CVEs from 2021
Total
4,786
critical
critical 281
high
high 1,022
medium
medium 1,179
low
low 138
% Critical
5.9%
% with KEV
4.5%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- mbed_tls 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-22169 | medium | — | 5.5 | — | information disclosure in gitlab | |||
| CVE-2021-35197 | medium | — | 5.5 | — | In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a "sitewide block" applied, it is able to s… | |||
| CVE-2021-32139 | medium | — | 5.5 | — | The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |||
| CVE-2021-32137 | medium | — | 5.5 | — | Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. | |||
| CVE-2021-22567 | medium | — | 5.5 | — | multiple issues in dart | |||
| CVE-2021-28302 | medium | — | 5.5 | — | A stack overflow in pupnp before version 1.14.5 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume … | |||
| CVE-2021-3746 | medium | — | 5.5 | — | A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issu… | |||
| CVE-2021-21857 | medium | — | 5.5 | — | Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause… | |||
| CVE-2021-21847 | medium | — | 5.5 | — | Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stts”… | |||
| CVE-2021-30014 | medium | — | 5.5 | — | There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC from v0.9.0-preview to 1.0.1 which results in a crash. | |||
| CVE-2021-29279 | medium | — | 5.5 | — | There is a integer overflow in function filter_core/filter_props.c:gf_props_assign_value in GPAC 1.0.1. In which, the arg const GF_PropertyValue *value,maybe value->value.data.size is a negative numb… | |||
| CVE-2021-31214 | medium | — | 5.5 | — | arbitrary code execution in code | |||
| CVE-2021-26826 | medium | — | 5.5 | — | A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be loc… | |||
| CVE-2021-3618 | medium | — | 5.5 | — | ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certifica… | |||
| CVE-2021-38291 | medium | — | 5.5 | — | FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c. | |||
| CVE-2021-30020 | medium | — | 5.5 | — | In the function gf_hevc_read_pps_bs_internal function in media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with crafted file, pps->num_tile_columns may be larger than sizeof(pps->column_w… | |||
| CVE-2021-31260 | medium | — | 5.5 | — | The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |||
| CVE-2021-32269 | medium | — | 5.5 | — | An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function ilst_item_box_dump located in box_dump.c. It allows an attacker to cause Denial of Service. | |||
| CVE-2021-42384 | medium | — | 5.5 | — | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function | |||
| CVE-2021-36370 | medium | — | 5.5 | — | An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the… | |||
| CVE-2021-22540 | medium | — | 5.5 | — | cross-site scripting in dart | |||
| CVE-2021-3738 | medium | — | 5.5 | — | In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sa… | |||
| CVE-2021-28041 | medium | — | 5.5 | — | ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an … | |||
| CVE-2021-32268 | medium | — | 5.5 | — | Buffer overflow vulnerability in function gf_fprintf in os_file.c in gpac before 1.0.1 allows attackers to execute arbitrary code. The fixed version is 1.0.1. | |||
| CVE-2021-32271 | medium | — | 5.5 | — | An issue was discovered in gpac through 20200801. A stack-buffer-overflow exists in the function DumpRawUIConfig located in odf_dump.c. It allows an attacker to cause code Execution. | |||
| CVE-2021-21852 | medium | — | 5.5 | — | Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “stss”… | |||
| CVE-2021-39947 | medium | — | 5.5 | — | multiple issues in gitlab-runner | |||
| CVE-2021-39918 | medium | — | 5.5 | — | multiple issues in gitlab | |||
| CVE-2021-39916 | medium | — | 5.5 | — | multiple issues in gitlab | |||
| CVE-2021-35057 | medium | — | 5.5 | — | multiple issues in hyperkitty | |||
| CVE-2021-42694 | medium | — | 5.5 | — | content spoofing in rust | |||
| CVE-2021-41801 | medium | — | 5.5 | — | The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (… | |||
| CVE-2021-3496 | medium | — | 5.5 | — | A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file. | |||
| CVE-2021-34479 | medium | — | 5.5 | — | multiple issues in code | |||
| CVE-2021-26437 | medium | — | 5.5 | — | multiple issues in code | |||
| CVE-2021-40516 | medium | — | 5.5 | — | WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plug… | |||
| CVE-2021-34477 | medium | — | 5.5 | — | privilege escalation in code | |||
| CVE-2021-34529 | medium | — | 5.5 | — | arbitrary code execution in code | |||
| CVE-2021-38381 | medium | — | 5.5 | — | multiple issues in live-media | |||
| CVE-2021-32270 | medium | — | 5.5 | — | An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function vwid_box_del located in box_code_base.c. It allows an attacker to cause Denial of Service. | |||
| CVE-2021-39283 | medium | — | 5.5 | — | multiple issues in live-media | |||
| CVE-2021-32833 | medium | — | 5.5 | — | arbitrary filesystem access in emby-server | |||
| CVE-2021-39282 | medium | — | 5.5 | — | multiple issues in live-media | |||
| CVE-2021-22238 | medium | — | 5.5 | — | multiple issues in gitlab | |||
| CVE-2021-38380 | medium | — | 5.5 | — | multiple issues in live-media | |||
| CVE-2021-37594 | medium | — | 5.5 | — | In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_SIZE File Contents Request PDU. | |||
| CVE-2021-31211 | medium | — | 5.5 | — | arbitrary code execution in code | |||
| CVE-2021-22233 | medium | — | 5.5 | — | information disclosure in gitlab | |||
| CVE-2021-29968 | medium | — | 5.5 | — | When drawing text onto a canvas with WebRender disabled, an out of bounds read could occur. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability aff… | |||
| CVE-2021-26259 | medium | — | 5.5 | — | A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service. | |||
| CVE-2021-20276 | medium | — | 5.5 | — | A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service. | |||
| CVE-2021-21848 | medium | — | 5.5 | — | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The library will actually reuse the parser for at… | |||
| CVE-2021-29653 | medium | — | 5.5 | — | certificate verification bypass in vault | |||
| CVE-2021-21849 | medium | — | 5.5 | — | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an int… | |||
| CVE-2021-30154 | medium | — | 5.5 | — | An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XS… | |||
| CVE-2021-30153 | medium | — | 5.5 | — | An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an exi… | |||
| CVE-2021-30145 | medium | — | 5.5 | — | A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file. | |||
| CVE-2021-29944 | medium | — | 5.5 | — | Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. *Note: This issue o… | |||
| CVE-2021-28421 | medium | — | 5.5 | — | arbitrary code execution in fluidsynth | |||
| CVE-2021-30156 | medium | — | 5.5 | — | An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a "hidden" user exists. | |||
| CVE-2021-3407 | medium | — | 5.5 | — | A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences. | |||
| CVE-2021-22185 | medium | — | 5.5 | — | multiple issues in gitlab | |||
| CVE-2021-22172 | medium | — | 5.5 | — | information disclosure in gitlab | |||
| CVE-2021-47670 | medium | — | 5.5 | 10mo ago | In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix use after free bugs After calling peak_usb_netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the can_… | |||
| CVE-2021-47454 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/smp: do not decrement idle task preempt count in CPU offline With PREEMPT_COUNT=y, when a CPU is offlined and then online… | |||
| CVE-2021-47505 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfd_poll() and binder_poll() are special in that they use a waitque… | |||
| CVE-2021-43612 | medium | — | 5.5 | 2y ago | Moderate: lldpd security update | |||
| CVE-2021-47428 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: fix program check interrupt emergency stack path Emergency stack path was jumping into a 3: label inside the __GEN_C… | |||
| CVE-2021-47429 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix unrecoverable MCE calling async handler from NMI The machine check handler is not considered NMI on 64s. The ear… | |||
| CVE-2021-47457 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible() Using wait_event_interruptible() to wait for complet… | |||
| CVE-2021-47185 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc When running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm6… | |||
| CVE-2021-47098 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations Commit b50aa49638c7 ("hwmon: (lm90) Prevent integer u… | |||
| CVE-2021-47383 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2021-47385 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2021-47459 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2021-47400 | medium | — | 5.5 | 2y ago | Moderate: kernel security and bug fix update | |||
| CVE-2021-41092 | medium | — | 5.5 | 2y ago | Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configur… | |||
| CVE-2021-41089 | medium | — | 5.5 | 2y ago | Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted… | |||
| CVE-2021-47055 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mtd: require write permissions for locking and badblock ioctls MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus requir… | |||
| CVE-2021-46934 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: i2c: validate user data in compat ioctl Wrong user data may cause warning in i2c_transfer(), ex: zero msgs. Userspace should not … | |||
| CVE-2021-47013 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send In emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..). If… | |||
| CVE-2021-47118 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: pid: take a reference when initializing `cad_pid` During boot, kernel_init_freeable() initializes `cad_pid` to the init task's st… | |||
| CVE-2021-47153 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Don't generate an interrupt on bus reset Now that the i2c-i801 driver supports interrupts, setting the KILL bit in a a… | |||
| CVE-2021-47171 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: usb: fix memory leak in smsc75xx_bind Syzbot reported memory leak in smsc75xx_bind(). The problem was is non-freed memory in… | |||
| CVE-2021-3753 | medium | — | 5.5 | 2y ago | A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_i… | |||
| CVE-2021-4204 | medium | — | 5.5 | 2y ago | An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or l… | |||
| CVE-2021-47316 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: nfsd: fix NULL dereference in nfs3svc_encode_getaclres In error cases the dentry may be NULL. Before 20798dfe249a, the encoder a… | |||
| CVE-2021-41244 | medium | — | 5.5 | 2y ago | access restriction bypass in grafana | |||
| CVE-2021-41072 | medium | — | 5.5 | 2y ago | Moderate: squashfs-tools security update | |||
| CVE-2021-40153 | medium | — | 5.5 | 2y ago | Moderate: squashfs-tools security update | |||
| CVE-2021-41043 | medium | — | 5.5 | 2y ago | RHSA-2024:0769: tcpdump security update (Moderate) | |||
| CVE-2021-29390 | medium | — | 5.5 | 2y ago | Moderate: libjpeg-turbo security update | |||
| CVE-2021-3382 | medium | — | 5.5 | 2y ago | Buffer Overflow in gitea in code.gitea.io/gitea | |||
| CVE-2021-47188 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Improve SCSI abort handling The following has been observed on a test setup: WARNING: CPU: 4 PID: 250 at driver… | |||
| CVE-2021-47002 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix null pointer dereference in svc_rqst_free() When alloc_pages_node() returns null in svc_rqst_alloc(), the null rq_scr… | |||
| CVE-2021-41091 | medium | — | 5.5 | 2y ago | Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirec… | |||
| CVE-2021-21334 | medium | — | 5.5 | 2y ago | containerd environment variable leak | |||
| CVE-2021-3282 | medium | — | 5.5 | 2y ago | Improper Authentication in HashiCorp Vault in github.com/hashicorp/vault | |||
| CVE-2021-21285 | medium | — | 5.5 | 2y ago | In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain… | |||
| CVE-2021-21284 | medium | — | 5.5 | 2y ago | In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns… |