CVEs from 2021
Total
4,792
critical
critical 280
high
high 1,018
medium
medium 1,176
low
low 138
% Critical
5.8%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- communications_unified_inventory_management 7
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-41227 | high | — | 8.0 | 5y ago | TensorFlow is an open source platform for machine learning. In affected versions the `ImmutableConst` operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because th… | |||
| CVE-2021-41228 | high | — | 8.0 | 5y ago | TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. Thi… | |||
| CVE-2021-35578 | high | — | 8.0 | 5y ago | RHSA-2022:0345: java-1.8.0-ibm security update (Important) | |||
| CVE-2021-35586 | high | — | 8.0 | 5y ago | RHSA-2022:0345: java-1.8.0-ibm security update (Important) | |||
| CVE-2021-35567 | high | — | 8.0 | 5y ago | RHSA-2021:4135: java-17-openjdk security update (Important) | |||
| CVE-2021-35564 | high | — | 8.0 | 5y ago | RHSA-2022:0345: java-1.8.0-ibm security update (Important) | |||
| CVE-2021-35559 | high | — | 8.0 | 5y ago | RHSA-2022:0345: java-1.8.0-ibm security update (Important) | |||
| CVE-2021-20325 | high | — | 8.0 | 5y ago | Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd, as shipped in Red Hat Enterprise Linux 8.5.0, causes a security regression compared to the versions shipped in Red Hat En… | |||
| CVE-2021-38503 | high | — | 8.0 | 5y ago | The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affe… | |||
| CVE-2021-38506 | high | — | 8.0 | 5y ago | Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This… | |||
| CVE-2021-43529 | high | — | 8.0 | 5y ago | RHSA-2021:4130: thunderbird security update (Important) | |||
| CVE-2021-38504 | high | — | 8.0 | 5y ago | When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This… | |||
| CVE-2021-38507 | high | — | 8.0 | 5y ago | The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-orig… | |||
| CVE-2021-38509 | high | — | 8.0 | 5y ago | Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's… | |||
| CVE-2021-38508 | high | — | 8.0 | 5y ago | By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the … | |||
| CVE-2021-43535 | high | — | 8.0 | 5y ago | A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firef… | |||
| CVE-2021-43534 | high | — | 8.0 | 5y ago | Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enoug… | |||
| CVE-2021-0512 | high | — | 8.0 | 5y ago | In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional … | |||
| CVE-2021-3656 | high | — | 8.0 | 5y ago | A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a ne… | |||
| CVE-2021-25741 | high | — | 8.0 | 5y ago | A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host file… | |||
| CVE-2021-41133 | high | — | 8.0 | 5y ago | RHSA-2021:4042: flatpak security update (Important) | |||
| CVE-2021-41146 | high | — | 8.0 | 5y ago | qutebrowser is an open source keyboard-focused browser with a minimal GUI. Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers a `qutebrowserurl:` URL handler. With cert… | |||
| CVE-2021-35565 | high | — | 8.0 | 5y ago | RHSA-2022:0345: java-1.8.0-ibm security update (Important) | |||
| CVE-2021-35588 | high | — | 8.0 | 5y ago | RHSA-2021:3893: java-1.8.0-openjdk security and bug fix update (Important) | |||
| CVE-2021-32626 | high | — | 8.0 | 5y ago | RHSA-2021:3945: redis:6 security update (Important) | |||
| CVE-2021-32687 | high | — | 8.0 | 5y ago | RHSA-2021:3945: redis:6 security update (Important) | |||
| CVE-2021-41099 | high | — | 8.0 | 5y ago | RHSA-2021:3945: redis:6 security update (Important) | |||
| CVE-2021-32627 | high | — | 8.0 | 5y ago | RHSA-2021:3945: redis:6 security update (Important) | |||
| CVE-2021-32628 | high | — | 8.0 | 5y ago | RHSA-2021:3945: redis:6 security update (Important) | |||
| CVE-2021-32675 | high | — | 8.0 | 5y ago | RHSA-2021:3945: redis:6 security update (Important) | |||
