CVEs from 2021
Total
4,796
critical
critical 280
high
high 1,019
medium
medium 1,175
low
low 138
% Critical
5.8%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- communications_unified_inventory_management 7
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-25741 | high | — | 8.0 | 5y ago | A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host file… | |||
| CVE-2021-41133 | high | — | 8.0 | 5y ago | RHSA-2021:4042: flatpak security update (Important) | |||
| CVE-2021-41146 | high | — | 8.0 | 5y ago | qutebrowser is an open source keyboard-focused browser with a minimal GUI. Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers a `qutebrowserurl:` URL handler. With cert… | |||
| CVE-2021-35565 | high | — | 8.0 | 5y ago | RHSA-2022:0345: java-1.8.0-ibm security update (Important) | |||
| CVE-2021-35588 | high | — | 8.0 | 5y ago | RHSA-2021:3893: java-1.8.0-openjdk security and bug fix update (Important) | |||
| CVE-2021-32675 | high | — | 8.0 | 5y ago | RHSA-2021:3945: redis:6 security update (Important) | |||
| CVE-2021-32627 | high | — | 8.0 | 5y ago | RHSA-2021:3945: redis:6 security update (Important) | |||
| CVE-2021-32626 | high | — | 8.0 | 5y ago | RHSA-2021:3945: redis:6 security update (Important) | |||
| CVE-2021-32628 | high | — | 8.0 | 5y ago | RHSA-2021:3945: redis:6 security update (Important) | |||
| CVE-2021-32687 | high | — | 8.0 | 5y ago | RHSA-2021:3945: redis:6 security update (Important) | |||
| CVE-2021-41099 | high | — | 8.0 | 5y ago | RHSA-2021:3945: redis:6 security update (Important) | |||
| CVE-2021-38502 | high | — | 8.0 | 5y ago | RHSA-2021:3838: thunderbird security update (Important) | |||
| CVE-2021-41355 | high | — | 8.0 | 5y ago | RHSA-2021:3819: .NET 5.0 security and bugfix update (Important) | |||
| CVE-2021-26691 | high | — | 8.0 | 5y ago | In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow | |||
| CVE-2021-38496 | high | — | 8.0 | 5y ago | During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbir… | |||
| CVE-2021-38497 | high | — | 8.0 | 5y ago | Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerabil… | |||
| CVE-2021-38500 | high | — | 8.0 | 5y ago | Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |||
| CVE-2021-38501 | high | — | 8.0 | 5y ago | Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |||
| CVE-2021-38498 | high | — | 8.0 | 5y ago | During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Fire… | |||
| CVE-2021-28378 | high | — | 8.0 | 5y ago | Cross-site Scripting in Gitea in code.gitea.io/gitea | |||
| CVE-2021-22930 | high | — | 8.0 | 5y ago | RHSA-2021:3666: nodejs:14 security and bug fix update (Important) | |||
| CVE-2021-41098 | high | — | 8.0 | 5y ago | Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by de… | |||
| CVE-2021-35042 | high | — | 8.0 | 5y ago | Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application. | |||
| CVE-2021-22940 | high | — | 8.0 | 5y ago | RHSA-2021:3666: nodejs:14 security and bug fix update (Important) | |||
| CVE-2021-22939 | high | — | 8.0 | 5y ago | RHSA-2021:3666: nodejs:14 security and bug fix update (Important) | |||
| CVE-2021-22931 | high | — | 8.0 | 5y ago | RHSA-2021:3666: nodejs:14 security and bug fix update (Important) | |||
| CVE-2021-40823 | high | — | 8.0 | 5y ago | A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encrypti… | |||
| CVE-2021-33582 | high | — | 8.0 | 5y ago | RHSA-2021:3492: cyrus-imapd security update (Important) | |||
| CVE-2021-38493 | high | — | 8.0 | 5y ago | Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… | |||
| CVE-2021-37137 | high | — | 8.0 | 5y ago | SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way | |||
| CVE-2021-37136 | high | — | 8.0 | 5y ago | Bzip2Decoder doesn't allow setting size restrictions for decompressed data | |||
