CVEs from 2021
Total
4,786
critical
critical 281
high
high 1,022
medium
medium 1,179
low
low 138
% Critical
5.9%
% with KEV
4.5%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- mbed_tls 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-47464 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: audit: fix possible null-pointer dereference in audit_filter_rules Fix possible null-pointer dereference in audit_filter_rules. … | |||
| CVE-2021-47513 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering Avoid a memory leak if there is not a CPU port defined. Addresses… | |||
| CVE-2021-47514 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: devlink: fix netns refcount leak in devlink_nl_cmd_reload() While preparing my patch series adding netns refcount tracking, I spo… | |||
| CVE-2021-45387 | unknown | — | — | — | tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c. | |||
| CVE-2021-47516 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nfp: Fix memory leak in nfp_cpp_area_cache_add() In line 800 (#1), nfp_cpp_area_alloc() allocates and initializes a CPP area stru… | |||
| CVE-2021-47521 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: can: sja1000: fix use after free in ems_pcmcia_add_card() If the last channel is not available then "dev" is freed. Fortunately,… | |||
| CVE-2021-47522 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: HID: bigbenff: prevent null pointer dereference When emulating the device through uhid, there is a chance we don't have output re… | |||
| CVE-2021-28927 | unknown | — | — | — | The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers … | |||
| CVE-2021-47517 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ethtool: do not perform operations on net devices being unregistered There is a short period between a net device starts to be un… | |||
| CVE-2021-47520 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: can: pch_can: pch_can_rx_normal: fix use after free After calling netif_receive_skb(skb), dereferencing skb is unsafe. Especially… | |||
| CVE-2021-47524 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: serial: liteuart: fix minor-number leak on probe errors Make sure to release the allocated minor number before returning on probe… | |||
| CVE-2021-47525 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: serial: liteuart: fix use-after-free and memleak on unbind Deregister the port when unbinding the driver to prevent it from being… | |||
| CVE-2021-47528 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: usb: cdnsp: Fix a NULL pointer dereference in cdnsp_endpoint_init() In cdnsp_endpoint_init(), cdnsp_ring_alloc() is assigned to p… | |||
| CVE-2021-47529 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: iwlwifi: Fix memory leaks in error handling path Should an error occur (invalid TLV len or memory allocation failure), the memory… | |||
| CVE-2021-47535 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Allocate enough space for GMU registers In commit 142639a52a01 ("drm/msm/a6xx: fix crashstate capture for A650") we… | |||
| CVE-2021-46022 | unknown | — | — | — | An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. | |||
| CVE-2021-47637 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix deadlock in concurrent rename whiteout and inode writeback Following hung tasks: [ 77.028764] task:kworker/u8:4 s… | |||
| CVE-2021-47640 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: powerpc/kasan: Fix early region not updated correctly The shadow's page table is not updated when PTE_RPN_SHIFT is 24 and PAGE_SH… | |||
| CVE-2021-47645 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com On the case tmp_dcim=1, the index of buff… | |||
| CVE-2021-46021 | unknown | — | — | — | An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. | |||
| CVE-2021-47648 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix a memory leak in 'host1x_remove()' Add a missing 'host1x_channel_list_free()' call in the remove function, as al… | |||
| CVE-2021-47651 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: soc: qcom: rpmpd: Check for null return of devm_kcalloc Because of the possible failure of the allocation, data->domains might be… | |||
| CVE-2021-47655 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: venus: vdec: fixed possible memory leak issue The venus_helper_alloc_dpb_bufs() implementation allows an early return on a… | |||
| CVE-2021-47652 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() I got a null-ptr-deref report: BUG: kernel NULL pointer dereference… | |||
| CVE-2021-47653 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: davinci: vpif: fix use-after-free on driver unbind The driver allocates and registers two platform device structures durin… | |||
| CVE-2021-47654 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: samples/landlock: Fix path_list memory leak Clang static analysis reports this error sandboxer.c:134:8: warning: Potential leak … | |||
| CVE-2021-47656 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: jffs2: fix use-after-free in jffs2_clear_xattr_subsystem When we mount a jffs2 image, assume that the first few blocks of the ima… | |||
| CVE-2021-27211 | unknown | — | — | — | steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect hidden data. | |||
| CVE-2021-32642 | unknown | — | — | — | radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. Missing input validation in radsecproxy's `naptr-eduroam.sh` and `radsec-dynsrv.sh` scripts can lead t… | |||
| CVE-2021-32435 | unknown | — | — | — | Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. | |||
| CVE-2021-47084 | unknown | — | — | — | ||||
| CVE-2021-44537 | unknown | — | — | — | ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution. | |||
| CVE-2021-28147 | unknown | — | — | — | ||||
| CVE-2021-2312 | unknown | — | — | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high p… | |||
| CVE-2021-28709 | unknown | — | — | — | issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH gu… | |||
| CVE-2021-0066 | unknown | — | — | — | ||||
| CVE-2021-44907 | unknown | — | — | — | ||||
| CVE-2021-46053 | unknown | — | — | — | A Denial of Service vulnerability exists in Binaryen 103. The program terminates with signal SIGKILL. | |||
| CVE-2021-46052 | unknown | — | — | — | A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate. | |||
| CVE-2021-4020 | unknown | — | — | — | janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||
| CVE-2021-46050 | unknown | — | — | — | A Stack Overflow vulnerability exists in Binaryen 103 via the printf_common function. | |||
| CVE-2021-44508 | unknown | — | — | — | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of NULL checks in calls to ious_open in sr_unix/ious_open.c allows attackers to crash the application b… | |||
| CVE-2021-45955 | unknown | — | — | — | ||||
| CVE-2021-46766 | unknown | — | — | — | ||||
| CVE-2021-40403 | unknown | — | — | — | An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-plac… | |||
| CVE-2021-24116 | unknown | — | — | — | In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel a… | |||
| CVE-2021-45762 | unknown | — | — | — | GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_sg_vrml_mf_reset(). This vulnerability allows attackers to cause a Denial of Service (DoS). | |||
| CVE-2021-47469 | unknown | — | — | — | ||||
| CVE-2021-40402 | unknown | — | — | — | An out-of-bounds read vulnerability exists in the RS-274X aperture macro multiple outline primitives functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.7.1 and 2.8.0. A specia… | |||
| CVE-2021-40400 | unknown | — | — | — | An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a). A … | |||
| CVE-2021-45288 | unknown | — | — | — | A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which could cause a Denail of Service via a crafted file in the MP4Box command. | |||
| CVE-2021-40401 | unknown | — | — | — | A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file ca… | |||
| CVE-2021-46981 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nbd: Fix NULL pointer in flush_workqueue Open /dev/nbdX first, the config_refs will be 1 and the pointers in nbd_device are still… | |||
| CVE-2021-23176 | unknown | — | — | — | Improper access control in reporting engine of l10n_fr_fec module in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to extract accounting infor… | |||
| CVE-2021-41039 | unknown | — | — | — | In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and poss… | |||
| CVE-2021-40391 | unknown | — | — | — | An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-… | |||
| CVE-2021-39535 | unknown | — | — | — | An issue was discovered in libxsmm through v1.16.1-93. A NULL pointer dereference exists in JIT code. It allows an attacker to cause Denial of Service. | |||
| CVE-2021-42531 | unknown | — | — | — | XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploita… | |||
| CVE-2021-41459 | unknown | — | — | — | There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008 in the nhmldmx_send_sample() function szXmlFrom parameter which leads to a denial of service vulnerability. | |||
| CVE-2021-40606 | unknown | — | — | — | The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. | |||
| CVE-2021-28026 | unknown | — | — | — | jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff_order.cc ReadPermutation. When decoding a malicous jxl file using djxl, an attacker can trigger arbitrary code execution or a de… | |||
| CVE-2021-40592 | unknown | — | — | — | GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, is… | |||
| CVE-2021-40575 | unknown | — | — | — | The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the mpgviddmx_process function in reframe_mpgvid.c, which allows attackers to cause a denial of service. This vulnerabi… | |||
| CVE-2021-47085 | unknown | — | — | — | ||||
| CVE-2021-3731 | unknown | — | — | — | LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions. | |||
| CVE-2021-44492 | unknown | — | — | — | An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, attackers can cause a type to be incorrectly initialized in the function f_incr in sr… | |||
| CVE-2021-47169 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' In 'rp2_probe', the driver registers 'rp2_uart_interrupt… | |||
| CVE-2021-40571 | unknown | — | — | — | The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box_code_apple.c, which allows attackers to cause a denial of service, even code execution and escalat… | |||
| CVE-2021-46705 | unknown | — | — | — | A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Lin… | |||
| CVE-2021-40564 | unknown | — | — | — | A Segmentation fault caused by null pointer dereference vulnerability eists in Gpac through 1.0.2 via the avc_parse_slice function in av_parsers.c when using mp4box, which causes a denial of service. | |||
| CVE-2021-45847 | unknown | — | — | — | Several missing input validations in the 3MF parser component of Slic3r libslic3r 1.3.0 can each allow an attacker to cause an application crash using a crafted 3MF input file. | |||
| CVE-2021-33460 | unknown | — | — | — | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in if_condition() in modules/preprocs/nasm/nasm-pp.c. | |||
| CVE-2021-33454 | unknown | — | — | — | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr_get_intnum() in libyasm/expr.c. | |||
| CVE-2021-45767 | unknown | — | — | — | GPAC 1.1.0 was discovered to contain an invalid memory address dereference via the function lsr_read_id(). This vulnerability can lead to a Denial of Service (DoS). | |||
| CVE-2021-44921 | unknown | — | — | — | A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_isom_parse_movie_boxes_internal function, which causes a segmentation fault and application crash. | |||
| CVE-2021-47175 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/sched: fq_pie: fix OOB access in the traffic path the following script: # tc qdisc add dev eth0 handle 0x1 root fq_pie flo… | |||
| CVE-2021-47865 | unknown | — | — | — | ||||
| CVE-2021-35452 | unknown | — | — | — | An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc. | |||
| CVE-2021-36409 | unknown | — | — | — | There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the appli… | |||
| CVE-2021-41456 | unknown | — | — | — | There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo parameter which leads to a denial of service vulnerability. | |||
| CVE-2021-40944 | unknown | — | — | — | In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of ser… | |||
| CVE-2021-3420 | unknown | — | — | — | A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an intege… | |||
| CVE-2021-3941 | unknown | — | — | — | In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` b… | |||
| CVE-2021-38577 | unknown | — | — | — | ||||
| CVE-2021-33912 | unknown | — | — | — | libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with… | |||
| CVE-2021-35618 | unknown | — | — | — | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high pri… | |||
| CVE-2021-33155 | unknown | — | — | — | ||||
| CVE-2021-45949 | unknown | — | — | — | Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp). | |||
| CVE-2021-4216 | unknown | — | — | — | A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream. | |||
| CVE-2021-0173 | unknown | — | — | — | ||||
| CVE-2021-0170 | unknown | — | — | — | ||||
| CVE-2021-0168 | unknown | — | — | — | ||||
| CVE-2021-0161 | unknown | — | — | — | ||||
| CVE-2021-26528 | unknown | — | — | — | The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool. | |||
| CVE-2021-35196 | unknown | — | — | — | Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load() funct… | |||
| CVE-2021-47090 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mm/hwpoison: clear MF_COUNT_INCREASED before retrying get_any_page() Hulk Robot reported a panic in put_page_testzero() when test… | |||
| CVE-2021-47091 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mac80211: fix locking in ieee80211_start_ap error path We need to hold the local->mtx to release the channel context, as even enc… | |||
| CVE-2021-21443 | unknown | — | — | — | Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OT… | |||
| CVE-2021-21439 | unknown | — | — | — | DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a hal… | |||
| CVE-2021-21440 | unknown | — | — | — | Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS … |