CVEs from 2021
Total
6,258
critical
critical 272
high
high 976
medium
medium 1,141
low
low 135
% Critical
4.3%
% with KEV
3.4%
% with exploit
3.4%
Top products
- office 13
- 365_apps 6
- office_long_term_servicing_channel 6
- library_automation_system 5
- single_connect 4
- http_server 3
- solidfire 2
- student_information_management_system 2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2021-21685 | critical | — | 9.5 | 4y ago | Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins | |
| CVE-2021-21689 | critical | — | 9.5 | 4y ago | Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins | |
| CVE-2021-21687 | critical | — | 9.5 | 4y ago | Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins | |
| CVE-2021-21696 | critical | — | 9.5 | 4y ago | Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin | |
| CVE-2021-21697 | critical | — | 9.5 | 4y ago | Agent-to-controller access control allows reading/writing most content of build directories in Jenkins | |
| CVE-2021-21695 | critical | — | 9.5 | 4y ago | Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins | |
| CVE-2021-0920 | high | — | 9.5 | 4y ago | Important: kernel security, bug fix, and enhancement update | |
| CVE-2021-41945 | critical | — | 9.5 | 4y ago | Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`. | |
| CVE-2021-29607 | critical | — | 9.5 | 4y ago | TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseAdd` results in allowing attackers to exploit undefined behavior (dereferencing null pointers) a… | |
| CVE-2021-44142 | critical | — | 9.5 | 4y ago | Critical: samba security and bug fix update | |
| CVE-2021-43527 | critical | — | 9.5 | 5y ago | Critical: nss security update | |
| CVE-2021-40438 | high | — | 9.5 | 5y ago | Important: httpd:2.4 security update | |
| CVE-2021-41773 | high | — | 9.5 | 5y ago | Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under defa… | |
| CVE-2021-21206 | high | — | 9.5 | 5y ago | Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple we… | |
| CVE-2021-38003 | high | — | 9.5 | 5y ago | Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that … | |
| CVE-2021-30563 | high | — | 9.5 | 5y ago | Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multipl… | |
| CVE-2021-30554 | high | — | 9.5 | 5y ago | Google Chromium WebGL contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple we… | |
| CVE-2021-21224 | high | — | 9.5 | 5y ago | Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web … | |
| CVE-2021-30632 | high | — | 9.5 | 5y ago | Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect m… | |
| CVE-2021-37975 | high | — | 9.5 | 5y ago | Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multipl… | |
| CVE-2021-21220 | high | — | 9.5 | 5y ago | Google Chromium V8 Engine contains an improper input validation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could af… | |
| CVE-2021-37973 | high | — | 9.5 | 5y ago | Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML pag… | |
| CVE-2021-38000 | high | — | 9.5 | 5y ago | Google Chromium Intents contains an improper input validation vulnerability that allows a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. This vulnerability could a… | |
| CVE-2021-21166 | high | — | 9.5 | 5y ago | Google Chromium contains a race condition vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web brow… | |
| CVE-2021-30633 | high | — | 9.5 | 5y ago | Google Chromium Indexed DB API contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted H… | |
| CVE-2021-21193 | high | — | 9.5 | 5y ago | Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple we… | |
| CVE-2021-37976 | high | — | 9.5 | 5y ago | Google Chromium contains an information disclosure vulnerability within the core memory component that allows a remote attacker to obtain potentially sensitive information from process memory via a c… | |
| CVE-2021-39226 | high | — | 9.5 | 5y ago | Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and delete all snapshot data, potentially resulting in complete snapshot data loss. | |
| CVE-2021-32619 | critical | — | 9.5 | 5y ago | Deno's static imports inside dynamically imported modules do not adhere to permission checks | |
| CVE-2021-37635 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of h… | |
| CVE-2021-37636 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseDenseCwiseDiv` is vulnerable to a division by 0 error. The [impleme… | |
| CVE-2021-37637 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to `tf.raw_ops.CompressElement`. … | |
| CVE-2021-37638 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for `row_partition_types` of `tf.raw_ops.RaggedTensorToTensor` API results in a null pointer dereferenc… | |
| CVE-2021-37639 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null poi… | |
| CVE-2021-37640 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseReshape` can be made to trigger an integral division by 0 exception… | |
| CVE-2021-37641 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to `tf.raw_ops.RaggedGather` don't determine a valid ragged tensor code can trigger a read… | |
| CVE-2021-37642 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.ResourceScatterDiv` is vulnerable to a division by 0 error. The [implemen… | |
| CVE-2021-37643 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to `tf.raw_ops.MatrixDiagPartOp`, then the code triggers a null pointer derefer… | |
| CVE-2021-37644 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to `num_elements` list argument of `tf.raw_ops.TensorListReserve` causes the r… | |
| CVE-2021-37645 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` is vulnerable to an integer overflow issue c… | |
| CVE-2021-37646 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.StringNGrams` is vulnerable to an integer overflow issue caused by conver… | |
| CVE-2021-37647 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse tensor, `tf.raw_ops.SparseTensorSliceDataset` implementation… | |
| CVE-2021-37648 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for `tf.raw_ops.SaveV2` does not properly validate the inputs and an attacker can trigger a null p… | |
| CVE-2021-37649 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. The code for `tf.raw_ops.UncompressElement` can be made to trigger a null pointer dereference. The [implementation](https://gith… | |
| CVE-2021-37650 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.ExperimentalDatasetToTFRecord` and `tf.raw_ops.DatasetToTFRecord` can tr… | |
| CVE-2021-37651 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.FractionalAvgPoolGrad` can be tricked into accessing data outside of bou… | |
