CVEs from 2021
Total
4,866
critical
critical 279
high
high 1,005
medium
medium 1,166
low
low 138
% Critical
5.7%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- office 13
- primavera_gateway 10
- weblogic_server 9
- modicon_m340_bmxp342020 8
- log4j 8
- primavera_unifier 8
- retail_service_backbone 7
- communications_unified_inventory_management 7
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-2028 | medium | — | 5.5 | 5y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2024 | medium | — | 5.5 | 5y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2022 | medium | — | 5.5 | 5y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2021 | medium | — | 5.5 | 5y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2011 | medium | — | 5.5 | 5y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2372 | medium | — | 5.5 | 5y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2389 | medium | — | 5.5 | 5y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2166 | medium | — | 5.5 | 5y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2010 | medium | — | 5.5 | 5y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2001 | medium | — | 5.5 | 5y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2002 | medium | — | 5.5 | 5y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2122 | medium | — | 5.5 | 5y ago | RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-22923 | medium | — | 5.5 | 5y ago | RHSA-2021:3582: curl security update (Moderate) | |||
| CVE-2021-29923 | medium | — | 5.5 | 5y ago | RHSA-2021:3585: go-toolset:rhel8 security update (Moderate) | |||
| CVE-2021-22924 | medium | — | 5.5 | 5y ago | RHSA-2021:3582: curl security update (Moderate) | |||
| CVE-2021-36222 | medium | — | 5.5 | 5y ago | RHSA-2021:3576: krb5 security update (Moderate) | |||
| CVE-2021-37750 | medium | — | 5.5 | 5y ago | RHSA-2021:3576: krb5 security update (Moderate) | |||
| CVE-2021-22922 | medium | — | 5.5 | 5y ago | RHSA-2021:3582: curl security update (Moderate) | |||
| CVE-2021-39214 | medium | — | 5.5 | 5y ago | mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This m… | |||
| CVE-2021-3653 | medium | — | 5.5 | 5y ago | RHSA-2021:3548: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-32839 | medium | — | 5.5 | 5y ago | sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may c… | |||
| CVE-2021-36156 | medium | — | 5.5 | 5y ago | Path traversal in Grafana Loki | |||
| CVE-2021-39163 | medium | — | 5.5 | 5y ago | Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the name, avatar, topic and number of members of a room if t… | |||
| CVE-2021-39164 | medium | — | 5.5 | 5y ago | Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership (list of members, with their display names) o… | |||
| CVE-2021-37701 | medium | — | 5.5 | 5y ago | RHSA-2022:0350: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-37712 | medium | — | 5.5 | 5y ago | RHSA-2022:0350: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-38553 | medium | — | 5.5 | 5y ago | HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0 in github.com/hashicorp/vault | |||
| CVE-2021-38554 | medium | — | 5.5 | 5y ago | Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault | |||
| CVE-2021-3712 | medium | — | 5.5 | 5y ago | RHSA-2021:5226: openssl security update (Moderate) | |||
| CVE-2021-22942 | medium | — | 5.5 | 5y ago | A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website. | |||
| CVE-2021-3504 | medium | — | 5.5 | 5y ago | RHSA-2021:3061: virt:rhel and virt-devel:rhel security and bug fix update (Moderate) | |||
| CVE-2021-3416 | medium | — | 5.5 | 5y ago | RHSA-2021:3061: virt:rhel and virt-devel:rhel security and bug fix update (Moderate) | |||
| CVE-2021-20221 | medium | — | 5.5 | 5y ago | RHSA-2021:3061: virt:rhel and virt-devel:rhel security and bug fix update (Moderate) | |||
