CVEs from 2021
Total
4,791
critical
critical 281
high
high 1,022
medium
medium 1,179
low
low 138
% Critical
5.9%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- mbed_tls 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-24119 | medium | — | 5.5 | — | In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlle… | |||
| CVE-2021-29266 | medium | — | 5.5 | — | An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba… | |||
| CVE-2021-29647 | medium | — | 5.5 | — | An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized da… | |||
| CVE-2021-20273 | medium | — | 5.5 | — | A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off. | |||
| CVE-2021-32078 | medium | — | 5.5 | — | An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access… | |||
| CVE-2021-32606 | medium | — | 5.5 | — | In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN I… | |||
| CVE-2021-25321 | medium | — | 5.5 | — | A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 al… | |||
| CVE-2021-33624 | medium | — | 5.5 | — | In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory loca… | |||
| CVE-2021-3491 | medium | — | 5.5 | — | The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/<PID>/me… | |||
| CVE-2021-38166 | medium | — | 5.5 | — | In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impracti… | |||
| CVE-2021-3598 | medium | — | 5.5 | — | There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an ou… | |||
| CVE-2021-26937 | medium | — | 5.5 | — | encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 … | |||
| CVE-2021-36770 | medium | — | 5.5 | — | Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module … | |||
| CVE-2021-23191 | medium | — | 5.5 | — | A security issue was found in htmldoc v1.9.12 and before. A NULL pointer dereference in the function image_load_jpeg() in image.cxx may result in denial of service. | |||
| CVE-2021-43544 | medium | — | 5.5 | — | When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to X… | |||
| CVE-2021-36980 | medium | — | 5.5 | — | Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action. | |||
| CVE-2021-42381 | medium | — | 5.5 | — | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function | |||
| CVE-2021-21899 | medium | — | 5.5 | — | A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow… | |||
| CVE-2021-33896 | medium | — | 5.5 | — | Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path separators. | |||
| CVE-2021-21900 | medium | — | 5.5 | — | A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability.… | |||
| CVE-2021-37601 | medium | — | 5.5 | — | muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common co… | |||
| CVE-2021-3755 | medium | — | 5.5 | — | arbitrary command execution in rsync | |||
| CVE-2021-42377 | medium | — | 5.5 | — | An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& strin… | |||
| CVE-2021-42385 | medium | — | 5.5 | — | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function | |||
| CVE-2021-42383 | medium | — | 5.5 | — | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function | |||
| CVE-2021-20274 | medium | — | 5.5 | — | A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves. | |||
| CVE-2021-32276 | medium | — | 5.5 | — | An issue was discovered in faad2 through 2.10.0. A NULL pointer dereference exists in the function get_sample() located in output.c. It allows an attacker to cause Denial of Service. | |||
| CVE-2021-36773 | medium | — | 5.5 | — | uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recurs… | |||
| CVE-2021-41805 | medium | — | 5.5 | — | HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can … | |||
| CVE-2021-30004 | medium | — | 5.5 | — | In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. | |||
| CVE-2021-30500 | medium | — | 5.5 | — | Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted fi… | |||
| CVE-2021-32273 | medium | — | 5.5 | — | An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. It allows an attacker to cause Code Execution. | |||
| CVE-2021-3588 | medium | — | 5.5 | — | The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading. | |||
| CVE-2021-20307 | medium | — | 5.5 | — | Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values. | |||
| CVE-2021-30473 | medium | — | 5.5 | — | multiple issues in aom | |||
| CVE-2021-40346 | medium | — | 5.5 | — | An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request H… | |||
| CVE-2021-33815 | medium | — | 5.5 | — | dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked. | |||
| CVE-2021-33364 | medium | — | 5.5 | — | Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. | |||
| CVE-2021-31262 | medium | — | 5.5 | — | The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |||
| CVE-2021-21898 | medium | — | 5.5 | — | A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write.… | |||
| CVE-2021-33361 | medium | — | 5.5 | — | Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. | |||
| CVE-2021-47670 | medium | — | 5.5 | 10mo ago | In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix use after free bugs After calling peak_usb_netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the can_… | |||
| CVE-2021-47505 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfd_poll() and binder_poll() are special in that they use a waitque… | |||
| CVE-2021-47428 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: fix program check interrupt emergency stack path Emergency stack path was jumping into a 3: label inside the __GEN_C… | |||
| CVE-2021-47185 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc When running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm6… | |||
| CVE-2021-43612 | medium | — | 5.5 | 2y ago | Moderate: lldpd security update | |||
| CVE-2021-47454 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/smp: do not decrement idle task preempt count in CPU offline With PREEMPT_COUNT=y, when a CPU is offlined and then online… | |||
| CVE-2021-47098 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations Commit b50aa49638c7 ("hwmon: (lm90) Prevent integer u… | |||
