CVEs from 2021
Total
5,048
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%
Top products
- office 13
- 365_apps 6
- office_long_term_servicing_channel 6
- library_automation_system 5
- single_connect 4
- http_server 3
- solidfire 2
- student_information_management_system 2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2021-3156 | critical | — | 10.0 | 4y ago | Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation. | |
| CVE-2021-4102 | critical | — | 10.0 | 5y ago | Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multipl… | |
| CVE-2021-44228 | critical | — | 10.0 | 5y ago | Remote code injection in Log4j | |
| CVE-2021-30551 | critical | — | 10.0 | 5y ago | multiple issues in chromium | |
| CVE-2021-21148 | critical | — | 10.0 | 5y ago | multiple issues in chromium | |
| CVE-2021-22205 | critical | — | 10.0 | 5y ago | GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through Exi… | |
| CVE-2021-42013 | critical | — | 10.0 | 5y ago | Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under defa… | |
| CVE-2021-30952 | medium | — | 7.0 | 3mo ago | Moderate: webkit2gtk3 security, bug fix, and enhancement update | |
| CVE-2021-1789 | medium | — | 7.0 | 4y ago | Moderate: GNOME security, bug fix, and enhancement update | |
| CVE-2021-22204 | medium | — | 7.0 | 5y ago | Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image | |
| CVE-2021-30666 | medium | — | 7.0 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |
| CVE-2021-30762 | medium | — | 7.0 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |
| CVE-2021-30858 | medium | — | 7.0 | 5y ago | Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers t… | |
| CVE-2021-1870 | medium | — | 7.0 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |
| CVE-2021-30663 | medium | — | 7.0 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |
| CVE-2021-30761 | medium | — | 7.0 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |
| CVE-2021-1871 | medium | — | 7.0 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |
| CVE-2021-30661 | medium | — | 7.0 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |
| CVE-2021-30665 | medium | — | 7.0 | 5y ago | Moderate: GNOME security, bug fix, and enhancement update | |
| CVE-2021-44026 | unknown | — | 1.5 | 3y ago | Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params. | |
| CVE-2021-3493 | unknown | — | 1.5 | 4y ago | The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combinati… | |
| CVE-2021-1048 | unknown | — | 1.5 | 4y ago | In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges neede… | |
| CVE-2021-22600 | unknown | — | 1.5 | 4y ago | A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past t… | |
| CVE-2021-45046 | unknown | — | 1.5 | 5y ago | Incomplete fix for Apache Log4j vulnerability | |
| CVE-2021-39144 | unknown | — | 1.5 | 5y ago | XStream is vulnerable to a Remote Command Execution attack |