CVEs from 2021
Total
6,232
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
4.4%
% with KEV
3.4%
% with exploit
3.4%
Top products
- office 13
- 365_apps 6
- office_long_term_servicing_channel 6
- library_automation_system 5
- single_connect 4
- http_server 3
- solidfire 2
- student_information_management_system 2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2021-28153 | low | — | 2.5 | 4y ago | Low: mingw-glib2 security and bug fix update | |
| CVE-2021-47076 | low | — | 2.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Return CQE error if invalid lkey was supplied RXE is missing update of WQE status in LOCAL_WRITE failures. This caused… | |
| CVE-2021-3981 | low | — | 2.5 | 4y ago | Low: grub2 security, bug fix, and enhancement update | |
| CVE-2021-3634 | low | — | 2.5 | 4y ago | Low: libssh security, bug fix, and enhancement update | |
| CVE-2021-3802 | low | — | 2.5 | 4y ago | Low: udisks2 security and bug fix update | |
| CVE-2021-41229 | low | — | 2.5 | 4y ago | Low: bluez security update | |
| CVE-2021-23222 | low | — | 2.5 | 4y ago | Low: libpq security update | |
| CVE-2021-43813 | low | — | 2.5 | 4y ago | Low: grafana security, bug fix, and enhancement update | |
| CVE-2021-3461 | low | — | 2.5 | 4y ago | Keycloak insufficient session expiration | |
| CVE-2021-4091 | low | — | 2.5 | 4y ago | Low: 389-ds:1.4 security and bug fix update | |
| CVE-2021-20257 | low | — | 2.5 | 5y ago | Low: virt:rhel and virt-devel:rhel security update | |
| CVE-2021-3930 | low | — | 2.5 | 5y ago | Low: virt:rhel and virt-devel:rhel security update | |
| CVE-2021-43668 | low | — | 2.5 | 5y ago | Denial of Service in Go-Ethereum | |
| CVE-2021-20266 | low | — | 2.5 | 5y ago | Low: rpm security, bug fix, and enhancement update | |
| CVE-2021-3200 | low | — | 2.5 | 5y ago | Low: libsolv security and bug fix update | |
| CVE-2021-3828 | low | — | 2.5 | 5y ago | nltk is vulnerable to Inefficient Regular Expression Complexity | |
| CVE-2021-37860 | low | — | 2.5 | 5y ago | Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server | |
| CVE-2021-25740 | low | — | 2.5 | 5y ago | A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack. | |
| CVE-2021-40839 | low | — | 2.5 | 5y ago | The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory. | |
| CVE-2021-25737 | low | — | 2.5 | 5y ago | A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or … | |
| CVE-2021-23437 | low | — | 2.5 | 5y ago | The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. | |
| CVE-2021-29063 | low | — | 2.5 | 5y ago | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 when the mpmathify function is called. | |
| CVE-2021-32813 | low | — | 2.5 | 5y ago | Header dropping in traefik in github.com/traefik/traefik | |
| CVE-2021-36374 | low | — | 2.5 | 5y ago | Improper Handling of Length Parameter Inconsistency in Apache Ant | |
| CVE-2021-36373 | low | — | 2.5 | 5y ago | Improper Handling of Length Parameter Inconsistency in Apache Ant | |
| CVE-2021-21303 | low | — | 2.5 | 5y ago | Insufficient sanitization of data files in helm.sh/helm/v3 | |
| CVE-2021-31542 | low | — | 2.5 | 5y ago | In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names. | |
| CVE-2021-26813 | low | — | 2.5 | 5y ago | markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or de… | |
| CVE-2021-20201 | low | — | 2.5 | 5y ago | Low: spice security update | |
| CVE-2021-32618 | low | — | 2.5 | 5y ago | The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is an independently maintained version of Flask-Security based on the 3.0.0 version of… | |
| CVE-2021-27919 | low | — | 2.5 | 5y ago | archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any fi… | |
| CVE-2021-28658 | low | — | 2.5 | 5y ago | In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were no… | |
| CVE-2021-3281 | low | — | 2.5 | 5y ago | In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal … | |
| CVE-2021-21330 | low | — | 2.5 | 5y ago | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based… | |
| CVE-2021-21236 | low | — | 2.5 | 6y ago | CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression denial of service (REDoS) vulnerability. When process… | |
| CVE-2021-44026 | unknown | — | 1.5 | 3y ago | Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params. | |
| CVE-2021-20001 | unknown | — | — | — | It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which co… | |
| CVE-2021-33054 | unknown | — | — | — | SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users whe… | |
| CVE-2021-46144 | unknown | — | — | — | Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences. | |
| CVE-2021-44025 | unknown | — | — | — | Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message. | |
| CVE-2021-45928 | unknown | — | — | — | libjxl b02d6b9, as used in libvips 8.11 through 8.11.2 and other products, has an out-of-bounds write in jxl::ModularFrameDecoder::DecodeGroup (called from jxl::FrameDecoder::ProcessACGroup and jxl::… | |
| CVE-2021-28026 | unknown | — | — | — | jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff_order.cc ReadPermutation. When decoding a malicous jxl file using djxl, an attacker can trigger arbitrary code execution or a de… | |
| CVE-2021-36692 | unknown | — | — | — | libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codec_apng.cc jxl::DecodeImageAPNG(). When encoding a malicous APNG file using cjxl, an attacker can trigger a denial of service. | |
| CVE-2021-36691 | unknown | — | — | — | libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(). When encoding a malicous GIF file using cjxl, an attacker can trigger a denial of service. | |
| CVE-2021-27804 | unknown | — | — | — | JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption. | |
| CVE-2021-43116 | unknown | — | — | 4y ago | Use of Hard-coded Credentials in Nacos | |
| CVE-2021-21645 | unknown | — | — | 4y ago | Missing permission checks in Jenkins Config File Provider Plugin allow enumerating configuration file IDs | |
| CVE-2021-41193 | unknown | — | — | 4y ago | Use of Externally-Controlled Format String in wire-avs | |
| CVE-2021-44868 | unknown | — | — | 4y ago | SQL injection in MCMS | |
| CVE-2021-23460 | unknown | — | — | 4y ago | Prototype pollution in min-dash | |
| CVE-2021-46089 | unknown | — | — | 4y ago | SQL Injection in JeecgBoot | |
| CVE-2021-23566 | unknown | — | — | 4y ago | The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated. | |
| CVE-2021-23382 | unknown | — | — | 4y ago | The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused … | |
| CVE-2021-45943 | unknown | — | — | 5y ago | GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment… | |
| CVE-2021-33348 | unknown | — | — | 5y ago | Cross-site scripting in jfinal | |
| CVE-2021-29480 | unknown | — | — | 5y ago | Ratpack's default client side session signing key is highly predictable | |
| CVE-2021-27807 | unknown | — | — | 5y ago | Excessive Iteration Denial of Service in Apache PDFBox | |
| CVE-2021-23368 | unknown | — | — | 5y ago | The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing. | |
| CVE-2021-21341 | unknown | — | — | 5y ago | XStream can cause a Denial of Service. | |
| CVE-2021-21331 | unknown | — | — | 5y ago | Local Information Disclosure Vulnerability | |
| CVE-2021-21479 | unknown | — | — | 5y ago | Remote Code Execution in SCIMono |