CVEs from 2021
Total
5,048
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%
Top products
- office 13
- 365_apps 6
- office_long_term_servicing_channel 6
- library_automation_system 5
- single_connect 4
- http_server 3
- solidfire 2
- student_information_management_system 2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2021-47013 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send In emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..). If… | |
| CVE-2021-46934 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: i2c: validate user data in compat ioctl Wrong user data may cause warning in i2c_transfer(), ex: zero msgs. Userspace should not … | |
| CVE-2021-47118 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: pid: take a reference when initializing `cad_pid` During boot, kernel_init_freeable() initializes `cad_pid` to the init task's st… | |
| CVE-2021-47171 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: usb: fix memory leak in smsc75xx_bind Syzbot reported memory leak in smsc75xx_bind(). The problem was is non-freed memory in… | |
| CVE-2021-47153 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Don't generate an interrupt on bus reset Now that the i2c-i801 driver supports interrupts, setting the KILL bit in a a… | |
| CVE-2021-47055 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mtd: require write permissions for locking and badblock ioctls MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus requir… | |
| CVE-2021-4204 | medium | — | 5.5 | 2y ago | An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or l… | |
| CVE-2021-3753 | medium | — | 5.5 | 2y ago | A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_i… | |
| CVE-2021-47316 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: nfsd: fix NULL dereference in nfs3svc_encode_getaclres In error cases the dentry may be NULL. Before 20798dfe249a, the encoder a… | |
| CVE-2021-41244 | medium | — | 5.5 | 2y ago | Grafana Fine-grained access control vulnerability | |
| CVE-2021-41072 | medium | — | 5.5 | 2y ago | Moderate: squashfs-tools security update | |
| CVE-2021-41043 | medium | — | 5.5 | 2y ago | Moderate: tcpdump security update | |
| CVE-2021-40153 | medium | — | 5.5 | 2y ago | Moderate: squashfs-tools security update | |
| CVE-2021-29390 | medium | — | 5.5 | 2y ago | Moderate: libjpeg-turbo security update | |
| CVE-2021-3382 | medium | — | 5.5 | 2y ago | Buffer Overflow in gitea in code.gitea.io/gitea | |
| CVE-2021-47002 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix null pointer dereference in svc_rqst_free() When alloc_pages_node() returns null in svc_rqst_alloc(), the null rq_scr… | |
| CVE-2021-41091 | medium | — | 5.5 | 2y ago | Moby (Docker Engine) Insufficiently restricted permissions on data directory in github.com/docker/docker | |
| CVE-2021-21334 | medium | — | 5.5 | 2y ago | containerd environment variable leak | |
| CVE-2021-3282 | medium | — | 5.5 | 2y ago | Improper Authentication in HashiCorp Vault in github.com/hashicorp/vault | |
| CVE-2021-21285 | medium | — | 5.5 | 2y ago | moby docker daemon crash during image pull of malicious image | |
| CVE-2021-21284 | medium | — | 5.5 | 2y ago | moby Access to remapped root allows privilege escalation to real root | |
| CVE-2021-35939 | medium | — | 5.5 | 2y ago | Moderate: rpm security update | |
| CVE-2021-35938 | medium | — | 5.5 | 2y ago | Moderate: rpm security update | |
| CVE-2021-35937 | medium | — | 5.5 | 2y ago | Moderate: rpm security update | |
| CVE-2021-32142 | medium | — | 5.5 | 3y ago | Moderate: LibRaw security update | |
| CVE-2021-3502 | medium | — | 5.5 | 3y ago | Moderate: avahi security update | |
| CVE-2021-3468 | medium | — | 5.5 | 3y ago | Moderate: avahi security update | |
| CVE-2021-43784 | medium | — | 5.5 | 3y ago | Moderate: runc security update | |
| CVE-2021-33646 | medium | — | 5.5 | 3y ago | Moderate: libtar security update | |
| CVE-2021-3782 | medium | — | 5.5 | 3y ago | Moderate: wayland security, bug fix, and enhancement update | |
| CVE-2021-33643 | medium | — | 5.5 | 3y ago | Moderate: libtar security update | |
| CVE-2021-33645 | medium | — | 5.5 | 3y ago | Moderate: libtar security update | |
| CVE-2021-33644 | medium | — | 5.5 | 3y ago | Moderate: libtar security update | |
| CVE-2021-44648 | medium | — | 5.5 | 3y ago | Moderate: gdk-pixbuf2 security update | |
| CVE-2021-46829 | medium | — | 5.5 | 3y ago | Moderate: gdk-pixbuf2 security update | |
