CVEs from 2021
Total
4,792
critical
critical 280
high
high 1,018
medium
medium 1,176
low
low 138
% Critical
5.8%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- communications_unified_inventory_management 7
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-46663 | medium | — | 5.5 | 4y ago | RHSA-2022:6443: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2021-46659 | medium | — | 5.5 | 4y ago | RHSA-2022:6443: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2021-46668 | medium | — | 5.5 | 4y ago | RHSA-2022:6443: mariadb:10.3 security and bug fix update (Moderate) | |||
| CVE-2021-4206 | medium | — | 5.5 | 4y ago | A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-base… | |||
| CVE-2021-4207 | medium | — | 5.5 | 4y ago | A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor… | |||
| CVE-2021-41041 | medium | — | 5.5 | 4y ago | RHSA-2022:5837: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2021-42343 | medium | — | 5.5 | 4y ago | An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults… | |||
| CVE-2021-40528 | medium | — | 5.5 | 4y ago | RHSA-2022:5311: libgcrypt security update (Moderate) | |||
| CVE-2021-38297 | medium | — | 5.5 | 4y ago | RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2021-41800 | medium | — | 5.5 | 4y ago | MediaWiki allows a denial of service | |||
| CVE-2021-21682 | medium | — | 5.5 | 4y ago | Improper handling of equivalent directory names on Windows in Jenkins | |||
| CVE-2021-21683 | medium | — | 5.5 | 4y ago | Path traversal vulnerability on Windows in Jenkins | |||
| CVE-2021-40347 | medium | — | 5.5 | 4y ago | An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker (logged into any account) can send a crafted POST request to unsubscribe any user from a mailing list, also… | |||
| CVE-2021-31525 | medium | — | 5.5 | 4y ago | net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client ca… | |||
| CVE-2021-30458 | medium | — | 5.5 | 4y ago | Wikimedia Parsoid vulnerable to Cross-site Scripting (XSS) | |||
| CVE-2021-21640 | medium | — | 5.5 | 4y ago | View name validation bypass in Jenkins | |||
| CVE-2021-21639 | medium | — | 5.5 | 4y ago | Lack of type validation in agent related REST API in Jenkins | |||
| CVE-2021-21615 | medium | — | 5.5 | 4y ago | Time-of-check Time-of-use (TOCTOU) Race Condition in Jenkins | |||
| CVE-2021-3517 | medium | — | 5.5 | 4y ago | RHSA-2021:2569: libxml2 security update (Moderate) | |||
| CVE-2021-3518 | medium | — | 5.5 | 4y ago | RHSA-2021:2569: libxml2 security update (Moderate) | |||
| CVE-2021-3537 | medium | — | 5.5 | 4y ago | RHSA-2021:2569: libxml2 security update (Moderate) | |||
| CVE-2021-39293 | medium | — | 5.5 | 4y ago | RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2021-46143 | medium | — | 5.5 | 4y ago | RHSA-2022:7692: xmlrpc-c security update (Moderate) | |||
| CVE-2021-3672 | medium | — | 5.5 | 4y ago | RHSA-2022:2043: c-ares security update (Moderate) | |||
| CVE-2021-4189 | medium | — | 5.5 | 4y ago | A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. … | |||
| CVE-2021-3737 | medium | — | 5.5 | 4y ago | A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinit… | |||
| CVE-2021-33515 | medium | — | 5.5 | 4y ago | The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address. | |||
| CVE-2021-44224 | medium | — | 5.5 | 4y ago | A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can all… | |||
| CVE-2021-36160 | medium | — | 5.5 | 4y ago | A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). | |||
| CVE-2021-33193 | medium | — | 5.5 | 4y ago | A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.… | |||
| CVE-2021-4213 | medium | — | 5.5 | 4y ago | RHSA-2022:1851: pki-core:10.6 security and bug fix update (Moderate) | |||
| CVE-2021-38593 | medium | — | 5.5 | 4y ago | RHSA-2022:1796: qt5-qtbase security update (Moderate) | |||
| CVE-2021-43860 | medium | — | 5.5 | 4y ago | RHSA-2022:1792: flatpak security and bug fix update (Moderate) | |||
| CVE-2021-25635 | medium | — | 5.5 | 4y ago | An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature al… | |||
| CVE-2021-25633 | medium | — | 5.5 | 4y ago | LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature … | |||
| CVE-2021-25634 | medium | — | 5.5 | 4y ago | LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature … | |||
| CVE-2021-33289 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-33286 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-33287 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-35266 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-35268 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-35267 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-3975 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-35269 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-3716 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-3622 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-39256 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-39251 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-39252 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-39254 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-39257 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-39263 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-39258 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-39261 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-39253 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-33285 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-39262 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-39260 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-39259 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-20196 | medium | — | 5.5 | 4y ago | A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a blo… | |||
| CVE-2021-4145 | medium | — | 5.5 | 4y ago | A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's no… | |||
| CVE-2021-39255 | medium | — | 5.5 | 4y ago | RHSA-2022:1759: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-3748 | medium | — | 5.5 | 4y ago | A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the… | |||
| CVE-2021-38165 | medium | — | 5.5 | 4y ago | Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. | |||
| CVE-2021-45444 | medium | — | 5.5 | 4y ago | RHSA-2022:2120: zsh security update (Moderate) | |||
| CVE-2021-25219 | medium | — | 5.5 | 4y ago | RHSA-2022:2092: bind security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-3660 | medium | — | 5.5 | 4y ago | Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be use… | |||
| CVE-2021-3698 | medium | — | 5.5 | 4y ago | A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates t… | |||
| CVE-2021-38185 | medium | — | 5.5 | 4y ago | RHSA-2022:1991: cpio security update (Moderate) | |||
| CVE-2021-36386 | medium | — | 5.5 | 4y ago | RHSA-2022:1964: fetchmail security update (Moderate) | |||
| CVE-2021-39272 | medium | — | 5.5 | 4y ago | RHSA-2022:1964: fetchmail security update (Moderate) | |||
| CVE-2021-44225 | medium | — | 5.5 | 4y ago | RHSA-2022:1930: keepalived security and bug fix update (Moderate) | |||
| CVE-2021-45930 | medium | — | 5.5 | 4y ago | RHSA-2022:1920: qt5-qtsvg security update (Moderate) | |||
| CVE-2021-39191 | medium | — | 5.5 | 4y ago | RHSA-2022:1823: mod_auth_openidc:2.3 security update (Moderate) | |||
| CVE-2021-32792 | medium | — | 5.5 | 4y ago | RHSA-2022:1823: mod_auth_openidc:2.3 security update (Moderate) | |||
| CVE-2021-32786 | medium | — | 5.5 | 4y ago | RHSA-2022:1823: mod_auth_openidc:2.3 security update (Moderate) | |||
| CVE-2021-32791 | medium | — | 5.5 | 4y ago | RHSA-2022:1823: mod_auth_openidc:2.3 security update (Moderate) | |||
| CVE-2021-39358 | medium | — | 5.5 | 4y ago | RHSA-2022:1801: gfbgraph security update (Moderate) | |||
| CVE-2021-30954 | medium | — | 5.5 | 4y ago | A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously c… | |||
| CVE-2021-45481 | medium | — | 5.5 | 4y ago | In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different vulner… | |||
| CVE-2021-30951 | medium | — | 5.5 | 4y ago | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously… | |||
| CVE-2021-30936 | medium | — | 5.5 | 4y ago | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously… | |||
| CVE-2021-30934 | medium | — | 5.5 | 4y ago | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously … | |||
| CVE-2021-30889 | medium | — | 5.5 | 4y ago | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web… | |||
| CVE-2021-30890 | medium | — | 5.5 | 4y ago | A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content … | |||
| CVE-2021-30888 | medium | — | 5.5 | 4y ago | An information leakage issue was addressed. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1. A malicious website using Con… | |||
| CVE-2021-30851 | medium | — | 5.5 | 4y ago | A memory corruption vulnerability was addressed with improved locking. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead … | |||
| CVE-2021-30849 | medium | — | 5.5 | 4y ago | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for … | |||
| CVE-2021-30848 | medium | — | 5.5 | 4y ago | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, iOS 15 and iPadOS 15. Processing maliciously crafted web content may… | |||
| CVE-2021-30846 | medium | — | 5.5 | 4y ago | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously cra… | |||
| CVE-2021-30836 | medium | — | 5.5 | 4y ago | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted audio f… | |||
| CVE-2021-30823 | medium | — | 5.5 | 4y ago | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 14.8 and iPadOS 14.8, tvOS 15, Safari 15, watchOS 8. An attacker in a privileged network posi… | |||
| CVE-2021-30809 | medium | — | 5.5 | 4y ago | A use after free issue was addressed with improved memory management. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead t… | |||
| CVE-2021-30818 | medium | — | 5.5 | 4y ago | A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, Safari 15, watchOS 8. Processing maliciously crafted… | |||
| CVE-2021-30984 | medium | — | 5.5 | 4y ago | A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted … | |||
| CVE-2021-30953 | medium | — | 5.5 | 4y ago | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously cr… | |||
| CVE-2021-45482 | medium | — | 5.5 | 4y ago | In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::ContainerNode::firstChild, a different vulnerability than CVE-2021-30889. | |||
| CVE-2021-30887 | medium | — | 5.5 | 4y ago | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may … | |||
| CVE-2021-30897 | medium | — | 5.5 | 4y ago | RHSA-2022:1777: webkit2gtk3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-30884 | medium | — | 5.5 | 4y ago | The issue was resolved with additional restrictions on CSS compositing. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Visiting a maliciously crafted website may reveal a user's bro… |