CVEs from 2021
Total
4,794
critical
critical 281
high
high 1,022
medium
medium 1,178
low
low 138
% Critical
5.9%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- mbed_tls 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-29967 | high | — | 8.0 | 5y ago | Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… | |||
| CVE-2021-3551 | high | — | 8.0 | 5y ago | RHSA-2021:2235: pki-core:10.6 security update (Important) | |||
| CVE-2021-27219 | high | — | 8.0 | 5y ago | RHSA-2021:4526: mingw-glib2 security, bug fix, and enhancement update (Important) | |||
| CVE-2021-3543 | high | — | 8.0 | 5y ago | A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use thi… | |||
| CVE-2021-3501 | high | — | 8.0 | 5y ago | A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could l… | |||
| CVE-2021-31204 | high | — | 8.0 | 5y ago | RHSA-2021:2037: dotnet3.1 security and bugfix update (Important) | |||
| CVE-2021-29477 | high | — | 8.0 | 5y ago | RHSA-2021:2034: redis:6 security update (Important) | |||
| CVE-2021-3480 | high | — | 8.0 | 5y ago | RHSA-2021:1983: idm:DL1 security update (Important) | |||
| CVE-2021-0605 | high | — | 8.0 | 5y ago | In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed.… | |||
| CVE-2021-0342 | high | — | 8.0 | 5y ago | In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction is … | |||
| CVE-2021-25215 | high | — | 8.0 | 5y ago | RHSA-2021:1989: bind security update (Important) | |||
| CVE-2021-3428 | high | — | 8.0 | 5y ago | A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating a… | |||
| CVE-2021-24122 | high | — | 8.0 | 5y ago | When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to … | |||
| CVE-2021-20222 | high | — | 8.0 | 5y ago | Code injection in keycloak | |||
| CVE-2021-22112 | high | — | 8.0 | 5y ago | Privilege escalation in spring security | |||
| CVE-2021-3450 | high | — | 8.0 | 5y ago | RHSA-2021:1024: openssl security update (Important) | |||
| CVE-2021-3449 | high | — | 8.0 | 5y ago | RHSA-2021:1024: openssl security update (Important) | |||
| CVE-2021-29945 | high | — | 8.0 | 5y ago | The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffect… | |||
| CVE-2021-23961 | high | — | 8.0 | 5y ago | Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine.… | |||
| CVE-2021-29948 | high | — | 8.0 | 5y ago | multiple issues in thunderbird | |||
| CVE-2021-23998 | high | — | 8.0 | 5y ago | Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Fir… | |||
| CVE-2021-23994 | high | — | 8.0 | 5y ago | A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. | |||
| CVE-2021-23995 | high | — | 8.0 | 5y ago | When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulner… | |||
| CVE-2021-23999 | high | — | 8.0 | 5y ago | If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vul… | |||
| CVE-2021-24002 | high | — | 8.0 | 5y ago | When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. Th… | |||
| CVE-2021-29946 | high | — | 8.0 | 5y ago | Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox … | |||
| CVE-2021-20305 | high | — | 8.0 | 5y ago | RHSA-2021:1206: gnutls and nettle security update (Important) | |||
| CVE-2021-20277 | high | — | 8.0 | 5y ago | RHSA-2021:1197: libldb security update (Important) | |||
| CVE-2021-28165 | high | — | 8.0 | 5y ago | Jetty vulnerable to incorrect handling of invalid large TLS frame, exhausting CPU resources | |||
| CVE-2021-27364 | high | — | 8.0 | 5y ago | An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. | |||
| CVE-2021-27363 | high | — | 8.0 | 5y ago | An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the… | |||
| CVE-2021-27365 | high | — | 8.0 | 5y ago | An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged use… | |||
| CVE-2021-26708 | high | — | 8.0 | 5y ago | A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The ra… | |||
| CVE-2021-21381 | high | — | 8.0 | 5y ago | RHSA-2021:1068: flatpak security update (Important) | |||
| CVE-2021-4127 | high | — | 8.0 | 5y ago | RHSA-2021:0993: thunderbird security update (Important) | |||
| CVE-2021-23981 | high | — | 8.0 | 5y ago | A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information lea… | |||
| CVE-2021-23982 | high | — | 8.0 | 5y ago | Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRT… | |||
| CVE-2021-23984 | high | — | 8.0 | 5y ago | A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could ha… | |||
| CVE-2021-23987 | high | — | 8.0 | 5y ago | Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enoug… | |||
| CVE-2021-20179 | high | — | 8.0 | 5y ago | RHSA-2021:0966: pki-core:10.6 security update (Important) | |||
| CVE-2021-28363 | high | — | 8.0 | 5y ago | The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't … | |||
| CVE-2021-20262 | high | — | 8.0 | 5y ago | Keycloak Missing authentication for critical function | |||
| CVE-2021-27803 | high | — | 8.0 | 5y ago | RHSA-2021:0809: wpa_supplicant security update (Important) | |||
| CVE-2021-22883 | high | — | 8.0 | 5y ago | RHSA-2021:0744: nodejs:14 security and bug fix update (Important) | |||
| CVE-2021-22884 | high | — | 8.0 | 5y ago | RHSA-2021:0744: nodejs:14 security and bug fix update (Important) | |||
| CVE-2021-23973 | high | — | 8.0 | 5y ago | When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerab… | |||
| CVE-2021-23968 | high | — | 8.0 | 5y ago | If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be u… | |||
| CVE-2021-23969 | high | — | 8.0 | 5y ago | As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s no… | |||
| CVE-2021-23978 | high | — | 8.0 | 5y ago | Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |||
| CVE-2021-20230 | high | — | 8.0 | 5y ago | RHSA-2021:0618: stunnel security update (Important) | |||