| CVE-2021-37652 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can result in a use after free error if an a… | |
| CVE-2021-37653 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in `tf.raw_ops.ResourceGather`. The [impleme… | |
| CVE-2021-37654 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a `CHECK`-fail in debug builds of TensorFlow using `tf.raw_ops.Resource… | |
| CVE-2021-37655 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments t… | |
| CVE-2021-37656 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTenso… | |
| CVE-2021-37657 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type … | |
| CVE-2021-37658 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type … | |
| CVE-2021-37659 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operat… | |
| CVE-2021-37660 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that … | |
| CVE-2021-37661 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in `boosted_trees_create_quantile_stream_resource` by using negat… | |
| CVE-2021-37662 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in `BoostedTreesCalculateBes… | |
| CVE-2021-37663 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker can trigger undefined behavior via bin… | |
| CVE-2021-37664 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arg… | |
| CVE-2021-37665 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined beh… | |
| CVE-2021-37666 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTenso… | |
| CVE-2021-37667 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.UnicodeEnco… | |
| CVE-2021-37668 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.UnravelIndex` by t… | |
| CVE-2021-37669 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.NonMaxSuppressionV… | |
| CVE-2021-37670 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arg… | |
| CVE-2021-37671 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.Map*` and `… | |
| CVE-2021-37672 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arg… | |
| CVE-2021-37673 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.MapStage`. The [implementatio… | |
| CVE-2021-37674 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in `tf.raw_ops.MaxPoolGrad` caused by … | |
| CVE-2021-37675 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability w… | |
| CVE-2021-37676 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.SparseFillE… | |
| CVE-2021-37677 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for `tf.raw_ops.Dequantize` has a vulnerability that could trigger a denial of ser… | |
| CVE-2021-37678 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model fr… | |
| CVE-2021-37679 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a `tf.map_fn` within another `tf.map_fn` call. However, if the input tensor is a `Ra… | |
| CVE-2021-37680 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of fully connected layers in TFLite is [vulnerable to a division by zero error](https://… | |
| CVE-2021-37681 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF in TFLite is [vulnerable to a null pointer error](https://github.com/tensorflow/… | |
| CVE-2021-37682 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. [For example](https://gi… | |
| CVE-2021-37683 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is [vulnerable to a division by 0 error](https://github.com/tensor… | |
| CVE-2021-37684 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for … | |
| CVE-2021-37685 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's [`expand_dims.cc`](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005… | |
| CVE-2021-37687 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's [`GatherNd` implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d9… | |
| CVE-2021-37686 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infini… | |
| CVE-2021-37688 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a… | |
| CVE-2021-37689 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a… | |
| CVE-2021-37690 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions (such as `MutableHashTableShape`) produce extra output informa… | |
| CVE-2021-37691 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH [implementation](ht… | |
| CVE-2021-37692 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, `C.TF_… | |
| CVE-2021-29619 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. Passing invalid arguments (e.g., discovered via fuzzing) to `tf.raw_ops.SparseCountSparseOutput` results in segfault. The fix wi… | |
| CVE-2021-29618 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. Passing a complex argument to `tf.transpose` at the same time as passing `conjugate=True` argument results in a crash. The fix w… | |
| CVE-2021-29617 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via `CHECK`-fail in `tf.strings.substr` with invalid arguments. The fix will be includ… | |
| CVE-2021-29616 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. The implementation of TrySimplify(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorf… | |
| CVE-2021-29615 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. The implementation of `ParseAttrValue`(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/te… | |
| CVE-2021-29614 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.io.decode_raw` produces incorrect results and crashes the Python interpreter when combining `fixed_len… | |
| CVE-2021-29613 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `tf.raw_ops.CTCLoss` allows an attacker to trigger an OOB read from heap. The fix will be included in T… | |
| CVE-2021-29612 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in Eigen implementation of `tf.raw_ops.BandedTriangularSolve`. The implementation… | |
| CVE-2021-29611 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseReshape` results in a denial of service based on a `CHECK`-failure. The implementation(https://g… | |
| CVE-2021-29610 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. The validation in `tf.raw_ops.QuantizeAndDequantizeV2` allows invalid values for `axis` argument:. The validation(https://github… | |
| CVE-2021-29609 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseAdd` results in allowing attackers to exploit undefined behavior (dereferencing null pointers) a… | |
| CVE-2021-29608 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in `tf.raw_ops.RaggedTensorToTensor`, an attacker can exploit an undefined behavior if input arguments… | |
| CVE-2021-29606 | critical | — | 9.5 | 5y ago | TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB read on heap in the TFLite implementation of `Split_V`(https://github.com/… |