| CVE-2021-38502 | high | — | 8.0 | 5y ago | RHSA-2021:3838: thunderbird security update (Important) | |||
| CVE-2021-41355 | high | — | 8.0 | 5y ago | RHSA-2021:3819: .NET 5.0 security and bugfix update (Important) | |||
| CVE-2021-26691 | high | — | 8.0 | 5y ago | In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow | |||
| CVE-2021-38500 | high | — | 8.0 | 5y ago | Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |||
| CVE-2021-38501 | high | — | 8.0 | 5y ago | Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |||
| CVE-2021-38496 | high | — | 8.0 | 5y ago | During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbir… | |||
| CVE-2021-38498 | high | — | 8.0 | 5y ago | During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Fire… | |||
| CVE-2021-38497 | high | — | 8.0 | 5y ago | Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerabil… | |||
| CVE-2021-28378 | high | — | 8.0 | 5y ago | Cross-site Scripting in Gitea in code.gitea.io/gitea | |||
| CVE-2021-22930 | high | — | 8.0 | 5y ago | RHSA-2021:3666: nodejs:14 security and bug fix update (Important) | |||
| CVE-2021-41098 | high | — | 8.0 | 5y ago | Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by de… | |||
| CVE-2021-35042 | high | — | 8.0 | 5y ago | Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application. | |||
| CVE-2021-22940 | high | — | 8.0 | 5y ago | RHSA-2021:3666: nodejs:14 security and bug fix update (Important) | |||
| CVE-2021-22939 | high | — | 8.0 | 5y ago | RHSA-2021:3666: nodejs:14 security and bug fix update (Important) | |||
| CVE-2021-22931 | high | — | 8.0 | 5y ago | RHSA-2021:3666: nodejs:14 security and bug fix update (Important) | |||
| CVE-2021-40823 | high | — | 8.0 | 5y ago | A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encrypti… | |||
| CVE-2021-33582 | high | — | 8.0 | 5y ago | RHSA-2021:3492: cyrus-imapd security update (Important) | |||
| CVE-2021-38493 | high | — | 8.0 | 5y ago | Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… | |||
| CVE-2021-37137 | high | — | 8.0 | 5y ago | SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way | |||
| CVE-2021-37136 | high | — | 8.0 | 5y ago | Bzip2Decoder doesn't allow setting size restrictions for decompressed data | |||
| CVE-2021-38698 | high | — | 8.0 | 5y ago | HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul | |||
| CVE-2021-37219 | high | — | 8.0 | 5y ago | HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul | |||
| CVE-2021-37218 | high | — | 8.0 | 5y ago | Privilege escalation in Hashicorp Nomad in github.com/hashicorp/nomad | |||
| CVE-2021-37576 | high | — | 8.0 | 5y ago | arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e. | |||
| CVE-2021-38201 | high | — | 8.0 | 5y ago | net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations. | |||
| CVE-2021-39156 | high | — | 8.0 | 5y ago | Istio Fragments in Path May Lead to Authorization Policy Bypass | |||
| CVE-2021-39155 | high | — | 8.0 | 5y ago | Authorization Policy Bypass Due to Case Insensitive Host Comparison | |||
| CVE-2021-39137 | high | — | 8.0 | 5y ago | Consensus flaw during block processing in github.com/ethereum/go-ethereum | |||
| CVE-2021-34532 | high | — | 8.0 | 5y ago | RHSA-2021:3148: .NET 5.0 security and bugfix update (Important) | |||
| CVE-2021-3246 | high | — | 8.0 | 5y ago | RHSA-2021:3253: libsndfile security update (Important) | |||
| CVE-2021-3711 | high | — | 8.0 | 5y ago | In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "o… | |||
| CVE-2021-32798 | high | — | 8.0 | 5y ago | The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Goo… | |||
| CVE-2021-32797 | high | — | 8.0 | 5y ago | JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterL… | |||
| CVE-2021-31291 | high | — | 8.0 | 5y ago | RHSA-2021:3153: compat-exiv2-026 security update (Important) | |||
