CVEs from 2021
Total
4,841
critical
critical 279
high
high 1,005
medium
medium 1,166
low
low 138
% Critical
5.8%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- office 13
- primavera_gateway 10
- weblogic_server 9
- modicon_m340_bmxp342020 8
- log4j 8
- primavera_unifier 8
- retail_service_backbone 7
- communications_unified_inventory_management 7
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-47056 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init ADF_STATUS_PF_RUNNING is (only) used and checked by adf_vf2p… | |||
| CVE-2021-47060 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: KVM: Stop looking for coalesced MMIO zones if the bus is destroyed Abort the walk of coalesced MMIO zones if kvm_io_bus_unregiste… | |||
| CVE-2021-47057 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ss - Fix memory leak of object d when dma_iv fails to map In the case where the dma_iv mapping fails, the return er… | |||
| CVE-2021-47059 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ss - fix result memory leak on error path This patch fixes a memory leak on an error path. | |||
| CVE-2021-47058 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: regmap: set debugfs_name to NULL after it is freed There is a upstream commit cffa4b2122f5("regmap:debugfs: Fix a memory leak whe… | |||
| CVE-2021-47061 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: KVM: Destroy I/O bus devices on unregister failure _after_ sync'ing SRCU If allocating a new instance of an I/O bus fails when un… | |||
| CVE-2021-47062 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Use online_vcpus, not created_vcpus, to iterate over vCPUs Use the kvm_for_each_vcpu() helper to iterate over vCPUs whe… | |||
| CVE-2021-47064 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mt76: fix potential DMA mapping leak With buf uninitialized in mt76_dma_tx_queue_skb_raw, its field skip_unmap could potentially … | |||
| CVE-2021-47063 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm: bridge/panel: Cleanup connector on bridge detach If we don't call drm_connector_cleanup() manually in panel_bridge_detach(),… | |||
| CVE-2021-47093 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel_pmc_core: fix memleak on registration failure In case device registration fails during module initialisation,… | |||
| CVE-2021-47095 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ipmi: ssif: initialize ssif_info->client early During probe ssif_info->client is dereferenced in error path. However, it is set w… | |||
| CVE-2021-47065 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: rtw88: Fix array overrun in rtw_get_tx_power_params() Using a kernel with the Undefined Behaviour Sanity Checker (UBSAN) enabled,… | |||
| CVE-2021-47066 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: async_xor: increase src_offs when dropping destination page Now we support sharing one page if PAGE_SIZE is not equal stripe size… | |||
| CVE-2021-47067 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: soc/tegra: regulators: Fix locking up when voltage-spread is out of range Fix voltage coupler lockup which happens when voltage-s… | |||
| CVE-2021-47068 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/nfc: fix use-after-free llcp_sock_bind/connect Commits 8a4cd82d ("nfc: fix refcount leak in llcp_sock_connect()") and c33b1cc… | |||
| CVE-2021-47070 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix another memory leak in error handling paths Memory allocated by 'vmbus_alloc_ring()' at the beginning of the … | |||
| CVE-2021-47079 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: platform/x86: ideapad-laptop: fix a NULL pointer dereference The third parameter of dytc_cql_command should not be NULL since it … | |||
| CVE-2021-47071 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix a memory leak in error handling paths If 'vmbus_establish_gpadl()' fails, the (recv|send)_gpadl will not be u… | |||
| CVE-2021-47072 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix removed dentries still existing after log is synced When we move one inode from one directory to another and both the … | |||
| CVE-2021-47089 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: kfence: fix memory leak when cat kfence objects Hulk robot reported a kmemleak problem: unreferenced object 0xffff93d1d8cc02… | |||
| CVE-2021-47074 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nvme-loop: fix memory leak in nvme_loop_create_ctrl() When creating loop ctrl in nvme_loop_create_ctrl(), if nvme_init_ctrl() fai… | |||
| CVE-2021-47075 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nvmet: fix memory leak in nvmet_alloc_ctrl() When creating ctrl in nvmet_alloc_ctrl(), if the cntlid_min is larger than cntlid_ma… | |||
| CVE-2021-40211 | unknown | — | — | — | An issue was discovered with ImageMagick 7.1.0-4 via Division by zero in function ReadEnhMetaFile of coders/emf.c. | |||
| CVE-2021-4219 | unknown | — | — | — | A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system. | |||
| CVE-2021-47302 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: igc: Fix use-after-free error during reset Cleans the next descriptor to watch (next_to_watch) when cleaning the TX ring. Failur… | |||
| CVE-2021-46947 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: sfc: adjust efx->xdp_tx_queue_count with the real number of initialized queues efx->xdp_tx_queue_count is initially initialized t… | |||
| CVE-2021-46938 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails When loading a device-mapper table for a request-ba… | |||
| CVE-2021-47038 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid deadlock between hci_dev->lock and socket lock Commit eab2404ba798 ("Bluetooth: Add BT_PHY socket option") added… | |||
| CVE-2021-47370 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure tx skbs always have the MPTCP ext Due to signed/unsigned comparison, the expression: info->size_goal - skb->len >… | |||
| CVE-2021-47563 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ice: avoid bpf_prog refcount underflow Ice driver has the routines for managing XDP resources that are shared between ndo_bpf op … | |||
| CVE-2021-46981 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nbd: Fix NULL pointer in flush_workqueue Open /dev/nbdX first, the config_refs will be 1 and the pointers in nbd_device are still… | |||
| CVE-2021-47481 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Initialize the ODP xarray when creating an ODP MR Normally the zero fill would hide the missing initialization, but an… | |||
| CVE-2021-47531 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix mmap to include VM_IO and VM_DONTDUMP In commit 510410bfc034 ("drm/msm: Implement mmap as GEM object function") we s… | |||
| CVE-2021-47557 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_ets: don't peek at classes beyond 'nbands' when the number of DRR classes decreases, the round-robin active list c… | |||
| CVE-2021-47169 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' In 'rp2_probe', the driver registers 'rp2_uart_interrupt… | |||
| CVE-2021-47175 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/sched: fq_pie: fix OOB access in the traffic path the following script: # tc qdisc add dev eth0 handle 0x1 root fq_pie flo… | |||
| CVE-2021-47023 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix port event handling on init For some reason there might be a crash during ports creation if port even… | |||
| CVE-2021-47246 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix page reclaim for dead peer hairpin When adding a hairpin flow, a firmware-side send queue is created for the peer … | |||
| CVE-2021-47275 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bcache: avoid oversized read request in cache missing code path In the cache missing code path of cached device, if a proper loca… | |||
| CVE-2021-4318 | unknown | — | — | — | Object corruption in Blink in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2021-4317 | unknown | — | — | — | Use after free in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2021-4321 | unknown | — | — | — | Policy bypass in Blink in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2021-3574 | unknown | — | — | — | A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. | |||
| CVE-2021-45944 | unknown | — | — | — | Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp). | |||
| CVE-2021-47621 | unknown | — | — | 2y ago | ClassGraph XML External Entity Reference | |||
| CVE-2021-3754 | unknown | — | — | 2y ago | Keycloak's improper input validation allows using email as username | |||
| CVE-2021-22573 | unknown | — | — | 2y ago | google-oauth-java-client improperly verifies cryptographic signature | |||
| CVE-2021-28656 | unknown | — | — | 2y ago | Apache Zeppelin CSRF vulnerability in the Credentials page | |||
| CVE-2021-29050 | unknown | — | — | 2y ago | Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery in Terms of Use Page | |||
| CVE-2021-29038 | unknown | — | — | 2y ago | Liferay Portal and Liferay DXP Does Not Obfuscate Password Reminder Answers | |||
| CVE-2021-37942 | unknown | — | — | 3y ago | APM Java Agent Local Privilege Escalation issue | |||
| CVE-2021-28655 | unknown | — | — | 3y ago | Apache Zeppelin Improper Input Validation vulnerability | |||
| CVE-2021-31635 | unknown | — | — | 3y ago | jFinal Server-Side Template Injection vulnerability | |||
| CVE-2021-40331 | unknown | — | — | 3y ago | Apache Ranger Hive Plugin missing permissions check | |||
| CVE-2021-28235 | unknown | — | — | 3y ago | Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function. | |||
| CVE-2021-46877 | unknown | — | — | 3y ago | jackson-databind possible Denial of Service if using JDK serialization to serialize JsonNode | |||
| CVE-2021-37305 | unknown | — | — | 3y ago | Insecure Permissions issue in jeecg-boot | |||
| CVE-2021-37304 | unknown | — | — | 3y ago | Insecure Permissions issue in jeecg-boot | |||
| CVE-2021-37306 | unknown | — | — | 3y ago | Insecure Permissions issue in jeecg-boot | |||
| CVE-2021-32828 | unknown | — | — | 3y ago | Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution | |||
| CVE-2021-32824 | unknown | — | — | 3y ago | Apache Dubbo vulnerable to remote code execution via Telnet Handler | |||
| CVE-2021-37533 | unknown | — | — | 4y ago | Apache Commons Net vulnerable to information leakage via malicious server | |||
| CVE-2021-42010 | unknown | — | — | 4y ago | Heron allows CRLF log injection | |||
| CVE-2021-43980 | unknown | — | — | 4y ago | Apache Tomcat Race Condition vulnerability | |||
| CVE-2021-43565 | unknown | — | — | 4y ago | The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server. | |||
| CVE-2021-3644 | unknown | — | — | 4y ago | wildfly-core allows user with access to management interface to access vault expression, retrieve item from vault | |||
| CVE-2021-3856 | unknown | — | — | 4y ago | Keycloak has Files or Directories Accessible to External Parties | |||
| CVE-2021-25642 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Apache Hadoop YARN | |||
| CVE-2021-42521 | unknown | — | — | 4y ago | There is a NULL pointer dereference vulnerability in VTK before 9.2.5, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', … | |||
| CVE-2021-3914 | unknown | — | — | 4y ago | SmallRye Health UI Cross-site Scripting vulnerability | |||
| CVE-2021-4040 | unknown | — | — | 4y ago | org.apache.activemq:artemis-core-client Vulnerable to Out-of-Bounds Write | |||
| CVE-2021-34538 | unknown | — | — | 4y ago | Apache Hive before 3.1.3 `CREATE` and `DROP` function operations do not check for necessary authorization. | |||
| CVE-2021-3859 | unknown | — | — | 4y ago | Undertow vulnerable to Denial of Service (DoS) attacks | |||
| CVE-2021-3690 | unknown | — | — | 4y ago | Undertow vulnerable to memory exhaustion due to buffer leak | |||
| CVE-2021-4178 | unknown | — | — | 4y ago | fabric8 kubernetes-client vulnerable | |||
| CVE-2021-44791 | unknown | — | — | 4y ago | Apache Druid before 0.23.0 vulnerable to reflected XSS via unescaped URL parameters | |||
| CVE-2021-41042 | unknown | — | — | 4y ago | XML External Entity Reference in Eclipse Lyo | |||
| CVE-2021-41411 | unknown | — | — | 4y ago | XML External Entity Reference in drools | |||
| CVE-2021-33036 | unknown | — | — | 4y ago | User account escalation in Apache Hadoop | |||
| CVE-2021-40660 | unknown | — | — | 4y ago | Regular expression denial of service in Delight Nashorn Sandbox | |||
| CVE-2021-37404 | unknown | — | — | 4y ago | Apache Hadoop heap overflow before v2.10.2, v3.2.3, v3.3.2 | |||
| CVE-2021-3717 | unknown | — | — | 4y ago | Wildfly-Core user account mismanagement | |||
| CVE-2021-3629 | unknown | — | — | 4y ago | Undertow Uncontrolled Resource Consumption | |||
| CVE-2021-3597 | unknown | — | — | 4y ago | undertow Race Condition vulnerability | |||
| CVE-2021-33322 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP fails to invalidate password reset tokens after use | |||
| CVE-2021-20328 | unknown | — | — | 4y ago | Improper Certificate Validation in MongoDB | |||
| CVE-2021-33330 | unknown | — | — | 4y ago | Exposure of Resource to Wrong Sphere in Liferay Portal | |||
| CVE-2021-21662 | unknown | — | — | 4y ago | Missing permission check in Jenkins XebiaLabs XL Deploy Plugin allows enumerating credentials IDs | |||
| CVE-2021-29049 | unknown | — | — | 4y ago | Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via the currentURL Parameter | |||
| CVE-2021-43576 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins pom2config Plugin | |||
| CVE-2021-21700 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Scriptler Plugin | |||
| CVE-2021-43578 | unknown | — | — | 4y ago | Agent-to-controller security bypass in Jenkins Squash TM Publisher (Squash4Jenkins) Plugin allows writing arbitrary files | |||
| CVE-2021-21701 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Performance Plugin | |||
| CVE-2021-43577 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins OWASP Dependency-Check Plugin | |||
| CVE-2021-21699 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Active Choices Plugin | |||
| CVE-2021-21698 | unknown | — | — | 4y ago | Path traversal vulnerability in Jenkins Subversion Plugin allows reading arbitrary files | |||
| CVE-2021-22096 | unknown | — | — | 4y ago | Improper Output Neutralization for Logs in Spring Framework | |||
| CVE-2021-22097 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Spring AMQP | |||
| CVE-2021-22047 | unknown | — | — | 4y ago | Exposure of Resource to Wrong Sphere in Spring Data REST | |||
| CVE-2021-22044 | unknown | — | — | 4y ago | Exposure of Resource to Wrong Sphere in Spring Cloud OpenFeign |