CVEs from 2021
Total
4,791
critical
critical 281
high
high 1,022
medium
medium 1,179
low
low 138
% Critical
5.9%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- mbed_tls 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-32491 | medium | — | 5.5 | — | A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences. | |||
| CVE-2021-31615 | medium | — | 5.5 | — | multiple issues in linux | |||
| CVE-2021-30475 | medium | — | 5.5 | — | arbitrary code execution in aom | |||
| CVE-2021-20229 | medium | — | 5.5 | — | A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat … | |||
| CVE-2021-42373 | medium | — | 5.5 | — | A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given | |||
| CVE-2021-42377 | medium | — | 5.5 | — | An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& strin… | |||
| CVE-2021-42385 | medium | — | 5.5 | — | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function | |||
| CVE-2021-42383 | medium | — | 5.5 | — | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function | |||
| CVE-2021-22191 | medium | — | 5.5 | — | Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file. | |||
| CVE-2021-40529 | medium | — | 5.5 | — | The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dan… | |||
| CVE-2021-20274 | medium | — | 5.5 | — | A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves. | |||
| CVE-2021-32273 | medium | — | 5.5 | — | An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. It allows an attacker to cause Code Execution. | |||
| CVE-2021-3588 | medium | — | 5.5 | — | The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading. | |||
| CVE-2021-20307 | medium | — | 5.5 | — | Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values. | |||
| CVE-2021-21850 | medium | — | 5.5 | — | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an int… | |||
| CVE-2021-3578 | medium | — | 5.5 | — | A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated stru… | |||
| CVE-2021-31523 | medium | — | 5.5 | — | The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguabl… | |||
| CVE-2021-37746 | medium | — | 5.5 | — | textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click. | |||
| CVE-2021-30199 | medium | — | 5.5 | — | In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Dereference, when gf_filter_pck_get_data is called. The first arg pck may be null with a crafted mp4 file,which results in a crash. | |||
| CVE-2021-30473 | medium | — | 5.5 | — | multiple issues in aom | |||
| CVE-2021-40346 | medium | — | 5.5 | — | An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request H… | |||
| CVE-2021-33815 | medium | — | 5.5 | — | dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked. | |||
| CVE-2021-32277 | medium | — | 5.5 | — | An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_analysis_32 located in sbr_qmf.c. It allows an attacker to cause code Execution. | |||
| CVE-2021-42379 | medium | — | 5.5 | — | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function | |||
| CVE-2021-42326 | medium | — | 5.5 | — | Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter. | |||
| CVE-2021-34528 | medium | — | 5.5 | — | multiple issues in code | |||
| CVE-2021-35058 | medium | — | 5.5 | — | multiple issues in hyperkitty | |||
| CVE-2021-22258 | medium | — | 5.5 | — | multiple issues in gitlab | |||
| CVE-2021-37595 | medium | — | 5.5 | — | In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_RANGE File Contents Request PDU. | |||
| CVE-2021-36081 | medium | — | 5.5 | — | Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-free during a strpbrk call. | |||
| CVE-2021-22186 | medium | — | 5.5 | — | multiple issues in gitlab | |||
| CVE-2021-30027 | medium | — | 5.5 | — | md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger use of uninitialized memory, and cause a denial of service via a malformed Markdown document. | |||
| CVE-2021-28899 | medium | — | 5.5 | — | multiple issues in live-media | |||
| CVE-2021-30152 | medium | — | 5.5 | — | An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level th… | |||
| CVE-2021-32492 | medium | — | 5.5 | — | A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences. | |||
| CVE-2021-32132 | medium | — | 5.5 | — | The abst_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |||
| CVE-2021-30184 | medium | — | 5.5 | — | GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnlo… | |||
| CVE-2021-23957 | medium | — | 5.5 | — | Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffect… | |||
| CVE-2021-30580 | medium | — | 5.5 | — | Insufficient policy enforcement in Android intents in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious application to obtain potentially sensitive … | |||
| CVE-2021-21858 | medium | — | 5.5 | — | Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause… | |||
| CVE-2021-42384 | medium | — | 5.5 | — | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function | |||
| CVE-2021-47670 | medium | — | 5.5 | 10mo ago | In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix use after free bugs After calling peak_usb_netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the can_… | |||
| CVE-2021-47185 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc When running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm6… | |||
| CVE-2021-43612 | medium | — | 5.5 | 2y ago | Moderate: lldpd security update | |||
| CVE-2021-47505 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfd_poll() and binder_poll() are special in that they use a waitque… | |||
| CVE-2021-47098 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations Commit b50aa49638c7 ("hwmon: (lm90) Prevent integer u… | |||
| CVE-2021-47429 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix unrecoverable MCE calling async handler from NMI The machine check handler is not considered NMI on 64s. The ear… | |||
| CVE-2021-47454 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/smp: do not decrement idle task preempt count in CPU offline With PREEMPT_COUNT=y, when a CPU is offlined and then online… | |||
| CVE-2021-47457 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible() Using wait_event_interruptible() to wait for complet… | |||
| CVE-2021-47428 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: fix program check interrupt emergency stack path Emergency stack path was jumping into a 3: label inside the __GEN_C… | |||
| CVE-2021-47383 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2021-47385 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2021-47459 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2021-47400 | medium | — | 5.5 | 2y ago | Moderate: kernel security and bug fix update | |||
| CVE-2021-41092 | medium | — | 5.5 | 2y ago | Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configur… | |||
| CVE-2021-41089 | medium | — | 5.5 | 2y ago | Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted… | |||
| CVE-2021-47013 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send In emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..). If… | |||
| CVE-2021-47055 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mtd: require write permissions for locking and badblock ioctls MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus requir… | |||
| CVE-2021-47118 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: pid: take a reference when initializing `cad_pid` During boot, kernel_init_freeable() initializes `cad_pid` to the init task's st… | |||
| CVE-2021-46934 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: i2c: validate user data in compat ioctl Wrong user data may cause warning in i2c_transfer(), ex: zero msgs. Userspace should not … | |||
| CVE-2021-47153 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Don't generate an interrupt on bus reset Now that the i2c-i801 driver supports interrupts, setting the KILL bit in a a… | |||
| CVE-2021-47171 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: usb: fix memory leak in smsc75xx_bind Syzbot reported memory leak in smsc75xx_bind(). The problem was is non-freed memory in… | |||
| CVE-2021-3753 | medium | — | 5.5 | 2y ago | A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_i… | |||
| CVE-2021-4204 | medium | — | 5.5 | 2y ago | An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or l… | |||
| CVE-2021-47316 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: nfsd: fix NULL dereference in nfs3svc_encode_getaclres In error cases the dentry may be NULL. Before 20798dfe249a, the encoder a… | |||
| CVE-2021-41244 | medium | — | 5.5 | 2y ago | access restriction bypass in grafana | |||
| CVE-2021-29390 | medium | — | 5.5 | 2y ago | Moderate: libjpeg-turbo security update | |||
| CVE-2021-41043 | medium | — | 5.5 | 2y ago | RHSA-2024:0769: tcpdump security update (Moderate) | |||
| CVE-2021-41072 | medium | — | 5.5 | 2y ago | Moderate: squashfs-tools security update | |||
| CVE-2021-40153 | medium | — | 5.5 | 2y ago | Moderate: squashfs-tools security update | |||
| CVE-2021-3382 | medium | — | 5.5 | 2y ago | Buffer Overflow in gitea in code.gitea.io/gitea | |||
| CVE-2021-47188 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Improve SCSI abort handling The following has been observed on a test setup: WARNING: CPU: 4 PID: 250 at driver… | |||
| CVE-2021-47002 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix null pointer dereference in svc_rqst_free() When alloc_pages_node() returns null in svc_rqst_alloc(), the null rq_scr… | |||
| CVE-2021-41091 | medium | — | 5.5 | 2y ago | Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirec… | |||
| CVE-2021-21334 | medium | — | 5.5 | 2y ago | containerd environment variable leak | |||
| CVE-2021-3282 | medium | — | 5.5 | 2y ago | Improper Authentication in HashiCorp Vault in github.com/hashicorp/vault | |||
| CVE-2021-21285 | medium | — | 5.5 | 2y ago | In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain… | |||
| CVE-2021-21284 | medium | — | 5.5 | 2y ago | In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns… | |||
| CVE-2021-35937 | medium | — | 5.5 | 2y ago | Moderate: rpm security update | |||
| CVE-2021-35938 | medium | — | 5.5 | 2y ago | Moderate: rpm security update | |||
| CVE-2021-35939 | medium | — | 5.5 | 2y ago | Moderate: rpm security update | |||
| CVE-2021-43784 | medium | — | 5.5 | 3y ago | Moderate: runc security update | |||
| CVE-2021-3468 | medium | — | 5.5 | 3y ago | Moderate: avahi security update | |||
| CVE-2021-3502 | medium | — | 5.5 | 3y ago | Moderate: avahi security update | |||
| CVE-2021-32142 | medium | — | 5.5 | 3y ago | RHSA-2024:2994: LibRaw security update (Moderate) | |||
| CVE-2021-3782 | medium | — | 5.5 | 3y ago | RHSA-2023:2786: wayland security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-33643 | medium | — | 5.5 | 3y ago | RHSA-2023:2898: libtar security update (Moderate) | |||
| CVE-2021-33644 | medium | — | 5.5 | 3y ago | RHSA-2023:2898: libtar security update (Moderate) | |||
| CVE-2021-33646 | medium | — | 5.5 | 3y ago | RHSA-2023:2898: libtar security update (Moderate) | |||
| CVE-2021-33645 | medium | — | 5.5 | 3y ago | RHSA-2023:2898: libtar security update (Moderate) | |||
| CVE-2021-46790 | medium | — | 5.5 | 3y ago | RHSA-2023:2757: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-46829 | medium | — | 5.5 | 3y ago | Moderate: gdk-pixbuf2 security update | |||
| CVE-2021-44648 | medium | — | 5.5 | 3y ago | Moderate: gdk-pixbuf2 security update | |||
| CVE-2021-46822 | medium | — | 5.5 | 3y ago | Moderate: libjpeg-turbo security update | |||
| CVE-2021-43519 | medium | — | 5.5 | 3y ago | Moderate: lua security update | |||
| CVE-2021-44964 | medium | — | 5.5 | 3y ago | Moderate: lua security update | |||
| CVE-2021-46848 | medium | — | 5.5 | 3y ago | RHSA-2023:0116: libtasn1 security update (Moderate) | |||
| CVE-2021-44906 | medium | — | 5.5 | 3y ago | RHSA-2023:0050: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-33621 | medium | — | 5.5 | 4y ago | RHSA-2024:3500: ruby:3.0 security update (Moderate) | |||
| CVE-2021-3640 | medium | — | 5.5 | 4y ago | Moderate: kernel security, bug fix, and enhancement update |