| CVE-2021-38698 | high | — | 8.0 | 5y ago | HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul | |||
| CVE-2021-37219 | high | — | 8.0 | 5y ago | HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul | |||
| CVE-2021-37218 | high | — | 8.0 | 5y ago | Privilege escalation in Hashicorp Nomad in github.com/hashicorp/nomad | |||
| CVE-2021-37576 | high | — | 8.0 | 5y ago | arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e. | |||
| CVE-2021-38201 | high | — | 8.0 | 5y ago | net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations. | |||
| CVE-2021-39156 | high | — | 8.0 | 5y ago | Istio Fragments in Path May Lead to Authorization Policy Bypass | |||
| CVE-2021-39155 | high | — | 8.0 | 5y ago | Authorization Policy Bypass Due to Case Insensitive Host Comparison | |||
| CVE-2021-39137 | high | — | 8.0 | 5y ago | Consensus flaw during block processing in github.com/ethereum/go-ethereum | |||
| CVE-2021-34532 | high | — | 8.0 | 5y ago | RHSA-2021:3148: .NET 5.0 security and bugfix update (Important) | |||
| CVE-2021-3246 | high | — | 8.0 | 5y ago | RHSA-2021:3253: libsndfile security update (Important) | |||
| CVE-2021-3711 | high | — | 8.0 | 5y ago | In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "o… | |||
| CVE-2021-32798 | high | — | 8.0 | 5y ago | The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Goo… | |||
| CVE-2021-32797 | high | — | 8.0 | 5y ago | JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterL… | |||
| CVE-2021-31291 | high | — | 8.0 | 5y ago | RHSA-2021:3153: compat-exiv2-026 security update (Important) | |||
| CVE-2021-3621 | high | — | 8.0 | 5y ago | RHSA-2021:3151: sssd security update (Important) | |||
| CVE-2021-29985 | high | — | 8.0 | 5y ago | A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR… | |||
| CVE-2021-29989 | high | — | 8.0 | 5y ago | Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… | |||
| CVE-2021-29988 | high | — | 8.0 | 5y ago | Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Th… | |||
| CVE-2021-29986 | high | — | 8.0 | 5y ago | A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are … | |||
| CVE-2021-29980 | high | — | 8.0 | 5y ago | Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunder… | |||
| CVE-2021-29984 | high | — | 8.0 | 5y ago | Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploi… | |||
| CVE-2021-23343 | high | — | 8.0 | 5y ago | RHSA-2021:3666: nodejs:14 security and bug fix update (Important) | |||
| CVE-2021-27218 | high | — | 8.0 | 5y ago | RHSA-2021:4526: mingw-glib2 security, bug fix, and enhancement update (Important) | |||
| CVE-2021-3609 | high | — | 8.0 | 5y ago | .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This… | |||
| CVE-2021-22543 | high | — | 8.0 | 5y ago | An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This… | |||
| CVE-2021-38575 | high | — | 8.0 | 5y ago | RHSA-2021:3066: edk2 security update (Important) | |||
| CVE-2021-32804 | high | — | 8.0 | 5y ago | RHSA-2021:3666: nodejs:14 security and bug fix update (Important) | |||
| CVE-2021-32803 | high | — | 8.0 | 5y ago | RHSA-2021:3666: nodejs:14 security and bug fix update (Important) | |||
| CVE-2021-36740 | high | — | 8.0 | 5y ago | Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, a… | |||
| CVE-2021-32810 | high | — | 8.0 | 5y ago | crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more … | |||
| CVE-2021-29969 | high | — | 8.0 | 5y ago | multiple issues in thunderbird | |||
| CVE-2021-2388 | high | — | 8.0 | 5y ago | RHSA-2021:2781: java-11-openjdk security update (Important) | |||
| CVE-2021-33910 | high | — | 8.0 | 5y ago | basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker)… | |||
| CVE-2021-32399 | high | — | 8.0 | 5y ago | net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. | |||
