CVEs from 2021
Total
4,784
critical
critical 281
high
high 1,014
medium
medium 1,186
low
low 139
% Critical
5.9%
% with KEV
4.5%
% with exploit
5.4%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- mbed_tls 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-22900 | unknown | — | 1.5 | 5y ago | Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the admin… | |||
| CVE-2021-22894 | unknown | — | 1.5 | 5y ago | Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciously crafted meeting ro… | |||
| CVE-2021-22893 | unknown | — | 1.5 | 5y ago | Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services. | |||
| CVE-2021-1879 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, and watchOS WebKit contain an unspecified vulnerability that allows for universal cross-site scripting (XSS) when processing maliciously crafted web content. This vulnerability cou… | |||
| CVE-2021-1782 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condition vulnerability that may allow a malicious application to elevate privileges. | |||
| CVE-2021-1906 | unknown | — | 1.5 | 5y ago | Multiple Qualcomm chipsets contain a detection of error condition without action vulnerability when improper handling of address deregistration on failure can lead to new GPU address allocation failu… | |||
| CVE-2021-20022 | unknown | — | 1.5 | 5y ago | SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability ha… | |||
| CVE-2021-26858 | unknown | — | 1.5 | 5y ago | Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain. | |||
| CVE-2021-20023 | unknown | — | 1.5 | 5y ago | SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Se… | |||
| CVE-2021-27085 | unknown | — | 1.5 | 5y ago | Microsoft Internet Explorer contains an unspecified vulnerability that allows for remote code execution. | |||
| CVE-2021-27101 | unknown | — | 1.5 | 5y ago | Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to document_root.html. | |||
| CVE-2021-27103 | unknown | — | 1.5 | 5y ago | Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html. | |||
| CVE-2021-21017 | unknown | — | 1.5 | 5y ago | Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user. | |||
| CVE-2021-36742 | unknown | — | 1.5 | 5y ago | Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation. | |||
| CVE-2021-27102 | unknown | — | 1.5 | 5y ago | Accellion FTA contains an OS command injection vulnerability exploited via a local web service call. | |||
| CVE-2021-28310 | unknown | — | 1.5 | 5y ago | Microsoft Windows Win32k contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2021-28550 | unknown | — | 1.5 | 5y ago | Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user. | |||
| CVE-2021-33771 | unknown | — | 1.5 | 5y ago | Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2021-33739 | unknown | — | 1.5 | 5y ago | Microsoft Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2021-33742 | unknown | — | 1.5 | 5y ago | Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution. | |||
| CVE-2021-34448 | unknown | — | 1.5 | 5y ago | Microsoft Windows Scripting Engine contains an unspecified vulnerability that allows for memory corruption. | |||
| CVE-2021-38649 | unknown | — | 1.5 | 5y ago | Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation. | |||
| CVE-2021-36955 | unknown | — | 1.5 | 5y ago | Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2021-35211 | unknown | — | 1.5 | 5y ago | SolarWinds Serv-U contains an unspecified memory escape vulnerability which can allow for remote code execution. | |||
| CVE-2021-31199 | unknown | — | 1.5 | 5y ago | Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2021-31201 | unknown | — | 1.5 | 5y ago | Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2021-28663 | unknown | — | 1.5 | 5y ago | Arm Mali Graphics Processing Unit (GPU) kernel driver contains a use-after-free vulnerability that may allow a non-privileged user to make improper operations on GPU memory to gain root privilege, an… | |||
| CVE-2021-28664 | unknown | — | 1.5 | 5y ago | Arm Mali Graphics Processing Unit (GPU) kernel driver contains an unspecified vulnerability that may allow a non-privileged user to gain write access to read-only memory, gain root privilege, corrupt… | |||
| CVE-2021-31956 | unknown | — | 1.5 | 5y ago | Microsoft Windows New Technology File System (NTFS) contains an unspecified vulnerability that allows attackers to escalate privileges via a specially crafted application. | |||
| CVE-2021-22899 | unknown | — | 1.5 | 5y ago | Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles. | |||
| CVE-2021-30713 | unknown | — | 1.5 | 5y ago | Apple macOS Transparency, Consent, and Control (TCC) contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences. | |||
| CVE-2021-30869 | unknown | — | 1.5 | 5y ago | Apple iOS, iPadOS, and macOS contain a type confusion vulnerability in the XNU which may allow a malicious application to execute code with kernel privileges. | |||
| CVE-2021-1905 | unknown | — | 1.5 | 5y ago | Multiple Qualcomm Chipsets contain a use after free vulnerability due to improper handling of memory mapping of multiple processes simultaneously. | |||
| CVE-2021-32648 | unknown | — | 1.5 | 5y ago | In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. | |||
| CVE-2021-21315 | unknown | — | 1.5 | 5y ago | The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation b… | |||
