.5 | 5y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2031 | medium | — | 5.5 | 5y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2032 | medium | — | 5.5 | 5y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2036 | medium | — | 5.5 | 5y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2038 | medium | — | 5.5 | 5y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2042 | medium | — | 5.5 | 5y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2372 | medium | — | 5.5 | 5y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-36222 | medium | — | 5.5 | 5y ago | RHSA-2021:3576: krb5 security update (Moderate) | |||
| CVE-2021-37750 | medium | — | 5.5 | 5y ago | RHSA-2021:3576: krb5 security update (Moderate) | |||
| CVE-2021-22924 | medium | — | 5.5 | 5y ago | libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take… | |||
| CVE-2021-22922 | medium | — | 5.5 | 5y ago | When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to … | |||
| CVE-2021-29923 | medium | — | 5.5 | 5y ago | RHSA-2021:3585: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2021-22923 | medium | — | 5.5 | 5y ago | When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to e… | |||
| CVE-2021-39214 | medium | — | 5.5 | 5y ago | mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This m… | |||
| CVE-2021-3653 | medium | — | 5.5 | 5y ago | A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a ne… | |||
| CVE-2021-32839 | medium | — | 5.5 | 5y ago | sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may c… | |||
| CVE-2021-36156 | medium | — | 5.5 | 5y ago | Path traversal in Grafana Loki | |||
| CVE-2021-39163 | medium | — | 5.5 | 5y ago | Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the name, avatar, topic and number of members of a room if t… | |||
| CVE-2021-39164 | medium | — | 5.5 | 5y ago | Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership (list of members, with their display names) o… | |||
| CVE-2021-37701 | medium | — | 5.5 | 5y ago | RHSA-2022:0350: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-37712 | medium | — | 5.5 | 5y ago | RHSA-2022:0350: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-38553 | medium | — | 5.5 | 5y ago | HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0 in github.com/hashicorp/vault | |||
| CVE-2021-38554 | medium | — | 5.5 | 5y ago | Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault | |||
| CVE-2021-3712 | medium | — | 5.5 | 5y ago | RHSA-2021:5226: openssl security update (Moderate) | |||
| CVE-2021-22942 | medium | — | 5.5 | 5y ago | A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website. | |||
| CVE-2021-3504 | medium | — | 5.5 | 5y ago | RHSA-2021:3061: virt:rhel and virt-devel:rhel security and bug fix update (Moderate) | |||
| CVE-2021-3416 | medium | — | 5.5 | 5y ago | A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA c… | |||
| CVE-2021-20221 | medium | — | 5.5 | 5y ago | An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing … | |||
| CVE-2021-28876 | medium | — | 5.5 | 5y ago | In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator pani… | |||
| CVE-2021-28875 | medium | — | 5.5 | 5y ago | In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow. | |||
| CVE-2021-28877 | medium | — | 5.5 | 5y ago | In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation du… | |||
| CVE-2021-28878 | medium | — | 5.5 | 5y ago | In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are use… | |||
| CVE-2021-3429 | medium | — | 5.5 | 5y ago | RHSA-2021:3081: cloud-init security update (Moderate) | |||
| CVE-2021-28879 | medium | — | 5.5 | 5y ago | In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is u… | |||
| CVE-2021-31162 | medium | — | 5.5 | 5y ago | In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics. | |||
| CVE-2021-3798 | medium | — | 5.5 | 5y ago | RHBA-2021:3054: opencryptoki bug fix and enhancement update (Moderate) | |||
| CVE-2021-23418 | medium | — | 5.5 | 5y ago | The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks. | |||
| CVE-2021-32760 | medium | — | 5.5 | 5y ago | Archive package allows chmod of file outside of unpack target directory in github.com/containerd/containerd | |||
| CVE-2021-31292 | medium | — | 5.5 | 5y ago | RHSA-2021:4319: compat-exiv2-026 security update (Moderate) | |||
| CVE-2021-32610 | medium | — | 5.5 | 5y ago | RHSA-2022:7628: php:7.4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2369 | medium | — | 5.5 | 5y ago | RHSA-2021:4089: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2021-2341 | medium | — | 5.5 | 5y ago | RHSA-2021:4089: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2021-36213 | medium | — | 5.5 | 5y ago | HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul | |||
| CVE-2021-32574 | medium | — | 5.5 | 5y ago | Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul | |||
| CVE-2021-3602 | medium | — | 5.5 | 5y ago | RHSA-2021:4222: container-tools:3.0 security and bug fix update (Moderate) | |||
| CVE-2021-36753 | medium | — | 5.5 | 5y ago | Uncontrolled Search Path Element in sharkdp/bat | |||
| CVE-2021-32740 | medium | — | 5.5 | 5y ago | Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through v… | |||
| CVE-2021-3520 | medium | — | 5.5 | 5y ago | RHSA-2021:2575: lz4 security update (Moderate) | |||
| CVE-2021-3516 | medium | — | 5.5 | 5y ago | There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this … | |||
| CVE-2021-3541 | medium | — | 5.5 | 5y ago | A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. | |||
| CVE-2021-20271 | medium | — | 5.5 | 5y ago | RHSA-2021:2574: rpm security update (Moderate) | |||
| CVE-2021-3421 | medium | — | 5.5 | 5y ago | RHSA-2021:2574: rpm security update (Moderate) | |||
| CVE-2021-3514 | medium | — | 5.5 | 5y ago | RHSA-2021:2595: 389-ds:1.4 security and bug fix update (Moderate) | |||
| CVE-2021-28211 | medium | — | 5.5 | 5y ago | RHSA-2021:2591: edk2 security update (Moderate) | |||
| CVE-2021-32690 | medium | — | 5.5 | 5y ago | information disclosure in helm | |||
| CVE-2021-32659 | medium | — | 5.5 | 5y ago | Automatic room upgrade handling can be used maliciously to bridge a room non-consentually | |||
| CVE-2021-31800 | medium | — | 5.5 | 5y ago | Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ direc… | |||
| CVE-2021-33026 | medium | — | 5.5 | 5y ago | The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache st… | |||
| CVE-2021-26291 | medium | — | 5.5 | 5y ago | Origin Validation Error in Apache Maven | |||
| CVE-2021-34363 | medium | — | 5.5 | 5y ago | The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature. | |||
| CVE-2021-3013 | medium | — | 5.5 | 5y ago | ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag. | |||
| CVE-2021-33880 | medium | — | 5.5 | 5y ago | The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An … | |||
| CVE-2021-33571 | medium | — | 5.5 | 5y ago | In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This m… | |||
| CVE-2021-33203 | medium | — | 5.5 | 5y ago | Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the exis… | |||
| CVE-2021-32677 | medium | — | 5.5 | 5y ago | FastAPI is a web framework for building APIs with Python 3.6+ based on standard Python type hints. FastAPI versions lower than 0.65.2 that used cookies for authentication in path operations that rece… | |||
| CVE-2021-32052 | medium | — | 5.5 | 5y ago | In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application… | |||
| CVE-2021-3533 | medium | — | 5.5 | 5y ago | A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious,… | |||
| CVE-2021-32923 | medium | — | 5.5 | 5y ago | Invalid session token expiration in github.com/hashicorp/vault | |||
| CVE-2021-28677 | medium | — | 5.5 | 5y ago | RHSA-2021:4149: python-pillow security update (Moderate) | |||
| CVE-2021-25288 | medium | — | 5.5 | 5y ago | RHSA-2021:4149: python-pillow security update (Moderate) | |||
| CVE-2021-28678 | medium | — | 5.5 | 5y ago | RHSA-2021:4149: python-pillow security update (Moderate) | |||
| CVE-2021-28675 | medium | — | 5.5 | 5y ago | RHSA-2021:4149: python-pillow security update (Moderate) | |||
| CVE-2021-25287 | medium | — | 5.5 | 5y ago | RHSA-2021:4149: python-pillow security update (Moderate) | |||
| CVE-2021-28676 | medium | — | 5.5 | 5y ago | RHSA-2021:4149: python-pillow security update (Moderate) | |||
| CVE-2021-3522 | medium | 5.5 | 5.5 | 5y ago | GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags. | |||
| CVE-2021-33038 | medium | — | 5.5 | 5y ago | An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty through 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the duration… | |||
| CVE-2021-20178 | medium | — | 5.5 | 5y ago | information disclosure in ansible | |||
| CVE-2021-20191 | medium | — | 5.5 | 5y ago | information disclosure in ansible | |||
| CVE-2021-33503 | medium | — | 5.5 | 5y ago | RHSA-2021:4162: python38:3.8 and python38-devel:3.8 security update (Moderate) | |||
| CVE-2021-25735 | medium | — | 5.5 | 5y ago | A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Adm… | |||
| CVE-2021-21404 | medium | — | 5.5 | 5y ago | Syncthing is a continuous file synchronization program. In Syncthing before version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit by sending a relay message with a negative le… | |||
| CVE-2021-3177 | medium | — | 5.5 | 5y ago | RHSA-2021:1879: python38:3.8 security update (Moderate) | |||
| CVE-2021-20225 | medium | — | 5.5 | 5y ago | RHSA-2021:2566: fwupd security update (Moderate) | |||
| CVE-2021-20233 | medium | — | 5.5 | 5y ago | RHSA-2021:2566: fwupd security update (Moderate) | |||
| CVE-2021-1825 | medium | — | 5.5 | 5y ago | An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS … | |||
| CVE-2021-1817 | medium | — | 5.5 | 5y ago | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web… | |||
| CVE-2021-1820 | medium | — | 5.5 | 5y ago | A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted … | |||
| CVE-2021-1826 | medium | — | 5.5 | 5y ago | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lea… | |||
| CVE-2021-3326 | medium | — | 5.5 | 5y ago | RHSA-2021:1585: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-20297 | medium | — | 5.5 | 5y ago | RHSA-2021:1574: NetworkManager and libnma security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-0326 | medium | — | 5.5 | 5y ago | RHSA-2021:1686: wpa_supplicant security, bug fix, and enhancement update (Moderate) |