| CVE-2021-28877 | medium | — | 5.5 | 5y ago | RHSA-2021:3063: rust-toolset:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-28879 | medium | — | 5.5 | 5y ago | RHSA-2021:3063: rust-toolset:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-28878 | medium | — | 5.5 | 5y ago | RHSA-2021:3063: rust-toolset:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-28876 | medium | — | 5.5 | 5y ago | RHSA-2021:3063: rust-toolset:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-28875 | medium | — | 5.5 | 5y ago | RHSA-2021:3063: rust-toolset:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-31162 | medium | — | 5.5 | 5y ago | RHSA-2021:3063: rust-toolset:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-3798 | medium | — | 5.5 | 5y ago | RHBA-2021:3054: opencryptoki bug fix and enhancement update (Moderate) | |||
| CVE-2021-3429 | medium | — | 5.5 | 5y ago | RHSA-2021:3081: cloud-init security update (Moderate) | |||
| CVE-2021-23418 | medium | — | 5.5 | 5y ago | The package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks. | |||
| CVE-2021-32760 | medium | — | 5.5 | 5y ago | Archive package allows chmod of file outside of unpack target directory in github.com/containerd/containerd | |||
| CVE-2021-31292 | medium | — | 5.5 | 5y ago | RHSA-2021:4319: compat-exiv2-026 security update (Moderate) | |||
| CVE-2021-32610 | medium | — | 5.5 | 5y ago | RHSA-2022:7628: php:7.4 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-2369 | medium | — | 5.5 | 5y ago | RHSA-2021:4089: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2021-2341 | medium | — | 5.5 | 5y ago | RHSA-2021:4089: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2021-36213 | medium | — | 5.5 | 5y ago | HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul | |||
| CVE-2021-32574 | medium | — | 5.5 | 5y ago | Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul | |||
| CVE-2021-3602 | medium | — | 5.5 | 5y ago | RHSA-2021:4222: container-tools:3.0 security and bug fix update (Moderate) | |||
| CVE-2021-36753 | medium | — | 5.5 | 5y ago | Uncontrolled Search Path Element in sharkdp/bat | |||
| CVE-2021-32740 | medium | — | 5.5 | 5y ago | Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through v… | |||
| CVE-2021-3520 | medium | — | 5.5 | 5y ago | RHSA-2021:2575: lz4 security update (Moderate) | |||
| CVE-2021-3541 | medium | — | 5.5 | 5y ago | RHSA-2021:2569: libxml2 security update (Moderate) | |||
| CVE-2021-3516 | medium | — | 5.5 | 5y ago | RHSA-2021:2569: libxml2 security update (Moderate) | |||
| CVE-2021-3421 | medium | — | 5.5 | 5y ago | RHSA-2021:2574: rpm security update (Moderate) | |||
| CVE-2021-28211 | medium | — | 5.5 | 5y ago | RHSA-2021:2591: edk2 security update (Moderate) | |||
| CVE-2021-20271 | medium | — | 5.5 | 5y ago | RHSA-2021:2574: rpm security update (Moderate) | |||
| CVE-2021-3514 | medium | — | 5.5 | 5y ago | RHSA-2021:2595: 389-ds:1.4 security and bug fix update (Moderate) | |||
| CVE-2021-32690 | medium | — | 5.5 | 5y ago | information disclosure in helm | |||
| CVE-2021-32659 | medium | — | 5.5 | 5y ago | Automatic room upgrade handling can be used maliciously to bridge a room non-consentually | |||
| CVE-2021-31800 | medium | — | 5.5 | 5y ago | Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ direc… | |||
| CVE-2021-33026 | medium | — | 5.5 | 5y ago | The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache st… | |||
| CVE-2021-26291 | medium | — | 5.5 | 5y ago | Origin Validation Error in Apache Maven | |||
| CVE-2021-34363 | medium | — | 5.5 | 5y ago | The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature. | |||
| CVE-2021-3013 | medium | — | 5.5 | 5y ago | ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag. | |||
| CVE-2021-33880 | medium | — | 5.5 | 5y ago | The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An … | |||
| CVE-2021-33571 | medium | — | 5.5 | 5y ago | In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This m… | |||
| CVE-2021-33203 | medium | — | 5.5 | 5y ago | Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the exis… | |||
