CVEs from 2021
Total
4,786
critical
critical 281
high
high 1,022
medium
medium 1,179
low
low 138
% Critical
5.9%
% with KEV
4.5%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- mbed_tls 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-47254 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in gfs2_glock_shrink_scan The GLF_LRU flag is checked under lru_lock in gfs2_glock_remove_from_lru() to … | |||
| CVE-2021-47258 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix error handling of scsi_host_alloc() After device is initialized via device_initialize(), or its name is set via d… | |||
| CVE-2021-47259 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: NFS: Fix use-after-free in nfs4_init_client() KASAN reports a use-after-free when attempting to mount two different exports throu… | |||
| CVE-2021-47260 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a potential NULL dereference in nfs_get_client() None of the callers are expecting NULL returns from nfs_get_client() so… | |||
| CVE-2021-47261 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix initializing CQ fragments buffer The function init_cq_frag_buf() can be called to initialize the current CQ fragment… | |||
| CVE-2021-47263 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: gpio: wcd934x: Fix shift-out-of-bounds error bit-mask for pins 0 to 4 is BIT(0) to BIT(4) however we ended up with BIT(n - 1) whi… | |||
| CVE-2021-47264 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Fix Null-point-dereference in fmt_single_name() Check the return value of devm_kstrdup() in case of Null-point-derefe… | |||
| CVE-2021-47269 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: ep0: fix NULL pointer exception There is no validation of the index from dwc3_wIndex_to_dep() and we might be referrin… | |||
| CVE-2021-47270 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: usb: fix various gadgets null ptr deref on 10gbps cabling. This avoids a null pointer dereference in f_{ecm,eem,hid,loopback,prin… | |||
| CVE-2021-47271 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: usb: cdnsp: Fix deadlock issue in cdnsp_thread_irq_handler Patch fixes the following critical issue caused by deadlock which has … | |||
| CVE-2021-47272 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Bail from dwc3_gadget_exit() if dwc->gadget is NULL There exists a possible scenario in which dwc3_gadget_init… | |||
| CVE-2021-47273 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: usb: dwc3-meson-g12a: fix usb2 PHY glue init when phy0 is disabled When only PHY1 is used (for example on Odroid-HC4), the regmap… | |||
| CVE-2021-47278 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bus: mhi: pci_generic: Fix possible use-after-free in mhi_pci_remove() This driver's remove path calls del_timer(). However, that… | |||
| CVE-2021-47276 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ftrace: Do not blindly read the ip address in ftrace_bug() It was reported that a bug on arm64 caused a bad ip address to be used… | |||
| CVE-2021-47277 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: kvm: avoid speculation-based attacks from out-of-range memslot accesses KVM's mechanism for accessing guest memory translates a g… | |||
| CVE-2021-47279 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: usb: misc: brcmstb-usb-pinmap: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_… | |||
| CVE-2021-47305 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: dma-buf/sync_file: Don't leak fences on merge failure Each add_fence() call does a dma_fence_get() on the relevant fence. In the… | |||
| CVE-2021-47309 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: validate lwtstate->data before returning from skb_tunnel_info() skb_tunnel_info() returns pointer of lwtstate->data as ip_tu… | |||
| CVE-2021-47315 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: memory: fsl_ifc: fix leak of IO mapping on probe failure On probe error the driver should unmap the IO memory. Smatch reports: … | |||
| CVE-2021-47317 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: powerpc/bpf: Fix detecting BPF atomic instructions Commit 91c960b0056672 ("bpf: Rename BPF_XADD and prepare to encode other atomi… | |||
| CVE-2021-47350 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fix lockup on kernel exec fault The powerpc kernel is not prepared to handle exec faults from kernel. Especially, the… | |||
| CVE-2021-47355 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: atm: nicstar: Fix possible use-after-free in nicstar_cleanup() This module's remove path calls del_timer(). However, that functio… | |||
| CVE-2021-47354 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/sched: Avoid data corruptions Wait for all dependencies of a job to complete before killing it to avoid data corruptions. | |||
| CVE-2021-47367 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix pages leaking when building skb in big mode We try to use build_skb() if we had sufficient tailroom. But we forge… | |||
| CVE-2021-47364 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: comedi: Fix memory leak in compat_insnlist() `compat_insnlist()` handles the 32-bit version of the `COMEDI_INSNLIST` ioctl (whenw… | |||
| CVE-2021-47362 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Update intermediate power state for SI Update the current state as boot state during dpm initialization. During the s… | |||
| CVE-2021-47410 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix svm_migrate_fini warning Device manager releases device-specific resources when a driver disconnects from a devic… | |||
