CVEs from 2021
Total
4,786
critical
critical 281
high
high 1,022
medium
medium 1,179
low
low 138
% Critical
5.9%
% with KEV
4.5%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- mbed_tls 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-47078 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Clear all QP fields if creation failed rxe_qp_do_cleanup() relies on valid pointer values in QP for the properly create… | |||
| CVE-2021-46976 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix crash in auto_retire The retire logic uses the 2 lower bits of the pointer to the retire function to store flags. H… | |||
| CVE-2021-36046 | unknown | — | — | — | XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is re… | |||
| CVE-2021-46040 | unknown | — | — | — | A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finplace_shift_moov_meta_offsets function, which causes a Denial of Servie (context-dependent). | |||
| CVE-2021-46045 | unknown | — | — | — | GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial of service (context-dependent). | |||
| CVE-2021-45764 | unknown | — | — | — | GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function shift_chunk_offsets.isra(). | |||
| CVE-2021-45831 | unknown | — | — | — | A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Box via __strlen_avx2, which causes a Denial of Service. | |||
| CVE-2021-44512 | unknown | — | — | — | World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local attacker to compromise the integrity of session handling, or obtain the read-write session ID f… | |||
| CVE-2021-46242 | unknown | — | — | — | HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry. | |||
| CVE-2021-33459 | unknown | — | — | — | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasm_parser_directive() in modules/parsers/nasm/nasm-parse.c. | |||
| CVE-2021-21309 | unknown | — | — | — | Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap an… | |||
| CVE-2021-32280 | unknown | — | — | — | An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service… | |||
| CVE-2021-31323 | unknown | — | — | — | Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the LottieParserImpl::parseDashProperty function of their custom fork of the rlott… | |||
| CVE-2021-31318 | unknown | — | — | — | Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the LOTCompLayerItem::LOTCompLayerItem function of their custom fork of the rlottie libr… | |||
| CVE-2021-31319 | unknown | — | — | — | Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by an Integer Overflow in the LOTGradient::populate function of their custom fork of the rlottie library. A rem… | |||
| CVE-2021-39203 | unknown | — | — | — | WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view pr… | |||
| CVE-2021-41036 | unknown | — | — | — | In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client does not check rem_len size in readpacket. | |||
| CVE-2021-26713 | unknown | — | — | — | A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated Web… | |||
| CVE-2021-47220 | unknown | — | — | — | ||||
| CVE-2021-38597 | unknown | — | — | — | wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension. | |||
| CVE-2021-27017 | unknown | — | — | — | Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. This is resolved in the Puppet Agent 7.4.0 release. | |||
| CVE-2021-0066 | unknown | — | — | — | ||||
| CVE-2021-44907 | unknown | — | — | — | ||||
| CVE-2021-0176 | unknown | — | — | — | ||||
| CVE-2021-45955 | unknown | — | — | — | ||||
| CVE-2021-46766 | unknown | — | — | — | ||||
| CVE-2021-28026 | unknown | — | — | — | jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff_order.cc ReadPermutation. When decoding a malicous jxl file using djxl, an attacker can trigger arbitrary code execution or a de… | |||
| CVE-2021-47085 | unknown | — | — | — | ||||
| CVE-2021-36409 | unknown | — | — | — | There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the appli… | |||
| CVE-2021-29662 | unknown | — | — | — | The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypa… | |||
| CVE-2021-47246 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix page reclaim for dead peer hairpin When adding a hairpin flow, a firmware-side send queue is created for the peer … | |||
| CVE-2021-47275 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bcache: avoid oversized read request in cache missing code path In the cache missing code path of cached device, if a proper loca… | |||
| CVE-2021-45926 | unknown | — | — | — | ||||
| CVE-2021-47487 | unknown | — | — | — | ||||
| CVE-2021-3882 | unknown | — | — | — | LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypt… | |||
| CVE-2021-0174 | unknown | — | — | — | ||||
| CVE-2021-40648 | unknown | — | — | — | In man2html 1.6g, a filename can be created to overwrite the previous size parameter of the next chunk and the fd, bk, fd_nextsize, bk_nextsize of the current chunk. The next chunk is then freed late… | |||
| CVE-2021-4186 | unknown | — | — | — | Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file | |||
| CVE-2021-40818 | unknown | — | — | — | scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer overflow during FIDO2 signature validation in webauthn registration. | |||
| CVE-2021-33465 | unknown | — | — | — | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmacro() in modules/preprocs/nasm/nasm-pp.c. | |||
| CVE-2021-33468 | unknown | — | — | — | An issue was discovered in yasm version 1.3.0. There is a use-after-free in error() in modules/preprocs/nasm/nasm-pp.c. | |||
| CVE-2021-0384 | unknown | — | — | — | ||||
| CVE-2021-26222 | unknown | — | — | — | The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. | |||
| CVE-2021-45102 | unknown | — | — | — | An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before 9.1.2. When authenticating to an HTCondor daemon using a SciToken, a user may be granted authorizations beyond what the token s… | |||
| CVE-2021-26528 | unknown | — | — | — | The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool. | |||
| CVE-2021-27020 | unknown | — | — | — | Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export. | |||
| CVE-2021-45103 | unknown | — | — | — | An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker can access files stored in S3 cloud storage that a user has asked HTCondor to transfer. | |||
| CVE-2021-25312 | unknown | — | — | — | HTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a flaw in the IDTOKENS authentication method. | |||
| CVE-2021-45957 | unknown | — | — | — | ||||
| CVE-2021-46088 | unknown | — | — | — | ||||
| CVE-2021-28692 | unknown | — | — | — | inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. In the current implementation in Xen, a… | |||
| CVE-2021-28690 | unknown | — | — | — | x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for detai… | |||
| CVE-2021-28699 | unknown | — | — | — | inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a resu… | |||
| CVE-2021-26342 | unknown | — | — | — | ||||
| CVE-2021-28698 | unknown | — | — | — | long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In th… | |||
| CVE-2021-28700 | unknown | — | — | — | xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not se… | |||
| CVE-2021-45256 | unknown | — | — | — | A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c. | |||
| CVE-2021-28706 | unknown | — | — | — | guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrat… | |||
| CVE-2021-26959 | unknown | — | — | — | ||||
| CVE-2021-46671 | unknown | — | — | — | options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client. | |||
| CVE-2021-42390 | unknown | — | — | — | Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0. | |||
| CVE-2021-45908 | unknown | — | — | — | An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a while loop. An attacker has little influence over the data written to the stack, making it unlikely that th… | |||
| CVE-2021-38577 | unknown | — | — | — | ||||
| CVE-2021-44921 | unknown | — | — | — | A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_isom_parse_movie_boxes_internal function, which causes a segmentation fault and application crash. | |||
| CVE-2021-45767 | unknown | — | — | — | GPAC 1.1.0 was discovered to contain an invalid memory address dereference via the function lsr_read_id(). This vulnerability can lead to a Denial of Service (DoS). | |||
| CVE-2021-28543 | unknown | — | — | — | Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations. This does not affect organizations that only install the Varnish Ca… | |||
| CVE-2021-34401 | unknown | — | — | — | ||||
| CVE-2021-33454 | unknown | — | — | — | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr_get_intnum() in libyasm/expr.c. | |||
| CVE-2021-33460 | unknown | — | — | — | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in if_condition() in modules/preprocs/nasm/nasm-pp.c. | |||
| CVE-2021-45847 | unknown | — | — | — | Several missing input validations in the 3MF parser component of Slic3r libslic3r 1.3.0 can each allow an attacker to cause an application crash using a crafted 3MF input file. | |||
| CVE-2021-40564 | unknown | — | — | — | A Segmentation fault caused by null pointer dereference vulnerability eists in Gpac through 1.0.2 via the avc_parse_slice function in av_parsers.c when using mp4box, which causes a denial of service. | |||
| CVE-2021-44492 | unknown | — | — | — | An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, attackers can cause a type to be incorrectly initialized in the function f_incr in sr… | |||
| CVE-2021-44922 | unknown | — | — | — | A null pointer dereference vulnerability exists in gpac 1.1.0 in the BD_CheckSFTimeOffset function, which causes a segmentation fault and application crash. | |||
| CVE-2021-42531 | unknown | — | — | — | XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploita… | |||
| CVE-2021-40394 | unknown | — | — | — | An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). … | |||
| CVE-2021-45291 | unknown | — | — | — | The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command. | |||
| CVE-2021-34431 | unknown | — | — | — | In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to p… | |||
| CVE-2021-38441 | unknown | — | — | — | Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser. | |||
| CVE-2021-41039 | unknown | — | — | — | In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and poss… | |||
| CVE-2021-23176 | unknown | — | — | — | Improper access control in reporting engine of l10n_fr_fec module in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to extract accounting infor… | |||
| CVE-2021-40401 | unknown | — | — | — | A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file ca… | |||
| CVE-2021-45288 | unknown | — | — | — | A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which could cause a Denail of Service via a crafted file in the MP4Box command. | |||
| CVE-2021-40400 | unknown | — | — | — | An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a). A … | |||
| CVE-2021-32056 | unknown | — | — | — | Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall. | |||
| CVE-2021-36978 | unknown | — | — | — | QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fail… | |||
| CVE-2021-41689 | unknown | — | — | — | DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur… | |||
| CVE-2021-43533 | unknown | — | — | — | When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishin… | |||
| CVE-2021-44858 | unknown | — | — | — | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=edit&undo= followed by action=mcrundo and action=mcrrestore to view pr… | |||
| CVE-2021-33367 | unknown | — | — | — | Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file. | |||
| CVE-2021-43304 | unknown | — | — | — | Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitra… | |||
| CVE-2021-42949 | unknown | — | — | — | The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks. | |||
| CVE-2021-47574 | unknown | — | — | — | ||||
| CVE-2021-33455 | unknown | — | — | — | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in do_directive() in modules/preprocs/nasm/nasm-pp.c. | |||
| CVE-2021-36057 | unknown | — | — | — | XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-what-where condition vulnerability caused during the application's memory allocation process. This may cause the memory management … | |||
| CVE-2021-27345 | unknown | — | — | — | A null pointer dereference was discovered in ucompthread in stream.c in Irzip 0.631 which allows attackers to cause a denial of service (DOS) via a crafted compressed file. | |||
| CVE-2021-42387 | unknown | — | — | — | Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from … | |||
| CVE-2021-31239 | unknown | — | — | — | An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function. | |||
| CVE-2021-39361 | unknown | — | — | — | In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: t… | |||
| CVE-2021-38562 | unknown | — | — | — | Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm. | |||
| CVE-2021-32686 | unknown | — | — | — | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1… |