CVEs from 2021
Total
4,792
critical
critical 280
high
high 1,018
medium
medium 1,176
low
low 138
% Critical
5.8%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- communications_unified_inventory_management 7
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-30809 | medium | — | 5.5 | 4y ago | A use after free issue was addressed with improved memory management. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead t… | |||
| CVE-2021-3733 | medium | — | 5.5 | 4y ago | There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression D… | |||
| CVE-2021-28116 | medium | — | 5.5 | 4y ago | RHSA-2022:1939: squid:4 security and bug fix update (Moderate) | |||
| CVE-2021-3639 | medium | — | 5.5 | 4y ago | RHSA-2022:1934: mod_auth_mellon security update (Moderate) | |||
| CVE-2021-4009 | medium | — | 5.5 | 4y ago | A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulne… | |||
| CVE-2021-4156 | medium | — | 5.5 | 4y ago | RHSA-2022:1968: libsndfile security update (Moderate) | |||
| CVE-2021-21703 | medium | — | 5.5 | 4y ago | RHSA-2022:1935: php:7.4 security update (Moderate) | |||
| CVE-2021-21705 | medium | — | 5.5 | 4y ago | RHSA-2022:1935: php:7.4 security update (Moderate) | |||
| CVE-2021-44141 | medium | — | 5.5 | 4y ago | RHSA-2022:2074: samba security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-20316 | medium | — | 5.5 | 4y ago | RHSA-2022:2074: samba security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-4008 | medium | — | 5.5 | 4y ago | A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerabil… | |||
| CVE-2021-4011 | medium | — | 5.5 | 4y ago | A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is t… | |||
| CVE-2021-4010 | medium | — | 5.5 | 4y ago | A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability… | |||
| CVE-2021-2154 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-46662 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-46657 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-46667 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-46666 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-46658 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-35604 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-4115 | medium | — | 5.5 | 4y ago | RHSA-2022:1546: polkit security update (Moderate) | |||
| CVE-2021-20180 | medium | — | 5.5 | 4y ago | information disclosure in ansible | |||
| CVE-2021-3999 | medium | — | 5.5 | 4y ago | RHSA-2022:0896: glibc security update (Moderate) | |||
| CVE-2021-31566 | medium | — | 5.5 | 4y ago | RHSA-2022:0892: libarchive security update (Moderate) | |||
| CVE-2021-23177 | medium | — | 5.5 | 4y ago | RHSA-2022:0892: libarchive security update (Moderate) | |||
| CVE-2021-39275 | medium | — | 5.5 | 4y ago | ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affe… | |||
| CVE-2021-34798 | medium | — | 5.5 | 4y ago | Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. | |||
| CVE-2021-3620 | medium | — | 5.5 | 4y ago | A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest th… | |||
| CVE-2021-32066 | medium | — | 5.5 | 4y ago | RHSA-2022:0672: ruby:2.5 security update (Moderate) | |||
| CVE-2021-31810 | medium | — | 5.5 | 4y ago | RHSA-2022:0672: ruby:2.5 security update (Moderate) | |||
| CVE-2021-27918 | medium | — | 5.5 | 4y ago | RHSA-2021:3076: go-toolset:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-3114 | medium | — | 5.5 | 4y ago | RHSA-2021:4226: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-33196 | medium | — | 5.5 | 4y ago | RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2021-36221 | medium | — | 5.5 | 4y ago | RHSA-2022:7457: container-tools:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-29622 | medium | — | 5.5 | 4y ago | Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redire… | |||
| CVE-2021-27358 | medium | — | 5.5 | 4y ago | RHSA-2021:4226: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-4122 | medium | — | 5.5 | 4y ago | RHSA-2022:0370: cryptsetup security update (Moderate) | |||
| CVE-2021-3521 | medium | — | 5.5 | 4y ago | RHSA-2022:0368: rpm security update (Moderate) | |||
| CVE-2021-3984 | medium | — | 5.5 | 4y ago | RHSA-2022:0366: vim security update (Moderate) | |||
| CVE-2021-4193 | medium | — | 5.5 | 4y ago | RHSA-2022:0366: vim security update (Moderate) | |||
| CVE-2021-3872 | medium | — | 5.5 | 4y ago | RHSA-2022:0366: vim security update (Moderate) | |||
| CVE-2021-4192 | medium | — | 5.5 | 4y ago | RHSA-2022:0366: vim security update (Moderate) | |||
| CVE-2021-22570 | medium | — | 5.5 | 4y ago | RHSA-2022:7464: protobuf security update (Moderate) | |||
| CVE-2021-44217 | medium | — | 5.5 | 4y ago | In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2021-41772 | medium | — | 5.5 | 4y ago | RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2021-41771 | medium | — | 5.5 | 5y ago | RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2021-45116 | medium | — | 5.5 | 5y ago | An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter … | |||
| CVE-2021-45452 | medium | — | 5.5 | 5y ago | Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. | |||
| CVE-2021-45115 | medium | — | 5.5 | 5y ago | An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that wa… | |||
| CVE-2021-3677 | medium | — | 5.5 | 5y ago | RHSA-2021:5236: postgresql:13 security update (Moderate) | |||
| CVE-2021-23214 | medium | — | 5.5 | 5y ago | RHSA-2022:1830: postgresql:10 security update (Moderate) | |||