| CVE-2021-3621 | high | — | 8.0 | 5y ago | RHSA-2021:3151: sssd security update (Important) | |||
| CVE-2021-29986 | high | — | 8.0 | 5y ago | A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are … | |||
| CVE-2021-29989 | high | — | 8.0 | 5y ago | Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… | |||
| CVE-2021-29985 | high | — | 8.0 | 5y ago | A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR… | |||
| CVE-2021-29984 | high | — | 8.0 | 5y ago | Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploi… | |||
| CVE-2021-29988 | high | — | 8.0 | 5y ago | Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Th… | |||
| CVE-2021-29980 | high | — | 8.0 | 5y ago | Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunder… | |||
| CVE-2021-23343 | high | — | 8.0 | 5y ago | RHSA-2021:3666: nodejs:14 security and bug fix update (Important) | |||
| CVE-2021-27218 | high | — | 8.0 | 5y ago | RHSA-2021:4526: mingw-glib2 security, bug fix, and enhancement update (Important) | |||
| CVE-2021-22543 | high | — | 8.0 | 5y ago | An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This… | |||
| CVE-2021-3609 | high | — | 8.0 | 5y ago | .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This… | |||
| CVE-2021-38575 | high | — | 8.0 | 5y ago | RHSA-2021:3066: edk2 security update (Important) | |||
| CVE-2021-32804 | high | — | 8.0 | 5y ago | RHSA-2021:3666: nodejs:14 security and bug fix update (Important) | |||
| CVE-2021-32803 | high | — | 8.0 | 5y ago | RHSA-2021:3666: nodejs:14 security and bug fix update (Important) | |||
| CVE-2021-36740 | high | — | 8.0 | 5y ago | Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, a… | |||
| CVE-2021-32810 | high | — | 8.0 | 5y ago | crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more … | |||
| CVE-2021-29969 | high | — | 8.0 | 5y ago | multiple issues in thunderbird | |||
| CVE-2021-2388 | high | — | 8.0 | 5y ago | RHSA-2021:2781: java-11-openjdk security update (Important) | |||
| CVE-2021-33910 | high | — | 8.0 | 5y ago | basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker)… | |||
| CVE-2021-33909 | high | — | 8.0 | 5y ago | fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root b… | |||
| CVE-2021-32399 | high | — | 8.0 | 5y ago | net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. | |||
| CVE-2021-29976 | high | — | 8.0 | 5y ago | Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort s… | |||
| CVE-2021-30547 | high | — | 8.0 | 5y ago | Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||
| CVE-2021-29970 | high | — | 8.0 | 5y ago | A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerabili… | |||
| CVE-2021-3570 | high | — | 8.0 | 5y ago | RHSA-2021:2660: linuxptp security update (Important) | |||
| CVE-2021-33034 | high | — | 8.0 | 5y ago | In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. | |||
| CVE-2021-33829 | high | — | 8.0 | 5y ago | ckeditor4 vulnerable to cross-site scripting | |||
| CVE-2021-32027 | high | — | 8.0 | 5y ago | RHSA-2021:2375: postgresql:13 security update (Important) | |||
| CVE-2021-3393 | high | — | 8.0 | 5y ago | RHSA-2021:2372: postgresql:12 security update (Important) | |||
| CVE-2021-32029 | high | — | 8.0 | 5y ago | RHSA-2021:2375: postgresql:13 security update (Important) | |||
| CVE-2021-30465 | high | — | 8.0 | 5y ago | RHSA-2021:2371: container-tools:rhel8 security update (Important) | |||
| CVE-2021-33516 | high | — | 8.0 | 5y ago | RHSA-2021:2363: gupnp security update (Important) | |||
| CVE-2021-32028 | high | — | 8.0 | 5y ago | RHSA-2021:2375: postgresql:13 security update (Important) | |||
| CVE-2021-31957 | high | — | 8.0 | 5y ago | RHSA-2021:2353: .NET 5.0 security and bugfix update (Important) | |||
| CVE-2021-25217 | high | — | 8.0 | 5y ago | RHSA-2021:2359: dhcp security update (Important) | |||
| CVE-2021-20195 | high | — | 8.0 | 5y ago | keycloak Self Stored Cross-site Scripting vulnerability |