| CVE-2021-47415 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mvm: Fix possible NULL dereference In __iwl_mvm_remove_time_event() check that 'te_data->vif' is NULL before dereferenci… | |||
| CVE-2021-47420 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix a potential ttm->sg memory leak Memory is allocated for ttm->sg by kmalloc in kfd_mem_dmamap_userptr, but isn't f… | |||
| CVE-2021-47416 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: phy: mdio: fix memory leak Syzbot reported memory leak in MDIO bus interface, the problem was in wrong state logic. MDIOBUS_ALLO… | |||
| CVE-2021-47421 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: handle the case of pci_channel_io_frozen only in amdgpu_pci_resume In current code, when a PCI error state pci_channe… | |||
| CVE-2021-47423 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/debugfs: fix file release memory leak When using single_open() for opening, single_release() should be called, otherw… | |||
| CVE-2021-47417 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: libbpf: Fix memory leak in strset Free struct strset itself, not just its internal parts. | |||
| CVE-2021-47422 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/kms/nv50-: fix file release memory leak When using single_open() for opening, single_release() should be called, othe… | |||
| CVE-2021-47387 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: cpufreq: schedutil: Use kobject release() method to free sugov_tunables The struct sugov_tunables is protected by the kobject, so… | |||
| CVE-2021-47470 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mm, slub: fix potential use-after-free in slab_debugfs_fops When sysfs_slab_add failed, we shouldn't call debugfs_slab_add() for … | |||
| CVE-2021-47477 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: comedi: dt9812: fix DMA buffers on stack USB transfer buffers are typically mapped for DMA and must not be allocated on the stack… | |||
| CVE-2021-47471 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm: mxsfb: Fix NULL pointer dereference crash on unload The mxsfb->crtc.funcs may already be NULL when unloading the driver, in … | |||
| CVE-2021-47473 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() Commit 8c0eb596baa5 ("[SCSI] qla2xxx: Fix a memory lea… | |||
| CVE-2021-47474 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix bulk-buffer overflow The driver is using endpoint-sized buffers but must not assume that the tx and rx buffe… | |||
| CVE-2021-47475 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix transfer-buffer overflows The driver uses endpoint-sized USB transfer buffers but up until recently had no s… | |||
| CVE-2021-47478 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: isofs: Fix out of bound access for corrupted isofs image When isofs image is suitably corrupted isofs_read_inode() can read data … | |||
| CVE-2021-47489 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix even more out of bound writes from debugfs CVE-2021-42327 was fixed by: commit f23750b5b3d98653b31d4469592935ef6… | |||
| CVE-2021-47480 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: core: Put LLD module refcnt after SCSI device is released SCSI host release is triggered when SCSI device is freed. We have… | |||
| CVE-2021-47482 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: batman-adv: fix error handling Syzbot reported ODEBUG warning in batadv_nc_mesh_free(). The problem was in wrong error handl… | |||
| CVE-2021-47494 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: cfg80211: fix management registrations locking The management registrations locking was broken, the list was locked for each wdev… | |||
| CVE-2021-47483 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: regmap: Fix possible double-free in regcache_rbtree_exit() In regcache_rbtree_insert_to_block(), when 'present' realloc failed, t… | |||
| CVE-2021-47539 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() Need to call rxrpc_put_peer() for bundle candidate before kfree() as it hold… | |||
| CVE-2021-47546 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ipv6: fix memory leak in fib6_rule_suppress The kernel leaks memory when a `fib` rule is present in IPv6 nftables firewall rules … | |||
| CVE-2021-47549 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl When the `rmmod sata_fsl.ko` command is executed in the PPC64 GNU/Lin… | |||
| CVE-2021-47550 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: fix potential memleak In function amdgpu_get_xgmi_hive, when kobject_init_and_add failed There is a potential mem… | |||
| CVE-2021-47449 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ice: fix locking for Tx timestamp tracking flush Commit 4dd0d5c33c3e ("ice: add lock around Tx timestamp tracker flush") added a … | |||
| CVE-2021-47551 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again In SRIOV configuration, the reset may failed to bring… | |||
| CVE-2021-47554 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: vdpa_sim: avoid putting an uninitialized iova_domain The system will crash if we put an uninitialized iova_domain, this could hap… | |||
| CVE-2021-47555 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix underflow for the real_dev refcnt Inject error before dev_hold(real_dev) in register_vlan_dev(), and execute the f… | |||
| CVE-2021-47571 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() The free_rtllib() function frees the "dev" pointer so there is … | |||
| CVE-2021-47637 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix deadlock in concurrent rename whiteout and inode writeback Following hung tasks: [ 77.028764] task:kworker/u8:4 s… | |||
