CVEs from 2021
Total
4,788
critical
critical 281
high
high 1,022
medium
medium 1,179
low
low 138
% Critical
5.9%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- mbed_tls 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-3652 | low | — | 2.5 | 5y ago | RHSA-2021:3079: 389-ds:1.4 security and bug fix update (Low) | |||
| CVE-2021-29063 | low | — | 2.5 | 5y ago | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 when the mpmathify function is called. | |||
| CVE-2021-32813 | low | — | 2.5 | 5y ago | Header dropping in traefik in github.com/traefik/traefik | |||
| CVE-2021-36374 | low | — | 2.5 | 5y ago | Improper Handling of Length Parameter Inconsistency in Apache Ant | |||
| CVE-2021-36373 | low | — | 2.5 | 5y ago | Improper Handling of Length Parameter Inconsistency in Apache Ant | |||
| CVE-2021-21303 | low | — | 2.5 | 5y ago | insufficient validation in helm | |||
| CVE-2021-29957 | low | — | 2.5 | 5y ago | multiple issues in thunderbird | |||
| CVE-2021-29956 | low | — | 2.5 | 5y ago | multiple issues in thunderbird | |||
| CVE-2021-31542 | low | — | 2.5 | 5y ago | In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names. | |||
| CVE-2021-26813 | low | — | 2.5 | 5y ago | markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or de… | |||
| CVE-2021-20201 | low | — | 2.5 | 5y ago | RHSA-2021:1924: spice security update (Low) | |||
| CVE-2021-23240 | low | — | 2.5 | 5y ago | selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary … | |||
| CVE-2021-23239 | low | — | 2.5 | 5y ago | The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled… | |||
| CVE-2021-32618 | low | — | 2.5 | 5y ago | The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is an independently maintained version of Flask-Security based on the 3.0.0 version of… | |||
| CVE-2021-27919 | low | — | 2.5 | 5y ago | archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any fi… | |||
| CVE-2021-28658 | low | — | 2.5 | 5y ago | In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were no… | |||
| CVE-2021-3281 | low | — | 2.5 | 5y ago | In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal … | |||
| CVE-2021-21330 | low | — | 2.5 | 5y ago | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based… | |||
| CVE-2021-21236 | low | — | 2.5 | 6y ago | CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression denial of service (REDoS) vulnerability. When process… |