CVEs from 2021
Total
4,786
critical
critical 281
high
high 1,022
medium
medium 1,179
low
low 138
% Critical
5.9%
% with KEV
4.5%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- mbed_tls 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-3671 | low | — | 2.5 | — | A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samb… | |||
| CVE-2021-27212 | low | — | 2.5 | — | In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemo… | |||
| CVE-2021-32613 | low | — | 2.5 | — | In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS. | |||
| CVE-2021-3474 | low | — | 2.5 | — | There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with app… | |||
| CVE-2021-37623 | low | — | 2.5 | — | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infini… | |||
| CVE-2021-22173 | low | — | 2.5 | — | Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file | |||
| CVE-2021-22207 | low | — | 2.5 | — | Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file | |||
| CVE-2021-22235 | low | — | 2.5 | — | Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file | |||
| CVE-2021-39929 | low | — | 2.5 | — | Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file | |||
| CVE-2021-3476 | low | — | 2.5 | — | A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially aff… | |||
| CVE-2021-3478 | low | — | 2.5 | — | There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory… | |||
| CVE-2021-20296 | low | — | 2.5 | — | A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could ca… | |||
| CVE-2021-36690 | low | — | 2.5 | — | A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance o… | |||
| CVE-2021-32707 | low | — | 2.5 | — | information disclosure in nextcloud-app-mail | |||
| CVE-2021-3903 | low | — | 2.5 | 2y ago | vim is vulnerable to Heap-based Buffer Overflow | |||
| CVE-2021-3826 | low | — | 2.5 | 3y ago | Low: gdb security update | |||
| CVE-2021-43618 | low | — | 2.5 | 3y ago | Low: gmp security and enhancement update | |||
| CVE-2021-46195 | low | — | 2.5 | 4y ago | Low: mingw-gcc security and bug fix update | |||
| CVE-2021-3507 | low | — | 2.5 | 4y ago | A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers fr… | |||
| CVE-2021-44269 | low | — | 2.5 | 4y ago | RHSA-2022:7558: wavpack security update (Low) | |||
| CVE-2021-3981 | low | — | 2.5 | 4y ago | RHSA-2022:2110: grub2 security, bug fix, and enhancement update (Low) | |||
| CVE-2021-3634 | low | — | 2.5 | 4y ago | RHSA-2022:2031: libssh security, bug fix, and enhancement update (Low) | |||
| CVE-2021-3802 | low | — | 2.5 | 4y ago | RHSA-2022:1820: udisks2 security and bug fix update (Low) | |||
| CVE-2021-41229 | low | — | 2.5 | 4y ago | RHSA-2022:2081: bluez security update (Low) | |||
| CVE-2021-23222 | low | — | 2.5 | 4y ago | RHSA-2022:1891: libpq security update (Low) | |||
| CVE-2021-3461 | low | — | 2.5 | 4y ago | Keycloak insufficient session expiration | |||
| CVE-2021-4091 | low | — | 2.5 | 4y ago | RHSA-2022:0889: 389-ds:1.4 security and bug fix update (Low) | |||
| CVE-2021-20257 | low | — | 2.5 | 5y ago | An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized wi… | |||
| CVE-2021-3930 | low | — | 2.5 | 5y ago | An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). … | |||
| CVE-2021-43668 | low | — | 2.5 | 5y ago | Denial of Service in Go-Ethereum | |||
| CVE-2021-3572 | low | — | 2.5 | 5y ago | A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest… | |||
| CVE-2021-20266 | low | — | 2.5 | 5y ago | RHSA-2021:4489: rpm security, bug fix, and enhancement update (Low) | |||
| CVE-2021-3200 | low | — | 2.5 | 5y ago | Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c… | |||
| CVE-2021-43566 | low | — | 2.5 | 5y ago | RHBA-2021:4438: samba bug fix and enhancement update (Low) | |||
| CVE-2021-20269 | low | — | 2.5 | 5y ago | RHSA-2021:4404: kexec-tools security, bug fix, and enhancement update (Low) | |||
| CVE-2021-3828 | low | — | 2.5 | 5y ago | nltk is vulnerable to Inefficient Regular Expression Complexity | |||
| CVE-2021-37860 | low | — | 2.5 | 5y ago | Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server | |||
| CVE-2021-40839 | low | — | 2.5 | 5y ago | The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory. | |||
| CVE-2021-25737 | low | — | 2.5 | 5y ago | A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or … | |||
| CVE-2021-23437 | low | — | 2.5 | 5y ago | The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. | |||
| CVE-2021-22918 | low | — | 2.5 | 5y ago | Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whethe… | |||
| CVE-2021-3652 | low | — | 2.5 | 5y ago | RHSA-2021:3079: 389-ds:1.4 security and bug fix update (Low) | |||
| CVE-2021-29063 | low | — | 2.5 | 5y ago | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 when the mpmathify function is called. | |||
| CVE-2021-32813 | low | — | 2.5 | 5y ago | Header dropping in traefik in github.com/traefik/traefik | |||
| CVE-2021-36374 | low | — | 2.5 | 5y ago | Improper Handling of Length Parameter Inconsistency in Apache Ant | |||
| CVE-2021-36373 | low | — | 2.5 | 5y ago | Improper Handling of Length Parameter Inconsistency in Apache Ant | |||
| CVE-2021-21303 | low | — | 2.5 | 5y ago | insufficient validation in helm | |||
| CVE-2021-29956 | low | — | 2.5 | 5y ago | multiple issues in thunderbird | |||
| CVE-2021-29957 | low | — | 2.5 | 5y ago | multiple issues in thunderbird | |||
| CVE-2021-31542 | low | — | 2.5 | 5y ago | In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names. | |||
| CVE-2021-26813 | low | — | 2.5 | 5y ago | markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or de… | |||
| CVE-2021-20201 | low | — | 2.5 | 5y ago | RHSA-2021:1924: spice security update (Low) | |||
| CVE-2021-23240 | low | — | 2.5 | 5y ago | selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary … | |||
| CVE-2021-23239 | low | — | 2.5 | 5y ago | The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled… | |||
| CVE-2021-32618 | low | — | 2.5 | 5y ago | The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is an independently maintained version of Flask-Security based on the 3.0.0 version of… | |||
| CVE-2021-27919 | low | — | 2.5 | 5y ago | archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any fi… | |||
| CVE-2021-28658 | low | — | 2.5 | 5y ago | In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were no… | |||
| CVE-2021-3281 | low | — | 2.5 | 5y ago | In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal … | |||
| CVE-2021-21330 | low | — | 2.5 | 5y ago | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based… | |||
| CVE-2021-21236 | low | — | 2.5 | 6y ago | CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression denial of service (REDoS) vulnerability. When process… |