| CVE-2021-47640 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: powerpc/kasan: Fix early region not updated correctly The shadow's page table is not updated when PTE_RPN_SHIFT is 24 and PAGE_SH… | |||
| CVE-2021-47645 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com On the case tmp_dcim=1, the index of buff… | |||
| CVE-2021-47648 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix a memory leak in 'host1x_remove()' Add a missing 'host1x_channel_list_free()' call in the remove function, as al… | |||
| CVE-2021-47651 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: soc: qcom: rpmpd: Check for null return of devm_kcalloc Because of the possible failure of the allocation, data->domains might be… | |||
| CVE-2021-47588 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: sit: do not call ipip6_dev_free() from sit_init_net() ipip6_dev_free is sit dev->priv_destructor, already called by register_netd… | |||
| CVE-2021-38023 | unknown | — | — | — | Use after free in Extensions in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2021-47083 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: pinctrl: mediatek: fix global-out-of-bounds issue When eint virtual eint number is greater than gpio number, it maybe produce 'de… | |||
| CVE-2021-47091 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mac80211: fix locking in ieee80211_start_ap error path We need to hold the local->mtx to release the channel context, as even enc… | |||
| CVE-2021-21440 | unknown | — | — | — | Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS … | |||
| CVE-2021-46747 | unknown | — | — | 5d ago | Insufficient granularity of access control in ASP (AMD Secure Processor) may allow an attacker with an untrusted user space application to map sensitive SMN (System Management Network) apertures lead… | |||
| CVE-2021-47621 | unknown | — | — | 2y ago | ClassGraph XML External Entity Reference | |||
| CVE-2021-3754 | unknown | — | — | 2y ago | Keycloak's improper input validation allows using email as username | |||
| CVE-2021-22573 | unknown | — | — | 2y ago | google-oauth-java-client improperly verifies cryptographic signature | |||
| CVE-2021-28656 | unknown | — | — | 2y ago | Apache Zeppelin CSRF vulnerability in the Credentials page | |||
| CVE-2021-29038 | unknown | — | — | 2y ago | Liferay Portal and Liferay DXP Does Not Obfuscate Password Reminder Answers | |||
| CVE-2021-29050 | unknown | — | — | 2y ago | Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery in Terms of Use Page | |||
| CVE-2021-37942 | unknown | — | — | 3y ago | APM Java Agent Local Privilege Escalation issue | |||
| CVE-2021-32050 | unknown | — | — | 3y ago | Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data… | |||
| CVE-2021-28655 | unknown | — | — | 3y ago | Apache Zeppelin Improper Input Validation vulnerability | |||
| CVE-2021-31635 | unknown | — | — | 3y ago | jFinal Server-Side Template Injection vulnerability | |||
| CVE-2021-40331 | unknown | — | — | 3y ago | Apache Ranger Hive Plugin missing permissions check | |||
| CVE-2021-28235 | unknown | — | — | 3y ago | Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function. | |||
| CVE-2021-46877 | unknown | — | — | 3y ago | jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonN… | |||
| CVE-2021-37305 | unknown | — | — | 3y ago | Insecure Permissions issue in jeecg-boot | |||
| CVE-2021-37306 | unknown | — | — | 3y ago | Insecure Permissions issue in jeecg-boot | |||
| CVE-2021-37304 | unknown | — | — | 3y ago | Insecure Permissions issue in jeecg-boot | |||
| CVE-2021-32828 | unknown | — | — | 4y ago | Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution | |||
| CVE-2021-32824 | unknown | — | — | 4y ago | Apache Dubbo vulnerable to remote code execution via Telnet Handler | |||
| CVE-2021-37533 | unknown | — | — | 4y ago | Apache Commons Net vulnerable to information leakage via malicious server | |||
| CVE-2021-42010 | unknown | — | — | 4y ago | Heron allows CRLF log injection | |||
| CVE-2021-43980 | unknown | — | — | 4y ago | The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in … | |||
| CVE-2021-43565 | unknown | — | — | 4y ago | The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server. | |||
| CVE-2021-3856 | unknown | — | — | 4y ago | Keycloak has Files or Directories Accessible to External Parties | |||
| CVE-2021-3644 | unknown | — | — | 4y ago | wildfly-core allows user with access to management interface to access vault expression, retrieve item from vault | |||
| CVE-2021-25642 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Apache Hadoop YARN | |||
| CVE-2021-42521 | unknown | — | — | 4y ago | There is a NULL pointer dereference vulnerability in VTK before 9.2.5, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', … | |||
| CVE-2021-3914 | unknown | — | — | 4y ago | SmallRye Health UI Cross-site Scripting vulnerability | |||
| CVE-2021-4040 | unknown | — | — | 4y ago | org.apache.activemq:artemis-core-client Vulnerable to Out-of-Bounds Write | |||
| CVE-2021-34538 | unknown | — | — | 4y ago | Apache Hive before 3.1.3 `CREATE` and `DROP` function operations do not check for necessary authorization. | |||
| CVE-2021-3859 | unknown | — | — | 4y ago | Undertow vulnerable to Denial of Service (DoS) attacks | |||
| CVE-2021-3690 | unknown | — | — | 4y ago | Undertow vulnerable to memory exhaustion due to buffer leak | |||
| CVE-2021-4178 | unknown | — | — | 4y ago | fabric8 kubernetes-client vulnerable | |||
| CVE-2021-44791 | unknown | — | — | 4y ago | Apache Druid before 0.23.0 vulnerable to reflected XSS via unescaped URL parameters |