| CVE-2021-21311 | unknown | — | 1.5 | 5y ago | Adminer contains a server-side request forgery vulnerability that, when exploited, allows a remote attacker to obtain potentially sensitive information. | |||
| CVE-2021-43116 | unknown | — | 1.0 | 4y ago | Use of Hard-coded Credentials in Nacos | |||
| CVE-2021-42697 | unknown | — | 1.0 | 4y ago | Uncontrolled Recursion in Akka HTTP | |||
| CVE-2021-22145 | unknown | — | 1.0 | 4y ago | Generation of Error Message Containing Sensitive Information in Elasticsearch | |||
| CVE-2021-38294 | unknown | — | 1.0 | 5y ago | Command injection leading to Remote Code Execution in Apache Storm | |||
| CVE-2021-34429 | unknown | — | 1.0 | 5y ago | Encoded URIs can access WEB-INF directory in Eclipse Jetty | |||
| CVE-2021-25646 | unknown | — | 1.0 | 5y ago | Code injection in Apache Druid | |||
| CVE-2021-27850 | unknown | — | 1.0 | 5y ago | Remote code execution in Apache Tapestry | |||
| CVE-2021-33561 | unknown | — | 1.0 | 5y ago | Cross-site scripting in Shopizer | |||
| CVE-2021-33562 | unknown | — | 1.0 | 5y ago | Cross-site scripting in Shopizer | |||
| CVE-2021-28164 | unknown | — | 1.0 | 5y ago | Authorization Before Parsing and Canonicalization in jetty | |||
| CVE-2021-47147 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Fix a resource leak in an error handling path If an error occurs after a successful 'pci_ioremap_bar()' call, it must b… | |||
| CVE-2021-3411 | unknown | — | — | — | A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerabili… | |||
| CVE-2021-34981 | unknown | — | — | — | Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attac… | |||
| CVE-2021-38198 | unknown | — | — | — | arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault. | |||
| CVE-2021-38160 | unknown | — | — | — | In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the… | |||
| CVE-2021-38200 | unknown | — | — | — | arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.13, on systems with perf_event_paranoid=-1 and no specific PMU driver support registered, allows local users to cause a denial of servi… | |||
| CVE-2021-38205 | unknown | — | — | — | drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real… | |||
| CVE-2021-38207 | unknown | — | — | — | drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for a… | |||
| CVE-2021-38209 | unknown | — | — | — | net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is re… | |||
| CVE-2021-39636 | unknown | — | — | — | In do_ipt_get_ctl and do_ipt_set_ctl of ip_tables.c, there is a possible way to leak kernel information due to uninitialized data. This could lead to local information disclosure with system executio… | |||
| CVE-2021-3864 | unknown | — | — | — | A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and… | |||
| CVE-2021-39634 | unknown | — | — | — | In fs/eventpoll.c, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation… | |||
| CVE-2021-39648 | unknown | — | — | — | In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileg… | |||
| CVE-2021-39656 | unknown | — | — | — | In __configfs_open_file of file.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. … | |||
| CVE-2021-45868 | unknown | — | — | — | In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if ther… | |||
| CVE-2021-46283 | unknown | — | — | — | nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of… | |||
| CVE-2021-46906 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: fix info leak in hid_submit_ctrl In hid_submit_ctrl(), the way of calculating the report length doesn't take into ac… | |||
| CVE-2021-46920 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix clobbering of SWERR overflow bit on writeback Current code blindly writes over the SWERR and the OVERFLOW bi… | |||
| CVE-2021-46923 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fs/mount_setattr: always cleanup mount_kattr Make sure that finish_mount_kattr() is called after mount_kattr was succesfully buil… | |||
| CVE-2021-46927 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert After commit 5b78ed24e8ec ("mm/pagemap: add mmap_assert_… | |||
| CVE-2021-46928 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: parisc: Clear stale IIR value on instruction access rights trap When a trap 7 (Instruction access rights) occurs, this means the … | |||
| CVE-2021-46930 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: usb: mtu3: fix list_head check warning This is caused by uninitialization of list_head. BUG: KASAN: use-after-free in __list_del… | |||
| CVE-2021-46943 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: staging/intel-ipu3: Fix set_fmt error handling If there in an error during a set_fmt, do not overwrite the previous sizes … | |||
| CVE-2021-46940 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tools/power turbostat: Fix offset overflow issue in index converting The idx_to_offset() function returns type int (32-bit signed… | |||
| CVE-2021-46941 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Do core softreset when switch mode According to the programming guide, to switch mode for DRD controller, the d… | |||
| CVE-2021-46948 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: sfc: farch: fix TX queue lookup in TX event handling We're starting from a TXQ label, not a TXQ type, so efx_channel_get_tx_queu… | |||
| CVE-2021-46950 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: md/raid1: properly indicate failure when ending a failed write request This patch addresses a data corruption bug in raid1 arrays… | |||
