CVEs from 2021
Total
4,796
critical
critical 280
high
high 1,019
medium
medium 1,175
low
low 138
% Critical
5.8%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- communications_unified_inventory_management 7
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-29948 | high | — | 8.0 | 5y ago | multiple issues in thunderbird | |||
| CVE-2021-29946 | high | — | 8.0 | 5y ago | Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox … | |||
| CVE-2021-23961 | high | — | 8.0 | 5y ago | Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine.… | |||
| CVE-2021-23998 | high | — | 8.0 | 5y ago | Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Fir… | |||
| CVE-2021-23995 | high | — | 8.0 | 5y ago | When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulner… | |||
| CVE-2021-23994 | high | — | 8.0 | 5y ago | A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. | |||
| CVE-2021-29945 | high | — | 8.0 | 5y ago | The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffect… | |||
| CVE-2021-20277 | high | — | 8.0 | 5y ago | RHSA-2021:1197: libldb security update (Important) | |||
| CVE-2021-20305 | high | — | 8.0 | 5y ago | RHSA-2021:1206: gnutls and nettle security update (Important) | |||
| CVE-2021-28165 | high | — | 8.0 | 5y ago | Jetty vulnerable to incorrect handling of invalid large TLS frame, exhausting CPU resources | |||
| CVE-2021-27365 | high | — | 8.0 | 5y ago | An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged use… | |||
| CVE-2021-27364 | high | — | 8.0 | 5y ago | An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. | |||
| CVE-2021-27363 | high | — | 8.0 | 5y ago | An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the… | |||
| CVE-2021-26708 | high | — | 8.0 | 5y ago | A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The ra… | |||
| CVE-2021-21381 | high | — | 8.0 | 5y ago | RHSA-2021:1068: flatpak security update (Important) | |||
| CVE-2021-4127 | high | — | 8.0 | 5y ago | RHSA-2021:0993: thunderbird security update (Important) | |||
| CVE-2021-23981 | high | — | 8.0 | 5y ago | A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information lea… | |||
| CVE-2021-23984 | high | — | 8.0 | 5y ago | A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could ha… | |||
| CVE-2021-23982 | high | — | 8.0 | 5y ago | Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRT… | |||
| CVE-2021-23987 | high | — | 8.0 | 5y ago | Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enoug… | |||
| CVE-2021-20179 | high | — | 8.0 | 5y ago | RHSA-2021:0966: pki-core:10.6 security update (Important) | |||
| CVE-2021-28363 | high | — | 8.0 | 5y ago | The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't … | |||
| CVE-2021-20262 | high | — | 8.0 | 5y ago | Keycloak Missing authentication for critical function | |||
| CVE-2021-27803 | high | — | 8.0 | 5y ago | RHSA-2021:0809: wpa_supplicant security update (Important) | |||
| CVE-2021-22883 | high | — | 8.0 | 5y ago | RHSA-2021:0744: nodejs:14 security and bug fix update (Important) | |||
| CVE-2021-22884 | high | — | 8.0 | 5y ago | RHSA-2021:0744: nodejs:14 security and bug fix update (Important) | |||
| CVE-2021-23978 | high | — | 8.0 | 5y ago | Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |||
| CVE-2021-23969 | high | — | 8.0 | 5y ago | As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s no… | |||
| CVE-2021-23973 | high | — | 8.0 | 5y ago | When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerab… | |||
| CVE-2021-23968 | high | — | 8.0 | 5y ago | If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be u… | |||
| CVE-2021-20230 | high | — | 8.0 | 5y ago | RHSA-2021:0618: stunnel security update (Important) | |||
| CVE-2021-27135 | high | — | 8.0 | 5y ago | RHSA-2021:0611: xterm security update (Important) | |||
| CVE-2021-21261 | high | — | 8.0 | 5y ago | RHSA-2021:0304: flatpak security update (Important) | |||
| CVE-2021-23960 | high | — | 8.0 | 5y ago | Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, an… | |||
| CVE-2021-23964 | high | — | 8.0 | 5y ago | Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |||
| CVE-2021-23953 | high | — | 8.0 | 5y ago | If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects … | |||
| CVE-2021-23954 | high | — | 8.0 | 5y ago | Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability … | |||
| CVE-2021-21241 | high | — | 8.0 | 6y ago | The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of … | |||
| CVE-2021-2160 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2021-2016 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2021-2144 | high | — | 8.0 | 6y ago | RHSA-2020:5500: mariadb:10.3 security, bug fix, and enhancement update (Important) | |||
| CVE-2021-2020 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2021-2012 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2021-2019 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2021-2006 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2021-2009 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2021-1998 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2021-20188 | high | — | 8.0 | 6y ago | RHSA-2021:0706: container-tools:2.0 security update (Important) | |||
| CVE-2021-33630 | high | — | 8.0 | 6y ago | NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation. This vulnerability is associated with program files net/sched/sch_cbs.C. This issue… | |||
| CVE-2021-47974 | high | 7.8 | 7.8 | 19d ago | VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to escalate privileges. Attackers can place ma… | |||
| CVE-2021-47945 | high | 7.8 | 7.8 | 25d ago | Argus Surveillance DVR 4.0 contains an unquoted service path vulnerability in the DVRWatchdog service that allows local attackers to escalate privileges by exploiting the service binary path. Attacke… | |||
| CVE-2021-47107 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix READDIR buffer overflow If a client sends a READDIR count argument that is too small (say, zero), then the buffer size … | |||
| CVE-2021-4019 | high | 7.8 | 7.8 | 4y ago | RHSA-2022:0366: vim security update (Moderate) | |||
| CVE-2021-43875 | high | 7.8 | 7.8 | 5y ago | Microsoft Office Graphics Remote Code Execution Vulnerability | |||
| CVE-2021-43256 | high | 7.8 | 7.8 | 5y ago | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2021-42296 | high | 7.8 | 7.8 | 5y ago | Microsoft Word Remote Code Execution Vulnerability | |||
| CVE-2021-43209 | high | 7.8 | 7.8 | 5y ago | 3D Viewer Remote Code Execution Vulnerability | |||
| CVE-2021-31983 | high | 7.8 | 7.8 | 5y ago | Paint 3D Remote Code Execution Vulnerability | |||
| CVE-2021-31946 | high | 7.8 | 7.8 | 5y ago | Paint 3D Remote Code Execution Vulnerability | |||
| CVE-2021-31942 | high | 7.8 | 7.8 | 5y ago | 3D Viewer Remote Code Execution Vulnerability | |||
| CVE-2021-28465 | high | 7.8 | 7.8 | 5y ago | Web Media Extensions Remote Code Execution Vulnerability | |||
| CVE-2021-28464 | high | 7.8 | 7.8 | 5y ago | VP9 Video Extensions Remote Code Execution Vulnerability | |||
| CVE-2021-45031 | high | 7.7 | 7.7 | 4y ago | A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords. | |||
| CVE-2021-47977 | high | 7.5 | 7.5 | 19d ago | WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the f… | |||
| CVE-2021-47973 | high | 7.5 | 7.5 | 19d ago | Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can gener… | |||
| CVE-2021-47972 | high | 7.5 | 7.5 | 19d ago | Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can p… | |||
| CVE-2021-47971 | high | 7.5 | 7.5 | 19d ago | My Notes Safe 5.3 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a pa… | |||
| CVE-2021-47970 | high | 7.5 | 7.5 | 19d ago | Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can generate a payload… | |||
| CVE-2021-47969 | high | 7.5 | 7.5 | 19d ago | Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payl… | |||
| CVE-2021-47942 | high | 7.5 | 7.5 | 19d ago | Home Assistant Community Store (HACS) prior to 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfile… | |||
| CVE-2021-47959 | high | 7.5 | 7.5 | 20d ago | WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields… | |||
| CVE-2021-47944 | high | 7.5 | 7.5 | 25d ago | memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character buffers into note fields. Attackers can generate a p… | |||
| CVE-2021-47815 | high | 7.5 | 7.5 | 5mo ago | Nsauditor 3.2.3 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can paste a large buffer of 256 repeated char… | |||
| CVE-2021-26423 | high | 7.5 | 7.5 | 4y ago | RHSA-2021:3148: .NET 5.0 security and bugfix update (Important) | |||
| CVE-2021-1723 | high | 7.5 | 7.5 | 4y ago | RHSA-2021:0095: dotnet3.1 security and bugfix update (Important) | |||
| CVE-2021-22788 | high | 7.5 | 7.5 | 4y ago | A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modic… | |||
| CVE-2021-22787 | high | 7.5 | 7.5 | 4y ago | A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affe… | |||
| CVE-2021-22785 | high | 7.5 | 7.5 | 4y ago | A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server … | |||
| CVE-2021-4104 | high | 7.5 | 7.5 | 5y ago | RHSA-2022:0290: parfait:0.5 security update (Important) | |||
| CVE-2021-22792 | high | 7.5 | 7.5 | 5y ago | A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted proj… | |||
| CVE-2021-38202 | high | 7.5 | 7.5 | 5y ago | fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is bei… | |||
| CVE-2021-22926 | high | 7.5 | 7.5 | 5y ago | libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is bui… | |||
| CVE-2021-22766 | high | 7.5 | 7.5 | 5y ago | A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafte… | |||
| CVE-2021-32926 | high | 7.5 | 7.5 | 5y ago | When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an … | |||
| CVE-2021-27386 | high | 7.5 | 7.5 | 5y ago | A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (in… | |||
| CVE-2021-27385 | high | 7.5 | 7.5 | 5y ago | A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (in… | |||
| CVE-2021-27383 | high | 7.5 | 7.5 | 5y ago | A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (in… | |||
| CVE-2021-25662 | high | 7.5 | 7.5 | 5y ago | A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (in… | |||
| CVE-2021-25661 | high | 7.5 | 7.5 | 5y ago | A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (in… | |||
| CVE-2021-25660 | high | 7.5 | 7.5 | 5y ago | A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (in… | |||
| CVE-2021-29241 | high | 7.5 | 7.5 | 5y ago | CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). | |||
| CVE-2021-22713 | high | 7.5 | 7.5 | 5y ago | A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 (see security … | |||
| CVE-2021-22703 | high | 7.5 | 7.5 | 5y ago | A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affec… | |||
| CVE-2021-22702 | high | 7.5 | 7.5 | 5y ago | A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notifica… | |||
| CVE-2021-47975 | high | 7.2 | 7.2 | 19d ago | WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the `fieldtitle` parameter. Attackers can submit … | |||
| CVE-2021-47963 | high | 7.2 | 7.2 | 20d ago | Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. A… | |||
| CVE-2021-36898 | high | 7.2 | 7.2 | 4y ago | Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress. | |||
| CVE-2021-47980 | high | 7.1 | 7.1 | 19d ago | Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log i… | |||
| CVE-2021-4090 | high | 7.1 | 7.1 | 4y ago | An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmval[bmlen-1] in nfsd4_decode_bitmap4 in fs/nfsd/nfs4xdr.c. In this flaw… | |||
| CVE-2021-30952 | medium | — | 7.0 | 3mo ago | Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code executio… |