| CVE-2021-27135 | high | — | 8.0 | 5y ago | RHSA-2021:0611: xterm security update (Important) | |||
| CVE-2021-21261 | high | — | 8.0 | 5y ago | RHSA-2021:0304: flatpak security update (Important) | |||
| CVE-2021-23964 | high | — | 8.0 | 5y ago | Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |||
| CVE-2021-23960 | high | — | 8.0 | 5y ago | Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, an… | |||
| CVE-2021-23953 | high | — | 8.0 | 5y ago | If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects … | |||
| CVE-2021-23954 | high | — | 8.0 | 5y ago | Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability … | |||
| CVE-2021-21241 | high | — | 8.0 | 6y ago | The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of … | |||
| CVE-2021-2144 | high | — | 8.0 | 6y ago | RHSA-2020:5500: mariadb:10.3 security, bug fix, and enhancement update (Important) | |||
| CVE-2021-2019 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2021-2016 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2021-2020 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2021-2012 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2021-2009 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2021-1998 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2021-2160 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2021-2006 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2021-20188 | high | — | 8.0 | 6y ago | RHSA-2021:0706: container-tools:2.0 security update (Important) | |||
| CVE-2021-33630 | high | — | 8.0 | 6y ago | NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation. This vulnerability is associated with program files net/sched/sch_cbs.C. This issue… | |||
| CVE-2021-47974 | high | 7.8 | 7.8 | 20d ago | VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that allows local attackers to escalate privileges. Attackers can place ma… | |||
| CVE-2021-47945 | high | 7.8 | 7.8 | 26d ago | Argus Surveillance DVR 4.0 contains an unquoted service path vulnerability in the DVRWatchdog service that allows local attackers to escalate privileges by exploiting the service binary path. Attacke… | |||
| CVE-2021-47107 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix READDIR buffer overflow If a client sends a READDIR count argument that is too small (say, zero), then the buffer size … | |||
| CVE-2021-43619 | high | 7.8 | 7.8 | 4y ago | Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations. | |||
| CVE-2021-4019 | high | 7.8 | 7.8 | 4y ago | RHSA-2022:0366: vim security update (Moderate) | |||
| CVE-2021-43875 | high | 7.8 | 7.8 | 5y ago | Microsoft Office Graphics Remote Code Execution Vulnerability | |||
| CVE-2021-43256 | high | 7.8 | 7.8 | 5y ago | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2021-44149 | high | 7.8 | 7.8 | 5y ago | An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, res… | |||
| CVE-2021-42296 | high | 7.8 | 7.8 | 5y ago | Microsoft Word Remote Code Execution Vulnerability | |||
| CVE-2021-43209 | high | 7.8 | 7.8 | 5y ago | 3D Viewer Remote Code Execution Vulnerability | |||
| CVE-2021-31983 | high | 7.8 | 7.8 | 5y ago | Paint 3D Remote Code Execution Vulnerability | |||
| CVE-2021-31946 | high | 7.8 | 7.8 | 5y ago | Paint 3D Remote Code Execution Vulnerability | |||
| CVE-2021-31942 | high | 7.8 | 7.8 | 5y ago | 3D Viewer Remote Code Execution Vulnerability | |||
| CVE-2021-28465 | high | 7.8 | 7.8 | 5y ago | Web Media Extensions Remote Code Execution Vulnerability | |||
| CVE-2021-28464 | high | 7.8 | 7.8 | 5y ago | VP9 Video Extensions Remote Code Execution Vulnerability | |||
| CVE-2021-45031 | high | 7.7 | 7.7 | 4y ago | A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords. | |||
| CVE-2021-47977 | high | 7.5 | 7.5 | 20d ago | WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the f… | |||
| CVE-2021-47973 | high | 7.5 | 7.5 | 20d ago | Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can gener… | |||
| CVE-2021-47972 | high | 7.5 | 7.5 | 20d ago | Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can p… | |||
| CVE-2021-47971 | high | 7.5 | 7.5 | 20d ago | My Notes Safe 5.3 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a pa… | |||
| CVE-2021-47970 | high | 7.5 | 7.5 | 20d ago | Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can generate a payload… | |||
| CVE-2021-47969 | high | 7.5 | 7.5 | 20d ago | Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payl… | |||
| CVE-2021-47942 | high | 7.5 | 7.5 | 20d ago | Home Assistant Community Store (HACS) prior to 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfile… | |||
| CVE-2021-47959 | high | 7.5 | 7.5 | 21d ago | WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields… | |||
| CVE-2021-47944 | high | 7.5 | 7.5 | 26d ago | memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character buffers into note fields. Attackers can generate a p… | |||
| CVE-2021-47815 | high | 7.5 | 7.5 | 5mo ago | Nsauditor 3.2.3 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can paste a large buffer of 256 repeated char… | |||
| CVE-2021-26423 | high | 7.5 | 7.5 | 4y ago | RHSA-2021:3148: .NET 5.0 security and bugfix update (Important) | |||
| CVE-2021-1723 | high | 7.5 | 7.5 | 4y ago | RHSA-2021:0095: dotnet3.1 security and bugfix update (Important) | |||
| CVE-2021-22788 | high | 7.5 | 7.5 | 4y ago | A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modic… | |||
| CVE-2021-22787 | high | 7.5 | 7.5 | 4y ago | A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affe… | |||
| CVE-2021-22785 | high | 7.5 | 7.5 | 4y ago | A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server … | |||
| CVE-2021-45450 | high | 7.5 | 7.5 | 5y ago | In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible t… |