| CVE-2021-20321 | medium | — | 5.5 | 5y ago | A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the syste… | |||
| CVE-2021-42550 | medium | — | 5.5 | 5y ago | Deserialization of Untrusted Data in logback | |||
| CVE-2021-22959 | medium | — | 5.5 | 5y ago | RHSA-2022:0350: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-22960 | medium | — | 5.5 | 5y ago | RHSA-2022:0350: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-43255 | medium | 5.5 | 5.5 | 5y ago | Microsoft Office Trust Center Spoofing Vulnerability | |||
| CVE-2021-42295 | medium | 5.5 | 5.5 | 5y ago | Visual Basic for Applications Information Disclosure Vulnerability | |||
| CVE-2021-43243 | medium | 5.5 | 5.5 | 5y ago | VP9 Video Extensions Information Disclosure Vulnerability | |||
| CVE-2021-4044 | medium | — | 5.5 | 5y ago | Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (… | |||
| CVE-2021-43818 | medium | — | 5.5 | 5y ago | RHSA-2022:1932: python-lxml security update (Moderate) | |||
| CVE-2021-43415 | medium | — | 5.5 | 5y ago | Improper Authentication in HashiCorp Nomad in github.com/hashicorp/nomad | |||
| CVE-2021-44420 | medium | — | 5.5 | 5y ago | In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. | |||
| CVE-2021-43797 | medium | — | 5.5 | 5y ago | HTTP request smuggling in netty | |||
| CVE-2021-43809 | medium | — | 5.5 | 5y ago | RHSA-2025:7539: ruby:2.5 security update (Moderate) | |||
| CVE-2021-43998 | medium | — | 5.5 | 5y ago | HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault | |||
| CVE-2021-27025 | medium | — | 5.5 | 5y ago | A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'. | |||
| CVE-2021-27023 | medium | — | 5.5 | 5y ago | A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007 | |||
| CVE-2021-41816 | medium | — | 5.5 | 5y ago | CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different n… | |||
| CVE-2021-41819 | medium | — | 5.5 | 5y ago | RHSA-2022:6450: ruby:3.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-41281 | medium | — | 5.5 | 5y ago | Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a rem… | |||
| CVE-2021-41868 | medium | — | 5.5 | 5y ago | OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality. | |||
| CVE-2021-41867 | medium | — | 5.5 | 5y ago | An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat f… | |||
| CVE-2021-3918 | medium | — | 5.5 | 5y ago | RHSA-2022:0350: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-41190 | medium | — | 5.5 | 5y ago | RHSA-2022:7457: container-tools:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-41165 | medium | — | 5.5 | 5y ago | HTML comments vulnerability allowing to execute JavaScript code | |||
| CVE-2021-41164 | medium | — | 5.5 | 5y ago | Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML | |||
| CVE-2021-41817 | medium | — | 5.5 | 5y ago | RHSA-2022:6450: ruby:3.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-42574 | medium | — | 5.5 | 5y ago | RHSA-2021:4743: llvm-toolset:rhel8 security update (Moderate) | |||
| CVE-2021-35561 | medium | — | 5.5 | 5y ago | RHSA-2022:5837: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2021-35603 | medium | — | 5.5 | 5y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2021-3778 | medium | — | 5.5 | 5y ago | RHSA-2021:4517: vim security update (Moderate) | |||
| CVE-2021-3796 | medium | — | 5.5 | 5y ago | RHSA-2021:4517: vim security update (Moderate) | |||
| CVE-2021-23336 | medium | — | 5.5 | 5y ago | The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.pars… | |||
| CVE-2021-36085 | medium | — | 5.5 | 5y ago | RHSA-2021:4513: libsepol security update (Moderate) | |||
| CVE-2021-36084 | medium | — | 5.5 | 5y ago | RHSA-2021:4513: libsepol security update (Moderate) | |||
| CVE-2021-36087 | medium | — | 5.5 | 5y ago | RHSA-2021:4513: libsepol security update (Moderate) | |||
| CVE-2021-36086 | medium | — | 5.5 | 5y ago | RHSA-2021:4513: libsepol security update (Moderate) | |||
| CVE-2021-22925 | medium | — | 5.5 | 5y ago | curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parse… | |||
| CVE-2021-22898 | medium | — | 5.5 | 5y ago | curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers… | |||
| CVE-2021-22876 | medium | — | 5.5 | 5y ago | curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip o… | |||
| CVE-2021-3445 | medium | — | 5.5 | 5y ago | RHSA-2021:4464: dnf security and bug fix update (Moderate) | |||
| CVE-2021-20232 | medium | — | 5.5 | 5y ago | RHSA-2021:4451: gnutls and nettle security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-3580 | medium | — | 5.5 | 5y ago | RHSA-2021:4451: gnutls and nettle security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-20231 | medium | — | 5.5 | 5y ago | RHSA-2021:4451: gnutls and nettle security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-3565 | medium | — | 5.5 | 5y ago | RHSA-2021:4413: tpm2-tools security and enhancement update (Moderate) | |||
| CVE-2021-33560 | medium | — | 5.5 | 5y ago | RHSA-2021:4409: libgcrypt security and bug fix update (Moderate) | |||
| CVE-2021-3426 | medium | — | 5.5 | 5y ago | There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disc… | |||
| CVE-2021-3800 | medium | — | 5.5 | 5y ago | RHSA-2021:4385: glib2 security and bug fix update (Moderate) | |||
| CVE-2021-25214 | medium | — | 5.5 | 5y ago | RHSA-2021:4384: bind security and bug fix update (Moderate) | |||
| CVE-2021-28650 | medium | — | 5.5 | 5y ago | RHSA-2021:4381: GNOME security, bug fix, and enhancement update (Moderate) |