CVEs from 2021
Total
6,087
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
4.5%
% with KEV
3.5%
% with exploit
3.5%
Top products
- office 13
- 365_apps 6
- office_long_term_servicing_channel 6
- library_automation_system 5
- single_connect 4
- http_server 3
- solidfire 2
- student_information_management_system 2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2021-44540 | medium | — | 5.5 | — | A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing. | |
| CVE-2021-39200 | medium | — | 5.5 | — | WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wp_die() can be leaked under… | |
| CVE-2021-32439 | medium | — | 5.5 | — | Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. | |
| CVE-2021-33363 | medium | — | 5.5 | — | Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file. | |
| CVE-2021-32294 | medium | — | 5.5 | — | An issue was discovered in libgig through 20200507. A heap-buffer-overflow exists in the function RIFF::List::GetSubList located in RIFF.cpp. It allows an attacker to cause code Execution. | |
| CVE-2021-43518 | medium | — | 5.5 | — | Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate m_Channels value coming from a map file, leading to a buffer overflow. A malicious server may offe… | |
| CVE-2021-31254 | medium | — | 5.5 | — | Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file, related invalid IV sizes. | |
| CVE-2021-21859 | medium | — | 5.5 | — | An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The stri_box_read function is used when process… | |
| CVE-2021-21861 | medium | — | 5.5 | — | An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the 'hdlr' FOURCC code, a speci… | |
| CVE-2021-21846 | medium | — | 5.5 | — | Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsz”… | |
| CVE-2021-21838 | medium | — | 5.5 | — | Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause… | |
| CVE-2021-33481 | medium | — | 5.5 | — | A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in try_to_divide_boxes() in pgm2asc.c. | |
| CVE-2021-34338 | medium | — | 5.5 | — | multiple issues in ming | |
| CVE-2021-20285 | medium | — | 5.5 | — | A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application crash) or possibly have unspecified other… | |
| CVE-2021-37231 | medium | — | 5.5 | — | A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499f through APar_readX() in src/util.cpp while parsing a crafted mp4 file because of the missing boundary check. | |
| CVE-2021-42377 | medium | — | 5.5 | — | An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& strin… | |
| CVE-2021-42383 | medium | — | 5.5 | — | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function | |
| CVE-2021-42385 | medium | — | 5.5 | — | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function | |
| CVE-2021-30577 | medium | — | 5.5 | — | Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file. | |
| CVE-2021-30587 | medium | — | 5.5 | — | Inappropriate implementation in Compositing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |
| CVE-2021-38115 | medium | — | 5.5 | — | read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. | |
| CVE-2021-22169 | medium | — | 5.5 | — | information disclosure in gitlab | |
| CVE-2021-38291 | medium | — | 5.5 | — | FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c. | |
| CVE-2021-32438 | medium | — | 5.5 | — | The gf_media_export_filters function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |
| CVE-2021-33896 | medium | — | 5.5 | — | Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path separators. | |
| CVE-2021-20274 | medium | — | 5.5 | — | A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves. | |
| CVE-2021-26826 | medium | — | 5.5 | — | A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be loc… | |
| CVE-2021-30004 | medium | — | 5.5 | — | In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. | |
| CVE-2021-28166 | medium | — | 5.5 | — | In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur. | |
| CVE-2021-3195 | medium | — | 5.5 | — | multiple issues in bitcoin-daemon | |
| CVE-2021-31257 | medium | — | 5.5 | — | The HintFile function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. | |
| CVE-2021-31876 | medium | — | 5.5 | — | multiple issues in bitcoin-daemon | |
| CVE-2021-32278 | medium | — | 5.5 | — | An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_prediction located in lt_predict.c. It allows an attacker to cause code Execution. | |
| CVE-2021-44974 | medium | — | 5.5 | — | radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser. | |
| CVE-2021-34340 | medium | — | 5.5 | — | multiple issues in ming | |
| CVE-2021-1093 | medium | — | 5.5 | — | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an… | |
| CVE-2021-22568 | medium | — | 5.5 | — | multiple issues in dart | |
| CVE-2021-4022 | medium | — | 5.5 | — | multiple issues in rizin | |
| CVE-2021-39939 | medium | — | 5.5 | — | multiple issues in gitlab-runner | |
| CVE-2021-43814 | medium | — | 5.5 | — | multiple issues in rizin | |
| CVE-2021-3935 | medium | — | 5.5 | — | When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate ver… | |
| CVE-2021-39947 | medium | — | 5.5 | — | multiple issues in gitlab-runner | |
| CVE-2021-3639 | medium | — | 5.5 | — | Moderate: mod_auth_mellon security update | |
| CVE-2021-39916 | medium | — | 5.5 | — | multiple issues in gitlab | |
| CVE-2021-32055 | medium | — | 5.5 | — | Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set en… | |
| CVE-2021-35057 | medium | — | 5.5 | — | multiple issues in hyperkitty | |
| CVE-2021-42694 | medium | — | 5.5 | — | content spoofing in rust | |
| CVE-2021-41801 | medium | — | 5.5 | — | The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (… | |
| CVE-2021-3496 | medium | — | 5.5 | — | A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file. | |
| CVE-2021-34479 | medium | — | 5.5 | — | multiple issues in code | |
| CVE-2021-22567 | medium | — | 5.5 | — | multiple issues in dart | |
| CVE-2021-40516 | medium | — | 5.5 | — | WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plug… | |
| CVE-2021-34477 | medium | — | 5.5 | — | privilege escalation in code | |
| CVE-2021-34529 | medium | — | 5.5 | — | arbitrary code execution in code | |
| CVE-2021-3584 | medium | — | 5.5 | — | Moderate: Satellite 6.11 Release | |
| CVE-2021-38381 | medium | — | 5.5 | — | multiple issues in live-media | |
| CVE-2021-32270 | medium | — | 5.5 | — | An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function vwid_box_del located in box_code_base.c. It allows an attacker to cause Denial of Service. | |
| CVE-2021-39283 | medium | — | 5.5 | — | multiple issues in live-media | |
| CVE-2021-22257 | medium | — | 5.5 | — | multiple issues in gitlab | |
| CVE-2021-32833 | medium | — | 5.5 | — | arbitrary filesystem access in emby-server | |
| CVE-2021-39282 | medium | — | 5.5 | — | multiple issues in live-media | |
| CVE-2021-22238 | medium | — | 5.5 | — | multiple issues in gitlab | |
| CVE-2021-29993 | medium | — | 5.5 | — | Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs. *This bug only affects Firefox for Android. Other operating systems are u… | |
| CVE-2021-38380 | medium | — | 5.5 | — | multiple issues in live-media | |
| CVE-2021-37594 | medium | — | 5.5 | — | In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_SIZE File Contents Request PDU. | |
| CVE-2021-31211 | medium | — | 5.5 | — | arbitrary code execution in code | |
| CVE-2021-22233 | medium | — | 5.5 | — | information disclosure in gitlab | |
| CVE-2021-31957 | medium | — | 5.5 | — | denial of service in aspnet-runtime | |
| CVE-2021-29968 | medium | — | 5.5 | — | When drawing text onto a canvas with WebRender disabled, an out of bounds read could occur. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability aff… | |
| CVE-2021-26259 | medium | — | 5.5 | — | A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service. | |
| CVE-2021-20268 | medium | — | 5.5 | — | An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls dev_map_init_map or sock_map_alloc. This flaw all… | |
| CVE-2021-20276 | medium | — | 5.5 | — | A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service. | |
| CVE-2021-21848 | medium | — | 5.5 | — | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The library will actually reuse the parser for at… | |
| CVE-2021-29653 | medium | — | 5.5 | — | certificate verification bypass in vault | |
| CVE-2021-21849 | medium | — | 5.5 | — | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an int… | |
| CVE-2021-31204 | medium | — | 5.5 | — | privilege escalation in dotnet-runtime, dotnet-sdk | |
| CVE-2021-30154 | medium | — | 5.5 | — | An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XS… | |
| CVE-2021-30153 | medium | — | 5.5 | — | An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an exi… | |
| CVE-2021-30145 | medium | — | 5.5 | — | A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file. | |
| CVE-2021-29944 | medium | — | 5.5 | — | Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. *Note: This issue o… | |
| CVE-2021-28421 | medium | — | 5.5 | — | arbitrary code execution in fluidsynth | |
| CVE-2021-30156 | medium | — | 5.5 | — | An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a "hidden" user exists. | |
| CVE-2021-34339 | medium | — | 5.5 | — | multiple issues in ming | |
| CVE-2021-22185 | medium | — | 5.5 | — | multiple issues in gitlab | |
| CVE-2021-22172 | medium | — | 5.5 | — | information disclosure in gitlab | |
| CVE-2021-20308 | medium | — | 5.5 | — | Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181. | |
| CVE-2021-23206 | medium | — | 5.5 | — | A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in parse_table() in ps-pdf.cxx may lead to execute arbitrary code and denial of service. | |
| CVE-2021-29923 | medium | — | 5.5 | — | Moderate: go-toolset:rhel8 security update | |
| CVE-2021-37969 | medium | — | 5.5 | — | Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file. | |
| CVE-2021-25218 | medium | — | 5.5 | — | In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition When a vulnerable version of named receives a query under the circumstances described above, the named process wil… | |
| CVE-2021-41990 | medium | — | 5.5 | — | The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certi… | |
| CVE-2021-21706 | medium | — | 5.5 | — | In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when… | |
| CVE-2021-4142 | medium | — | 5.5 | — | Moderate: Satellite 6.11 Release | |
| CVE-2021-29949 | medium | — | 5.5 | — | When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has … | |
| CVE-2021-32490 | medium | — | 5.5 | — | A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences. | |
| CVE-2021-3506 | medium | — | 5.5 | — | An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain acce… | |
| CVE-2021-3429 | medium | — | 5.5 | — | Moderate: cloud-init security update | |
| CVE-2021-36980 | medium | — | 5.5 | — | Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action. | |
| CVE-2021-28210 | medium | — | 5.5 | — | An unlimited recursion in DxeCore in EDK II. | |
| CVE-2021-3119 | medium | — | 5.5 | — | Zetetic SQLCipher 4.x before 4.4.3 has a NULL pointer dereferencing issue related to sqlcipher_export in crypto.c and sqlite3StrICmp in sqlite3.c. This may allow an attacker to perform a remote denia… |