CVEs from 2021
Total
4,788
critical
critical 281
high
high 1,022
medium
medium 1,179
low
low 138
% Critical
5.9%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- mbed_tls 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-23995 | high | — | 8.0 | 5y ago | When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulner… | |||
| CVE-2021-23961 | high | — | 8.0 | 5y ago | Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine.… | |||
| CVE-2021-29946 | high | — | 8.0 | 5y ago | Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox … | |||
| CVE-2021-24002 | high | — | 8.0 | 5y ago | When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. Th… | |||
| CVE-2021-23999 | high | — | 8.0 | 5y ago | If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vul… | |||
| CVE-2021-23994 | high | — | 8.0 | 5y ago | A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. | |||
| CVE-2021-23998 | high | — | 8.0 | 5y ago | Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Fir… | |||
| CVE-2021-20277 | high | — | 8.0 | 5y ago | RHSA-2021:1197: libldb security update (Important) | |||
| CVE-2021-20305 | high | — | 8.0 | 5y ago | RHSA-2021:1206: gnutls and nettle security update (Important) | |||
| CVE-2021-28165 | high | — | 8.0 | 5y ago | Jetty vulnerable to incorrect handling of invalid large TLS frame, exhausting CPU resources | |||
| CVE-2021-26708 | high | — | 8.0 | 5y ago | A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The ra… | |||
| CVE-2021-27365 | high | — | 8.0 | 5y ago | An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged use… | |||
| CVE-2021-27364 | high | — | 8.0 | 5y ago | An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. | |||
| CVE-2021-27363 | high | — | 8.0 | 5y ago | An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the… | |||
| CVE-2021-21381 | high | — | 8.0 | 5y ago | RHSA-2021:1068: flatpak security update (Important) | |||
| CVE-2021-4127 | high | — | 8.0 | 5y ago | RHSA-2021:0993: thunderbird security update (Important) | |||
| CVE-2021-23981 | high | — | 8.0 | 5y ago | A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information lea… | |||
| CVE-2021-23987 | high | — | 8.0 | 5y ago | Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enoug… | |||
| CVE-2021-23982 | high | — | 8.0 | 5y ago | Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRT… | |||
| CVE-2021-23984 | high | — | 8.0 | 5y ago | A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could ha… | |||
| CVE-2021-20179 | high | — | 8.0 | 5y ago | RHSA-2021:0966: pki-core:10.6 security update (Important) | |||
| CVE-2021-28363 | high | — | 8.0 | 5y ago | The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't … | |||
| CVE-2021-20262 | high | — | 8.0 | 5y ago | Keycloak Missing authentication for critical function | |||
| CVE-2021-27803 | high | — | 8.0 | 5y ago | RHSA-2021:0809: wpa_supplicant security update (Important) | |||
| CVE-2021-22883 | high | — | 8.0 | 5y ago | RHSA-2021:0744: nodejs:14 security and bug fix update (Important) | |||
| CVE-2021-22884 | high | — | 8.0 | 5y ago | RHSA-2021:0744: nodejs:14 security and bug fix update (Important) | |||
| CVE-2021-23978 | high | — | 8.0 | 5y ago | Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |||
| CVE-2021-23968 | high | — | 8.0 | 5y ago | If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be u… | |||
| CVE-2021-23969 | high | — | 8.0 | 5y ago | As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s no… | |||
| CVE-2021-23973 | high | — | 8.0 | 5y ago | When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerab… | |||
| CVE-2021-20230 | high | — | 8.0 | 5y ago | RHSA-2021:0618: stunnel security update (Important) | |||
| CVE-2021-27135 | high | — | 8.0 | 5y ago | RHSA-2021:0611: xterm security update (Important) | |||
| CVE-2021-21261 | high | — | 8.0 | 5y ago | RHSA-2021:0304: flatpak security update (Important) | |||
| CVE-2021-23953 | high | — | 8.0 | 5y ago | If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects … | |||
| CVE-2021-23964 | high | — | 8.0 | 5y ago | Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |||
| CVE-2021-23954 | high | — | 8.0 | 5y ago | Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability … | |||
| CVE-2021-23960 | high | — | 8.0 | 5y ago | Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, an… | |||
| CVE-2021-21241 | high | — | 8.0 | 6y ago | The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of … | |||
| CVE-2021-2160 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2021-2144 | high | — | 8.0 | 6y ago | RHSA-2020:5500: mariadb:10.3 security, bug fix, and enhancement update (Important) | |||
| CVE-2021-1998 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2021-2019 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2021-2020 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2021-2016 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2021-2012 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2021-2006 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2021-2009 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2021-20188 | high | — | 8.0 | 6y ago | RHSA-2021:0706: container-tools:2.0 security update (Important) | |||
| CVE-2021-33630 | high | — | 8.0 | 6y ago | NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation. This vulnerability is associated with program files net/sched/sch_cbs.C. This issue… | |||
| CVE-2021-47974 | high | 7.8 | 7.8 | 21d ago | VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to escalate privileges. Attackers can place ma… | |||
| CVE-2021-47945 | high | 7.8 | 7.8 | 27d ago | Argus Surveillance DVR 4.0 contains an unquoted service path vulnerability in the DVRWatchdog service that allows local attackers to escalate privileges by exploiting the service binary path. Attacke… | |||
| CVE-2021-47107 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix READDIR buffer overflow If a client sends a READDIR count argument that is too small (say, zero), then the buffer size … | |||
| CVE-2021-43619 | high | 7.8 | 7.8 | 4y ago | Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations. | |||
| CVE-2021-4019 | high | 7.8 | 7.8 | 4y ago | RHSA-2022:0366: vim security update (Moderate) | |||
| CVE-2021-43875 | high | 7.8 | 7.8 | 5y ago | Microsoft Office Graphics Remote Code Execution Vulnerability | |||
| CVE-2021-43256 | high | 7.8 | 7.8 | 5y ago | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2021-44149 | high | 7.8 | 7.8 | 5y ago | An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, res… | |||
| CVE-2021-42296 | high | 7.8 | 7.8 | 5y ago | Microsoft Word Remote Code Execution Vulnerability | |||
| CVE-2021-43209 | high | 7.8 | 7.8 | 5y ago | 3D Viewer Remote Code Execution Vulnerability | |||
| CVE-2021-31983 | high | 7.8 | 7.8 | 5y ago | Paint 3D Remote Code Execution Vulnerability | |||
| CVE-2021-31946 | high | 7.8 | 7.8 | 5y ago | Paint 3D Remote Code Execution Vulnerability | |||
| CVE-2021-31942 | high | 7.8 | 7.8 | 5y ago | 3D Viewer Remote Code Execution Vulnerability | |||
| CVE-2021-28465 | high | 7.8 | 7.8 | 5y ago | Web Media Extensions Remote Code Execution Vulnerability | |||
| CVE-2021-28464 | high | 7.8 | 7.8 | 5y ago | VP9 Video Extensions Remote Code Execution Vulnerability | |||
| CVE-2021-45031 | high | 7.7 | 7.7 | 4y ago | A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords. | |||
| CVE-2021-47977 | high | 7.5 | 7.5 | 21d ago | WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the f… | |||
| CVE-2021-47973 | high | 7.5 | 7.5 | 21d ago | Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can gener… | |||
| CVE-2021-47972 | high | 7.5 | 7.5 | 21d ago | Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can p… | |||
| CVE-2021-47971 | high | 7.5 | 7.5 | 21d ago | My Notes Safe 5.3 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a pa… | |||
| CVE-2021-47970 | high | 7.5 | 7.5 | 21d ago | Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can generate a payload… | |||
| CVE-2021-47969 | high | 7.5 | 7.5 | 21d ago | Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payl… | |||
| CVE-2021-47942 | high | 7.5 | 7.5 | 21d ago | Home Assistant Community Store (HACS) prior to 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfile… | |||
| CVE-2021-47959 | high | 7.5 | 7.5 | 22d ago | WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields… | |||
| CVE-2021-47944 | high | 7.5 | 7.5 | 27d ago | memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character buffers into note fields. Attackers can generate a p… | |||
| CVE-2021-47815 | high | 7.5 | 7.5 | 5mo ago | Nsauditor 3.2.3 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can paste a large buffer of 256 repeated char… | |||
| CVE-2021-26423 | high | 7.5 | 7.5 | 4y ago | RHSA-2021:3148: .NET 5.0 security and bugfix update (Important) | |||
| CVE-2021-1723 | high | 7.5 | 7.5 | 4y ago | RHSA-2021:0095: dotnet3.1 security and bugfix update (Important) | |||
| CVE-2021-22788 | high | 7.5 | 7.5 | 4y ago | A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modic… | |||
| CVE-2021-22787 | high | 7.5 | 7.5 | 4y ago | A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affe… | |||
| CVE-2021-22785 | high | 7.5 | 7.5 | 4y ago | A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server … | |||
| CVE-2021-45450 | high | 7.5 | 7.5 | 5y ago | In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible t… | |||
| CVE-2021-4104 | high | 7.5 | 7.5 | 5y ago | RHSA-2022:0290: parfait:0.5 security update (Important) | |||
| CVE-2021-22792 | high | 7.5 | 7.5 | 5y ago | A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted proj… | |||
| CVE-2021-38202 | high | 7.5 | 7.5 | 5y ago | fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is bei… | |||
| CVE-2021-22926 | high | 7.5 | 7.5 | 5y ago | libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is bui… | |||
| CVE-2021-22766 | high | 7.5 | 7.5 | 5y ago | A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafte… | |||
| CVE-2021-32926 | high | 7.5 | 7.5 | 5y ago | When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an … | |||
| CVE-2021-27386 | high | 7.5 | 7.5 | 5y ago | A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (in… | |||
| CVE-2021-27385 | high | 7.5 | 7.5 | 5y ago | A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (in… | |||
| CVE-2021-27383 | high | 7.5 | 7.5 | 5y ago | A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (in… | |||
| CVE-2021-25662 | high | 7.5 | 7.5 | 5y ago | A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (in… | |||
| CVE-2021-25661 | high | 7.5 | 7.5 | 5y ago | A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (in… | |||
| CVE-2021-25660 | high | 7.5 | 7.5 | 5y ago | A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (in… | |||
| CVE-2021-29241 | high | 7.5 | 7.5 | 5y ago | CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). | |||
| CVE-2021-22713 | high | 7.5 | 7.5 | 5y ago | A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 (see security … | |||
| CVE-2021-22703 | high | 7.5 | 7.5 | 5y ago | A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affec… | |||
| CVE-2021-22702 | high | 7.5 | 7.5 | 5y ago | A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notifica… | |||
| CVE-2021-47975 | high | 7.2 | 7.2 | 21d ago | WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the `fieldtitle` parameter. Attackers can submit … | |||
| CVE-2021-47963 | high | 7.2 | 7.2 | 22d ago | Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. A… | |||
| CVE-2021-36898 | high | 7.2 | 7.2 | 4y ago | Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress. |