CVEs from 2021
Total
6,258
critical
critical 272
high
high 976
medium
medium 1,141
low
low 135
% Critical
4.3%
% with KEV
3.4%
% with exploit
3.4%
Top products
- office 13
- 365_apps 6
- office_long_term_servicing_channel 6
- library_automation_system 5
- single_connect 4
- http_server 3
- solidfire 2
- student_information_management_system 2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2021-28153 | low | — | 2.5 | 4y ago | Low: mingw-glib2 security and bug fix update | |
| CVE-2021-47076 | low | — | 2.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Return CQE error if invalid lkey was supplied RXE is missing update of WQE status in LOCAL_WRITE failures. This caused… | |
| CVE-2021-3981 | low | — | 2.5 | 4y ago | Low: grub2 security, bug fix, and enhancement update | |
| CVE-2021-3634 | low | — | 2.5 | 4y ago | Low: libssh security, bug fix, and enhancement update | |
| CVE-2021-3802 | low | — | 2.5 | 4y ago | Low: udisks2 security and bug fix update | |
| CVE-2021-41229 | low | — | 2.5 | 4y ago | Low: bluez security update | |
| CVE-2021-23222 | low | — | 2.5 | 4y ago | Low: libpq security update | |
| CVE-2021-43813 | low | — | 2.5 | 4y ago | Low: grafana security, bug fix, and enhancement update | |
| CVE-2021-3461 | low | — | 2.5 | 4y ago | Keycloak insufficient session expiration | |
| CVE-2021-4091 | low | — | 2.5 | 4y ago | Low: 389-ds:1.4 security and bug fix update | |
| CVE-2021-20257 | low | — | 2.5 | 5y ago | Low: virt:rhel and virt-devel:rhel security update | |
| CVE-2021-3930 | low | — | 2.5 | 5y ago | Low: virt:rhel and virt-devel:rhel security update | |
| CVE-2021-43668 | low | — | 2.5 | 5y ago | Denial of Service in Go-Ethereum | |
| CVE-2021-20266 | low | — | 2.5 | 5y ago | Low: rpm security, bug fix, and enhancement update | |
| CVE-2021-3200 | low | — | 2.5 | 5y ago | Low: libsolv security and bug fix update | |
| CVE-2021-3828 | low | — | 2.5 | 5y ago | nltk is vulnerable to Inefficient Regular Expression Complexity | |
| CVE-2021-37860 | low | — | 2.5 | 5y ago | Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server | |
| CVE-2021-25740 | low | — | 2.5 | 5y ago | A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack. | |
| CVE-2021-40839 | low | — | 2.5 | 5y ago | The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory. | |
| CVE-2021-25737 | low | — | 2.5 | 5y ago | A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or … | |
| CVE-2021-23437 | low | — | 2.5 | 5y ago | The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. | |
| CVE-2021-29063 | low | — | 2.5 | 5y ago | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 when the mpmathify function is called. | |
| CVE-2021-32813 | low | — | 2.5 | 5y ago | Header dropping in traefik in github.com/traefik/traefik | |
| CVE-2021-36374 | low | — | 2.5 | 5y ago | Improper Handling of Length Parameter Inconsistency in Apache Ant | |
| CVE-2021-36373 | low | — | 2.5 | 5y ago | Improper Handling of Length Parameter Inconsistency in Apache Ant | |
| CVE-2021-21303 | low | — | 2.5 | 5y ago | Insufficient sanitization of data files in helm.sh/helm/v3 | |
| CVE-2021-31542 | low | — | 2.5 | 5y ago | In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names. | |
| CVE-2021-26813 | low | — | 2.5 | 5y ago | markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or de… | |
| CVE-2021-20201 | low | — | 2.5 | 5y ago | Low: spice security update | |
| CVE-2021-32618 | low | — | 2.5 | 5y ago | The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is an independently maintained version of Flask-Security based on the 3.0.0 version of… | |
| CVE-2021-27919 | low | — | 2.5 | 5y ago | archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any fi… | |
| CVE-2021-28658 | low | — | 2.5 | 5y ago | In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were no… | |
| CVE-2021-3281 | low | — | 2.5 | 5y ago | In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal … | |
| CVE-2021-21330 | low | — | 2.5 | 5y ago | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based… | |
| CVE-2021-21236 | low | — | 2.5 | 6y ago | CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression denial of service (REDoS) vulnerability. When process… |