| CVE-2021-33909 | high | — | 8.0 | 5y ago | fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root b… | |||
| CVE-2021-30547 | high | — | 8.0 | 5y ago | Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||
| CVE-2021-29976 | high | — | 8.0 | 5y ago | Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort s… | |||
| CVE-2021-29970 | high | — | 8.0 | 5y ago | A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerabili… | |||
| CVE-2021-3570 | high | — | 8.0 | 5y ago | RHSA-2021:2660: linuxptp security update (Important) | |||
| CVE-2021-33034 | high | — | 8.0 | 5y ago | In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. | |||
| CVE-2021-33829 | high | — | 8.0 | 5y ago | ckeditor4 vulnerable to cross-site scripting | |||
| CVE-2021-32027 | high | — | 8.0 | 5y ago | RHSA-2021:2375: postgresql:13 security update (Important) | |||
| CVE-2021-32029 | high | — | 8.0 | 5y ago | RHSA-2021:2375: postgresql:13 security update (Important) | |||
| CVE-2021-3393 | high | — | 8.0 | 5y ago | RHSA-2021:2372: postgresql:12 security update (Important) | |||
| CVE-2021-30465 | high | — | 8.0 | 5y ago | RHSA-2021:2371: container-tools:rhel8 security update (Important) | |||
| CVE-2021-33516 | high | — | 8.0 | 5y ago | RHSA-2021:2363: gupnp security update (Important) | |||
| CVE-2021-32028 | high | — | 8.0 | 5y ago | RHSA-2021:2375: postgresql:13 security update (Important) | |||
| CVE-2021-25217 | high | — | 8.0 | 5y ago | RHSA-2021:2359: dhcp security update (Important) | |||
| CVE-2021-31957 | high | — | 8.0 | 5y ago | RHSA-2021:2353: .NET 5.0 security and bugfix update (Important) | |||
| CVE-2021-20195 | high | — | 8.0 | 5y ago | keycloak Self Stored Cross-site Scripting vulnerability | |||
| CVE-2021-29967 | high | — | 8.0 | 5y ago | Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… | |||
| CVE-2021-3551 | high | — | 8.0 | 5y ago | RHSA-2021:2235: pki-core:10.6 security update (Important) | |||
| CVE-2021-27219 | high | — | 8.0 | 5y ago | RHSA-2021:4526: mingw-glib2 security, bug fix, and enhancement update (Important) | |||
| CVE-2021-3543 | high | — | 8.0 | 5y ago | A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use thi… | |||
| CVE-2021-3501 | high | — | 8.0 | 5y ago | A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could l… | |||
| CVE-2021-31204 | high | — | 8.0 | 5y ago | RHSA-2021:2037: dotnet3.1 security and bugfix update (Important) | |||
| CVE-2021-29477 | high | — | 8.0 | 5y ago | RHSA-2021:2034: redis:6 security update (Important) | |||
| CVE-2021-3480 | high | — | 8.0 | 5y ago | RHSA-2021:1983: idm:DL1 security update (Important) | |||
| CVE-2021-0605 | high | — | 8.0 | 5y ago | In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed.… | |||
| CVE-2021-0342 | high | — | 8.0 | 5y ago | In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction is … | |||
| CVE-2021-25215 | high | — | 8.0 | 5y ago | RHSA-2021:1989: bind security update (Important) | |||
| CVE-2021-3428 | high | — | 8.0 | 5y ago | A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating a… | |||
| CVE-2021-24122 | high | — | 8.0 | 5y ago | When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to … | |||
| CVE-2021-20222 | high | — | 8.0 | 5y ago | Code injection in keycloak | |||
| CVE-2021-22112 | high | — | 8.0 | 5y ago | Privilege escalation in spring security | |||
| CVE-2021-3450 | high | — | 8.0 | 5y ago | RHSA-2021:1024: openssl security update (Important) | |||
| CVE-2021-3449 | high | — | 8.0 | 5y ago | RHSA-2021:1024: openssl security update (Important) | |||
| CVE-2021-29948 | high | — | 8.0 | 5y ago | multiple issues in thunderbird | |||
| CVE-2021-29946 | high | — | 8.0 | 5y ago | Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox … |