CVEs from 2021
Total
4,795
critical
critical 281
high
high 1,022
medium
medium 1,179
low
low 138
% Critical
5.9%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- mbed_tls 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-30846 | medium | — | 5.5 | 4y ago | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously cra… | |||
| CVE-2021-30836 | medium | — | 5.5 | 4y ago | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted audio f… | |||
| CVE-2021-30809 | medium | — | 5.5 | 4y ago | A use after free issue was addressed with improved memory management. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead t… | |||
| CVE-2021-3733 | medium | — | 5.5 | 4y ago | There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression D… | |||
| CVE-2021-4008 | medium | — | 5.5 | 4y ago | A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerabil… | |||
| CVE-2021-28116 | medium | — | 5.5 | 4y ago | RHSA-2022:1939: squid:4 security and bug fix update (Moderate) | |||
| CVE-2021-4011 | medium | — | 5.5 | 4y ago | A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is t… | |||
| CVE-2021-4010 | medium | — | 5.5 | 4y ago | A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability… | |||
| CVE-2021-4009 | medium | — | 5.5 | 4y ago | A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulne… | |||
| CVE-2021-4156 | medium | — | 5.5 | 4y ago | RHSA-2022:1968: libsndfile security update (Moderate) | |||
| CVE-2021-20316 | medium | — | 5.5 | 4y ago | RHSA-2022:2074: samba security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-3639 | medium | — | 5.5 | 4y ago | RHSA-2022:1934: mod_auth_mellon security update (Moderate) | |||
| CVE-2021-21705 | medium | — | 5.5 | 4y ago | RHSA-2022:1935: php:7.4 security update (Moderate) | |||
| CVE-2021-21703 | medium | — | 5.5 | 4y ago | RHSA-2022:1935: php:7.4 security update (Moderate) | |||
| CVE-2021-44141 | medium | — | 5.5 | 4y ago | RHSA-2022:2074: samba security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2154 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-46658 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-46667 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-46662 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-46666 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-35604 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-46657 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-4115 | medium | — | 5.5 | 4y ago | RHSA-2022:1546: polkit security update (Moderate) | |||
| CVE-2021-20180 | medium | — | 5.5 | 4y ago | information disclosure in ansible | |||
| CVE-2021-3999 | medium | — | 5.5 | 4y ago | RHSA-2022:0896: glibc security update (Moderate) | |||
| CVE-2021-31566 | medium | — | 5.5 | 4y ago | RHSA-2022:0892: libarchive security update (Moderate) | |||
| CVE-2021-23177 | medium | — | 5.5 | 4y ago | RHSA-2022:0892: libarchive security update (Moderate) | |||
| CVE-2021-34798 | medium | — | 5.5 | 4y ago | Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. | |||
| CVE-2021-39275 | medium | — | 5.5 | 4y ago | ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affe… | |||
| CVE-2021-3620 | medium | — | 5.5 | 4y ago | A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest th… | |||
| CVE-2021-31810 | medium | — | 5.5 | 4y ago | RHSA-2022:0672: ruby:2.5 security update (Moderate) | |||
| CVE-2021-32066 | medium | — | 5.5 | 4y ago | RHSA-2022:0672: ruby:2.5 security update (Moderate) | |||
| CVE-2021-27918 | medium | — | 5.5 | 4y ago | RHSA-2021:3076: go-toolset:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-3114 | medium | — | 5.5 | 4y ago | RHSA-2021:4226: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-33196 | medium | — | 5.5 | 4y ago | RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2021-36221 | medium | — | 5.5 | 4y ago | RHSA-2022:7457: container-tools:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-29622 | medium | — | 5.5 | 4y ago | Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redire… | |||
| CVE-2021-27358 | medium | — | 5.5 | 4y ago | RHSA-2021:4226: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-4122 | medium | — | 5.5 | 4y ago | RHSA-2022:0370: cryptsetup security update (Moderate) | |||
| CVE-2021-3521 | medium | — | 5.5 | 4y ago | RHSA-2022:0368: rpm security update (Moderate) | |||
| CVE-2021-4192 | medium | — | 5.5 | 4y ago | RHSA-2022:0366: vim security update (Moderate) | |||
| CVE-2021-4193 | medium | — | 5.5 | 4y ago | RHSA-2022:0366: vim security update (Moderate) | |||
| CVE-2021-3872 | medium | — | 5.5 | 4y ago | RHSA-2022:0366: vim security update (Moderate) | |||
| CVE-2021-3984 | medium | — | 5.5 | 4y ago | RHSA-2022:0366: vim security update (Moderate) | |||
| CVE-2021-22570 | medium | — | 5.5 | 4y ago | RHSA-2022:7464: protobuf security update (Moderate) | |||
| CVE-2021-44217 | medium | — | 5.5 | 4y ago | In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2021-41772 | medium | — | 5.5 | 4y ago | RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2021-41771 | medium | — | 5.5 | 5y ago | RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2021-45116 | medium | — | 5.5 | 5y ago | An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter … | |||
| CVE-2021-45452 | medium | — | 5.5 | 5y ago | Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. | |||
| CVE-2021-45115 | medium | — | 5.5 | 5y ago | An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that wa… | |||
| CVE-2021-23214 | medium | — | 5.5 | 5y ago | RHSA-2022:1830: postgresql:10 security update (Moderate) | |||
| CVE-2021-3677 | medium | — | 5.5 | 5y ago | RHSA-2021:5236: postgresql:13 security update (Moderate) | |||
| CVE-2021-20321 | medium | — | 5.5 | 5y ago | A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the syste… | |||
| CVE-2021-42550 | medium | — | 5.5 | 5y ago | Deserialization of Untrusted Data in logback | |||
| CVE-2021-22959 | medium | — | 5.5 | 5y ago | RHSA-2022:0350: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-22960 | medium | — | 5.5 | 5y ago | RHSA-2022:0350: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-43255 | medium | 5.5 | 5.5 | 5y ago | Microsoft Office Trust Center Spoofing Vulnerability | |||
| CVE-2021-42295 | medium | 5.5 | 5.5 | 5y ago | Visual Basic for Applications Information Disclosure Vulnerability | |||
| CVE-2021-43243 | medium | 5.5 | 5.5 | 5y ago | VP9 Video Extensions Information Disclosure Vulnerability | |||
| CVE-2021-4044 | medium | — | 5.5 | 5y ago | Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (… | |||
| CVE-2021-43818 | medium | — | 5.5 | 5y ago | RHSA-2022:1932: python-lxml security update (Moderate) | |||
| CVE-2021-43415 | medium | — | 5.5 | 5y ago | Improper Authentication in HashiCorp Nomad in github.com/hashicorp/nomad | |||
| CVE-2021-44420 | medium | — | 5.5 | 5y ago | In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. | |||
| CVE-2021-43797 | medium | — | 5.5 | 5y ago | HTTP request smuggling in netty | |||
| CVE-2021-43809 | medium | — | 5.5 | 5y ago | RHSA-2025:7539: ruby:2.5 security update (Moderate) | |||
| CVE-2021-43998 | medium | — | 5.5 | 5y ago | HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault | |||
| CVE-2021-27025 | medium | — | 5.5 | 5y ago | A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'. | |||
| CVE-2021-27023 | medium | — | 5.5 | 5y ago | A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007 | |||
| CVE-2021-41819 | medium | — | 5.5 | 5y ago | RHSA-2022:6450: ruby:3.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-41816 | medium | — | 5.5 | 5y ago | CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different n… | |||
| CVE-2021-41281 | medium | — | 5.5 | 5y ago | Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a rem… | |||
| CVE-2021-41868 | medium | — | 5.5 | 5y ago | OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality. | |||
| CVE-2021-41867 | medium | — | 5.5 | 5y ago | An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat f… | |||
| CVE-2021-3918 | medium | — | 5.5 | 5y ago | RHSA-2022:0350: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-41190 | medium | — | 5.5 | 5y ago | RHSA-2022:7457: container-tools:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-41164 | medium | — | 5.5 | 5y ago | Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML | |||
| CVE-2021-41165 | medium | — | 5.5 | 5y ago | HTML comments vulnerability allowing to execute JavaScript code | |||
| CVE-2021-41817 | medium | — | 5.5 | 5y ago | RHSA-2022:6450: ruby:3.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-42574 | medium | — | 5.5 | 5y ago | RHSA-2021:4743: llvm-toolset:rhel8 security update (Moderate) | |||
| CVE-2021-35603 | medium | — | 5.5 | 5y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2021-35561 | medium | — | 5.5 | 5y ago | RHSA-2022:5837: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2021-3796 | medium | — | 5.5 | 5y ago | RHSA-2021:4517: vim security update (Moderate) | |||
| CVE-2021-3778 | medium | — | 5.5 | 5y ago | RHSA-2021:4517: vim security update (Moderate) | |||
| CVE-2021-23336 | medium | — | 5.5 | 5y ago | The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.pars… | |||
| CVE-2021-36087 | medium | — | 5.5 | 5y ago | RHSA-2021:4513: libsepol security update (Moderate) | |||
| CVE-2021-36084 | medium | — | 5.5 | 5y ago | RHSA-2021:4513: libsepol security update (Moderate) | |||
| CVE-2021-36086 | medium | — | 5.5 | 5y ago | RHSA-2021:4513: libsepol security update (Moderate) | |||
| CVE-2021-36085 | medium | — | 5.5 | 5y ago | RHSA-2021:4513: libsepol security update (Moderate) | |||
| CVE-2021-22925 | medium | — | 5.5 | 5y ago | curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parse… | |||
| CVE-2021-22898 | medium | — | 5.5 | 5y ago | curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers… | |||
| CVE-2021-22876 | medium | — | 5.5 | 5y ago | curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip o… | |||
| CVE-2021-3445 | medium | — | 5.5 | 5y ago | RHSA-2021:4464: dnf security and bug fix update (Moderate) | |||
| CVE-2021-20232 | medium | — | 5.5 | 5y ago | RHSA-2021:4451: gnutls and nettle security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-20231 | medium | — | 5.5 | 5y ago | RHSA-2021:4451: gnutls and nettle security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-3580 | medium | — | 5.5 | 5y ago | RHSA-2021:4451: gnutls and nettle security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-3565 | medium | — | 5.5 | 5y ago | RHSA-2021:4413: tpm2-tools security and enhancement update (Moderate) | |||
| CVE-2021-33560 | medium | — | 5.5 | 5y ago | RHSA-2021:4409: libgcrypt security and bug fix update (Moderate) | |||
| CVE-2021-3426 | medium | — | 5.5 | 5y ago | There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disc… | |||
| CVE-2021-3800 | medium | — | 5.5 | 5y ago | RHSA-2021:4385: glib2 security and bug fix update (Moderate) |