| CVE-2021-47457 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible() Using wait_event_interruptible() to wait for complet… | |||
| CVE-2021-47429 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix unrecoverable MCE calling async handler from NMI The machine check handler is not considered NMI on 64s. The ear… | |||
| CVE-2021-47383 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2021-47385 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2021-47459 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2021-47400 | medium | — | 5.5 | 2y ago | Moderate: kernel security and bug fix update | |||
| CVE-2021-41092 | medium | — | 5.5 | 2y ago | Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configur… | |||
| CVE-2021-41089 | medium | — | 5.5 | 2y ago | Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted… | |||
| CVE-2021-47153 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Don't generate an interrupt on bus reset Now that the i2c-i801 driver supports interrupts, setting the KILL bit in a a… | |||
| CVE-2021-47013 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send In emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..). If… | |||
| CVE-2021-46934 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: i2c: validate user data in compat ioctl Wrong user data may cause warning in i2c_transfer(), ex: zero msgs. Userspace should not … | |||
| CVE-2021-47171 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: usb: fix memory leak in smsc75xx_bind Syzbot reported memory leak in smsc75xx_bind(). The problem was is non-freed memory in… | |||
| CVE-2021-47055 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mtd: require write permissions for locking and badblock ioctls MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus requir… | |||
| CVE-2021-47118 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: pid: take a reference when initializing `cad_pid` During boot, kernel_init_freeable() initializes `cad_pid` to the init task's st… | |||
| CVE-2021-4204 | medium | — | 5.5 | 2y ago | An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or l… | |||
| CVE-2021-3753 | medium | — | 5.5 | 2y ago | A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_i… | |||
| CVE-2021-47316 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: nfsd: fix NULL dereference in nfs3svc_encode_getaclres In error cases the dentry may be NULL. Before 20798dfe249a, the encoder a… | |||
| CVE-2021-41244 | medium | — | 5.5 | 2y ago | access restriction bypass in grafana | |||
| CVE-2021-41043 | medium | — | 5.5 | 2y ago | RHSA-2024:0769: tcpdump security update (Moderate) | |||
| CVE-2021-29390 | medium | — | 5.5 | 2y ago | Moderate: libjpeg-turbo security update | |||
| CVE-2021-41072 | medium | — | 5.5 | 2y ago | Moderate: squashfs-tools security update | |||
| CVE-2021-40153 | medium | — | 5.5 | 2y ago | Moderate: squashfs-tools security update | |||
| CVE-2021-3382 | medium | — | 5.5 | 2y ago | Buffer Overflow in gitea in code.gitea.io/gitea | |||
| CVE-2021-47188 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Improve SCSI abort handling The following has been observed on a test setup: WARNING: CPU: 4 PID: 250 at driver… | |||
| CVE-2021-47002 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix null pointer dereference in svc_rqst_free() When alloc_pages_node() returns null in svc_rqst_alloc(), the null rq_scr… | |||
| CVE-2021-41091 | medium | — | 5.5 | 2y ago | Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirec… | |||
| CVE-2021-21334 | medium | — | 5.5 | 2y ago | containerd environment variable leak | |||
| CVE-2021-3282 | medium | — | 5.5 | 2y ago | Improper Authentication in HashiCorp Vault in github.com/hashicorp/vault | |||
| CVE-2021-21285 | medium | — | 5.5 | 2y ago | In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain… | |||
| CVE-2021-21284 | medium | — | 5.5 | 2y ago | In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns… | |||
| CVE-2021-35939 | medium | — | 5.5 | 2y ago | Moderate: rpm security update | |||
| CVE-2021-35937 | medium | — | 5.5 | 2y ago | Moderate: rpm security update | |||
| CVE-2021-35938 | medium | — | 5.5 | 2y ago | Moderate: rpm security update | |||
| CVE-2021-3468 | medium | — | 5.5 | 3y ago | Moderate: avahi security update | |||
| CVE-2021-3502 | medium | — | 5.5 | 3y ago | Moderate: avahi security update | |||
| CVE-2021-32142 | medium | — | 5.5 | 3y ago | RHSA-2024:2994: LibRaw security update (Moderate) | |||
| CVE-2021-43784 | medium | — | 5.5 | 3y ago | Moderate: runc security update | |||
| CVE-2021-3782 | medium | — | 5.5 | 3y ago | RHSA-2023:2786: wayland security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-33645 | medium | — | 5.5 | 3y ago | RHSA-2023:2898: libtar security update (Moderate) | |||
| CVE-2021-33644 | medium | — | 5.5 | 3y ago | RHSA-2023:2898: libtar security update (Moderate) | |||
| CVE-2021-33643 | medium | — | 5.5 | 3y ago | RHSA-2023:2898: libtar security update (Moderate) | |||
| CVE-2021-33646 | medium | — | 5.5 | 3y ago | RHSA-2023:2898: libtar security update (Moderate) | |||
| CVE-2021-46790 | medium | — | 5.5 | 3y ago | RHSA-2023:2757: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-46829 | medium | — | 5.5 | 3y ago | Moderate: gdk-pixbuf2 security update | |||
| CVE-2021-44648 | medium | — | 5.5 | 3y ago | Moderate: gdk-pixbuf2 security update | |||
| CVE-2021-46822 | medium | — | 5.5 | 3y ago | Moderate: libjpeg-turbo security update | |||
| CVE-2021-43519 | medium | — | 5.5 | 3y ago | Moderate: lua security update | |||
| CVE-2021-44964 | medium | — | 5.5 | 3y ago | Moderate: lua security update | |||
| CVE-2021-44906 | medium | — | 5.5 | 3y ago | RHSA-2023:0050: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-46848 | medium | — | 5.5 | 3y ago | RHSA-2023:0116: libtasn1 security update (Moderate) | |||
| CVE-2021-33621 | medium | — | 5.5 | 4y ago | RHSA-2024:3500: ruby:3.0 security update (Moderate) | |||
| CVE-2021-23648 | medium | — | 5.5 | 4y ago | RHSA-2022:7519: grafana security, bug fix, and enhancement update (Moderate) |