| CVE-2021-46956 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: virtiofs: fix memory leak in virtio_fs_probe() When accidentally passing twice the same tag to qemu, kmemleak ended up reporting … | |||
| CVE-2021-46960 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: cifs: Return correct error code from smb2_get_enc_key Avoid a warning if the error percolates back up: [440700.376476] CIFS VFS:… | |||
| CVE-2021-46971 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix unconditional security_locked_down() call Currently, the lockdown state is queried unconditionally, even though it… | |||
| CVE-2021-47049 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Use after free in __vmbus_open() The "open_info" variable is added to the &vmbus_connection.chn_msg_list, but… | |||
| CVE-2021-47050 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: memory: renesas-rpc-if: fix possible NULL pointer dereference of resource The platform_get_resource_byname() can return NULL whic… | |||
| CVE-2021-47051 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware() pm_runtime_get_sync will increment pm usage counter even i… | |||
| CVE-2021-47056 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init ADF_STATUS_PF_RUNNING is (only) used and checked by adf_vf2p… | |||
| CVE-2021-47082 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tun: avoid double free in tun_free_netdev Avoid double free in tun_free_netdev() by moving the dev->tstats and tun->security allo… | |||
| CVE-2021-47058 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: regmap: set debugfs_name to NULL after it is freed There is a upstream commit cffa4b2122f5("regmap:debugfs: Fix a memory leak whe… | |||
| CVE-2021-47064 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mt76: fix potential DMA mapping leak With buf uninitialized in mt76_dma_tx_queue_skb_raw, its field skip_unmap could potentially … | |||
| CVE-2021-47068 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/nfc: fix use-after-free llcp_sock_bind/connect Commits 8a4cd82d ("nfc: fix refcount leak in llcp_sock_connect()") and c33b1cc… | |||
| CVE-2021-47075 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nvmet: fix memory leak in nvmet_alloc_ctrl() When creating ctrl in nvmet_alloc_ctrl(), if the cntlid_min is larger than cntlid_ma… | |||
| CVE-2021-47077 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Add pointer checks in qedf_update_link_speed() The following trace was observed: [ 14.042059] Call Trace: [ 14… | |||
| CVE-2021-47087 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix incorrect page free bug Pointer to the allocated pages (struct page *page) has already progressed towards the end… | |||
| CVE-2021-47086 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: phonet/pep: refuse to enable an unbound pipe This ioctl() implicitly assumed that the socket was already bound to a valid local s… | |||
| CVE-2021-47088 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mm/damon/dbgfs: protect targets destructions with kdamond_lock DAMON debugfs interface iterates current monitoring targets in 'db… | |||
| CVE-2021-47094 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Don't advance iterator after restart due to yielding After dropping mmu_lock in the TDP MMU, restart the iterator d… | |||
| CVE-2021-47129 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: skip expectations for confirmed conntrack nft_ct_expect_obj_eval() calls nf_ct_ext_add() for a confirmed connt… | |||
| CVE-2021-47130 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nvmet: fix freeing unallocated p2pmem In case p2p device was found but the p2p pool is empty, the nvme target is still trying to … | |||
| CVE-2021-47132 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mptcp: fix sk_forward_memory corruption on retransmission MPTCP sk_forward_memory handling is a bit special, as such field is pro… | |||
| CVE-2021-47142 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix a use-after-free looks like we forget to set ttm->sg to NULL. Hit panic below [ 1235.844104] general protection … | |||
| CVE-2021-47134 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: efi/fdt: fix panic when no valid fdt found setup_arch() would invoke efi_init()->efi_get_fdt_params(). If no valid fdt found then… | |||
| CVE-2021-47138 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: cxgb4: avoid accessing registers when clearing filters Hardware register having the server TID base can contain invalid values wh… | |||
| CVE-2021-47143 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/smc: remove device from smcd_dev_list after failed device_add() If the device_add() for a smcd_dev fails, there's no cleanup … | |||
| CVE-2021-47145 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUG_ON in link_to_fixup_dir While doing error injection testing I got the following panic kernel BUG at fs/btrfs… | |||
| CVE-2021-47149 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: fujitsu: fix potential null-ptr-deref In fmvj18x_get_hwinfo(), if ioremap fails there will be NULL pointer deref. To fix thi… | |||
| CVE-2021-47150 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: fec: fix the potential memory leak in fec_enet_init() If the memory allocated for cbd_base is failed, it should free the mem… |