CVEs from 2021
Total
4,791
critical
critical 281
high
high 1,022
medium
medium 1,179
low
low 138
% Critical
5.9%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- mbed_tls 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-35635 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-35623 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-35591 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2481 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-35633 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-35608 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-35546 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-35624 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-35640 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-35634 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-35638 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-35637 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-35602 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-35627 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-35630 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2479 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-35636 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-3807 | medium | — | 5.5 | 4y ago | RHSA-2022:6449: nodejs:16 security and bug fix update (Moderate) | |||
| CVE-2021-33502 | medium | — | 5.5 | 4y ago | RHSA-2022:0350: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-3563 | medium | — | 5.5 | 4y ago | A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. … | |||
| CVE-2021-46664 | medium | — | 5.5 | 4y ago | RHSA-2022:6443: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2021-46659 | medium | — | 5.5 | 4y ago | RHSA-2022:6443: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2021-46665 | medium | — | 5.5 | 4y ago | RHSA-2022:6443: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2021-46668 | medium | — | 5.5 | 4y ago | RHSA-2022:6443: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2021-46663 | medium | — | 5.5 | 4y ago | RHSA-2022:6443: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2021-46661 | medium | — | 5.5 | 4y ago | RHSA-2022:6443: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2021-46669 | medium | — | 5.5 | 4y ago | RHSA-2022:6443: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2021-4207 | medium | — | 5.5 | 4y ago | A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor… | |||
| CVE-2021-4206 | medium | — | 5.5 | 4y ago | A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-base… | |||
| CVE-2021-41041 | medium | — | 5.5 | 4y ago | RHSA-2022:5837: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2021-42343 | medium | — | 5.5 | 4y ago | An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults… | |||
| CVE-2021-40528 | medium | — | 5.5 | 4y ago | RHSA-2022:5311: libgcrypt security update (Moderate) | |||
| CVE-2021-38297 | medium | — | 5.5 | 4y ago | RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2021-41800 | medium | — | 5.5 | 4y ago | MediaWiki allows a denial of service | |||
| CVE-2021-21683 | medium | — | 5.5 | 4y ago | Path traversal vulnerability on Windows in Jenkins | |||
| CVE-2021-21682 | medium | — | 5.5 | 4y ago | Improper handling of equivalent directory names on Windows in Jenkins | |||
| CVE-2021-40347 | medium | — | 5.5 | 4y ago | An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker (logged into any account) can send a crafted POST request to unsubscribe any user from a mailing list, also… | |||
| CVE-2021-31525 | medium | — | 5.5 | 4y ago | net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client ca… | |||
| CVE-2021-30458 | medium | — | 5.5 | 4y ago | Wikimedia Parsoid vulnerable to Cross-site Scripting (XSS) | |||
| CVE-2021-21640 | medium | — | 5.5 | 4y ago | View name validation bypass in Jenkins | |||
| CVE-2021-21639 | medium | — | 5.5 | 4y ago | Lack of type validation in agent related REST API in Jenkins | |||
| CVE-2021-21615 | medium | — | 5.5 | 4y ago | Time-of-check Time-of-use (TOCTOU) Race Condition in Jenkins | |||
| CVE-2021-3537 | medium | — | 5.5 | 4y ago | A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed … | |||
| CVE-2021-3518 | medium | — | 5.5 | 4y ago | There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greates… | |||
| CVE-2021-3517 | medium | — | 5.5 | 4y ago | There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affec… | |||
| CVE-2021-39293 | medium | — | 5.5 | 4y ago | RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2021-46143 | medium | — | 5.5 | 4y ago | RHSA-2022:7692: xmlrpc-c security update (Moderate) | |||
| CVE-2021-3672 | medium | — | 5.5 | 4y ago | RHSA-2022:2043: c-ares security update (Moderate) | |||
| CVE-2021-3737 | medium | — | 5.5 | 4y ago | A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinit… | |||
| CVE-2021-4189 | medium | — | 5.5 | 4y ago | A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. … | |||
| CVE-2021-33515 | medium | — | 5.5 | 4y ago | The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address. | |||
| CVE-2021-36160 | medium | — | 5.5 | 4y ago | A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). | |||
| CVE-2021-33193 | medium | — | 5.5 | 4y ago | A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.… | |||
| CVE-2021-44224 | medium | — | 5.5 | 4y ago | A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can all… | |||
| CVE-2021-4213 | medium | — | 5.5 | 4y ago | RHSA-2022:1851: pki-core:10.6 security and bug fix update (Moderate) | |||
| CVE-2021-38593 | medium | — | 5.5 | 4y ago | RHSA-2022:1796: qt5-qtbase security update (Moderate) | |||
| CVE-2021-43860 | medium | — | 5.5 | 4y ago | RHSA-2022:1792: flatpak security and bug fix update (Moderate) | |||
| CVE-2021-25634 | medium | — | 5.5 | 4y ago | LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature … | |||
| CVE-2021-25635 | medium | — | 5.5 | 4y ago | An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature al… | |||
| CVE-2021-25633 | medium | — | 5.5 | 4y ago | LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature … | |||
| CVE-2021-39256 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-39259 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-33287 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-35266 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-35268 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-35267 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-3975 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-35269 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-3716 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-3622 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-39251 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-39252 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-39254 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-39257 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-33289 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-39263 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-39258 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-39255 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-39261 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-20196 | medium | — | 5.5 | 4y ago | A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a blo… | |||
| CVE-2021-33286 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-33285 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-4145 | medium | — | 5.5 | 4y ago | A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's no… | |||
| CVE-2021-3748 | medium | — | 5.5 | 4y ago | A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the… | |||
| CVE-2021-39253 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-39260 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-39262 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-38165 | medium | — | 5.5 | 4y ago | Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. | |||
| CVE-2021-45444 | medium | — | 5.5 | 4y ago | RHSA-2022:2120: zsh security update (Moderate) | |||
| CVE-2021-25219 | medium | — | 5.5 | 4y ago | RHSA-2022:2092: bind security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-3660 | medium | — | 5.5 | 4y ago | Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be use… | |||
| CVE-2021-3698 | medium | — | 5.5 | 4y ago | A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates t… | |||
| CVE-2021-38185 | medium | — | 5.5 | 4y ago | RHSA-2022:1991: cpio security update (Moderate) | |||
| CVE-2021-36386 | medium | — | 5.5 | 4y ago | RHSA-2022:1964: fetchmail security update (Moderate) | |||
| CVE-2021-39272 | medium | — | 5.5 | 4y ago | RHSA-2022:1964: fetchmail security update (Moderate) | |||
| CVE-2021-44225 | medium | — | 5.5 | 4y ago | RHSA-2022:1930: keepalived security and bug fix update (Moderate) | |||
| CVE-2021-45930 | medium | — | 5.5 | 4y ago | RHSA-2022:1920: qt5-qtsvg security update (Moderate) | |||
| CVE-2021-39191 | medium | — | 5.5 | 4y ago | RHSA-2022:1823: mod_auth_openidc:2.3 security update (Moderate) | |||
| CVE-2021-32792 | medium | — | 5.5 | 4y ago | RHSA-2022:1823: mod_auth_openidc:2.3 security update (Moderate) | |||
| CVE-2021-32786 | medium | — | 5.5 | 4y ago | RHSA-2022:1823: mod_auth_openidc:2.3 security update (Moderate) |