| CVE-2021-32677 | medium | — | 5.5 | 5y ago | FastAPI is a web framework for building APIs with Python 3.6+ based on standard Python type hints. FastAPI versions lower than 0.65.2 that used cookies for authentication in path operations that rece… | |||
| CVE-2021-32052 | medium | — | 5.5 | 5y ago | In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application… | |||
| CVE-2021-3533 | medium | — | 5.5 | 5y ago | A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious,… | |||
| CVE-2021-32923 | medium | — | 5.5 | 5y ago | Invalid session token expiration in github.com/hashicorp/vault | |||
| CVE-2021-28677 | medium | — | 5.5 | 5y ago | RHSA-2021:4149: python-pillow security update (Moderate) | |||
| CVE-2021-25288 | medium | — | 5.5 | 5y ago | RHSA-2021:4149: python-pillow security update (Moderate) | |||
| CVE-2021-28678 | medium | — | 5.5 | 5y ago | RHSA-2021:4149: python-pillow security update (Moderate) | |||
| CVE-2021-28675 | medium | — | 5.5 | 5y ago | RHSA-2021:4149: python-pillow security update (Moderate) | |||
| CVE-2021-25287 | medium | — | 5.5 | 5y ago | RHSA-2021:4149: python-pillow security update (Moderate) | |||
| CVE-2021-28676 | medium | — | 5.5 | 5y ago | RHSA-2021:4149: python-pillow security update (Moderate) | |||
| CVE-2021-3522 | medium | 5.5 | 5.5 | 5y ago | GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags. | |||
| CVE-2021-33038 | medium | — | 5.5 | 5y ago | An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty through 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the duration… | |||
| CVE-2021-20178 | medium | — | 5.5 | 5y ago | A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw… | |||
| CVE-2021-20191 | medium | — | 5.5 | 5y ago | A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage o… | |||
| CVE-2021-33503 | medium | — | 5.5 | 5y ago | RHSA-2021:4162: python38:3.8 and python38-devel:3.8 security update (Moderate) | |||
| CVE-2021-25735 | medium | — | 5.5 | 5y ago | A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Adm… | |||
| CVE-2021-21404 | medium | — | 5.5 | 5y ago | Syncthing is a continuous file synchronization program. In Syncthing before version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit by sending a relay message with a negative le… | |||
| CVE-2021-3177 | medium | — | 5.5 | 5y ago | RHSA-2021:1879: python38:3.8 security update (Moderate) | |||
| CVE-2021-20225 | medium | — | 5.5 | 5y ago | RHSA-2021:2566: fwupd security update (Moderate) | |||
| CVE-2021-20233 | medium | — | 5.5 | 5y ago | RHSA-2021:2566: fwupd security update (Moderate) | |||
| CVE-2021-1817 | medium | — | 5.5 | 5y ago | RHSA-2021:1586: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-1826 | medium | — | 5.5 | 5y ago | RHSA-2021:1586: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-1825 | medium | — | 5.5 | 5y ago | RHSA-2021:1586: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-1820 | medium | — | 5.5 | 5y ago | RHSA-2021:1586: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-3326 | medium | — | 5.5 | 5y ago | RHSA-2021:1585: glibc security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-20297 | medium | — | 5.5 | 5y ago | RHSA-2021:1574: NetworkManager and libnma security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-0326 | medium | — | 5.5 | 5y ago | RHSA-2021:1686: wpa_supplicant security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-29510 | medium | — | 5.5 | 5y ago | Pydantic is a data validation and settings management using Python type hinting. In affected versions passing either `'infinity'`, `'inf'` or `float('inf')` (or their negatives) to `datetime` or `dat… | |||
| CVE-2021-29471 | medium | — | 5.5 | 5y ago | Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push … | |||
| CVE-2021-21430 | medium | — | 5.5 | 5y ago | Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code | |||
| CVE-2021-29262 | medium | — | 5.5 | 5y ago | Improper permission handling in Apache Solr |