| CVE-2021-35065 | medium | — | 5.5 | 3y ago | Moderate: nodejs:18 security, bug fix, and enhancement update | |
| CVE-2021-46790 | medium | — | 5.5 | 3y ago | Moderate: libguestfs-winsupport security update | |
| CVE-2021-46822 | medium | — | 5.5 | 3y ago | Moderate: libjpeg-turbo security update | |
| CVE-2021-43519 | medium | — | 5.5 | 3y ago | Moderate: lua security update | |
| CVE-2021-44964 | medium | — | 5.5 | 3y ago | Moderate: lua security update | |
| CVE-2021-44906 | medium | — | 5.5 | 3y ago | Moderate: nodejs:16 security, bug fix, and enhancement update | |
| CVE-2021-46848 | medium | — | 5.5 | 3y ago | Moderate: libtasn1 security update | |
| CVE-2021-33621 | medium | — | 5.5 | 4y ago | Moderate: ruby security update | |
| CVE-2021-4158 | medium | — | 5.5 | 4y ago | Moderate: qemu-kvm security, bug fix, and enhancement update | |
| CVE-2021-20199 | medium | — | 5.5 | 4y ago | Moderate: podman security and bug fix update | |
| CVE-2021-4024 | medium | — | 5.5 | 4y ago | Moderate: podman security and bug fix update | |
| CVE-2021-47572 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled (!… | |
| CVE-2021-33195 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |
| CVE-2021-25220 | medium | — | 5.5 | 4y ago | Moderate: dhcp security and enhancement update | |
| CVE-2021-33198 | medium | — | 5.5 | 4y ago | Moderate: buildah security and bug fix update | |
| CVE-2021-0561 | medium | — | 5.5 | 4y ago | Moderate: flac security update | |
| CVE-2021-3640 | medium | — | 5.5 | 4y ago | A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_d… | |
| CVE-2021-3611 | medium | — | 5.5 | 4y ago | Moderate: qemu-kvm security, bug fix, and enhancement update | |
| CVE-2021-47103 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: inet: fully convert sk->sk_rx_dst to RCU rules syzbot reported various issues around early demux, one being included in this chan… | |
| CVE-2021-34558 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |
| CVE-2021-21708 | medium | — | 5.5 | 4y ago | Moderate: php:7.4 security, bug fix, and enhancement update | |
| CVE-2021-47657 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free() If virtio_gpu_object_shmem_init() fails (e.g. due to faul… | |
| CVE-2021-47649 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: udmabuf: validate ubuf->pagecount Syzbot has reported GPF in sg_alloc_append_table_from_pages(). The problem was in ubuf->pages =… | |
| CVE-2021-47646 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: Revert "Revert "block, bfq: honor already-setup queue merges"" A crash [1] happened to be triggered in conjunction with commit 2d… | |
| CVE-2021-47639 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU Zap both valid and invalid roots when zapping/unmapping a gfn r… | |
| CVE-2021-3750 | medium | — | 5.5 | 4y ago | Moderate: qemu-kvm security, bug fix, and enhancement update | |
| CVE-2021-47580 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix type in min_t to avoid stack OOB Change min_t() to use type "u32" instead of type "int" to avoid stack out … | |
| CVE-2021-47556 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce() ethtool_set_coalesce() now uses both the .get_coalesce() and .… | |
| CVE-2021-33197 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |
| CVE-2021-3507 | medium | — | 5.5 | 4y ago | Moderate: qemu-kvm security, bug fix, and enhancement update | |
| CVE-2021-47099 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: veth: ensure skb entering GRO are not cloned. After commit d3256efd8e8b ("veth: allow enabling NAPI even without XDP"), if GRO is… | |
| CVE-2021-28861 | medium | — | 5.5 | 4y ago | Moderate: python3.9 security, bug fix, and enhancement update | |
| CVE-2021-47378 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: destroy cm id before destroy qp to avoid use after free We should always destroy cm_id before destroy qp to avoid to g… | |
| CVE-2021-20291 | medium | — | 5.5 | 4y ago | Moderate: podman security and bug fix update | |
| CVE-2021-46828 | medium | — | 5.5 | 4y ago | Moderate: libtirpc security update | |
| CVE-2021-21707 | medium | — | 5.5 | 4y ago | Moderate: php:7.4 security, bug fix, and enhancement update | |
| CVE-2021-44531 | medium | — | 5.5 | 4y ago | Moderate: nodejs:16 security, bug fix, and enhancement update | |
| CVE-2021-25636 | medium | — | 5.5 | 4y ago | Moderate: libreoffice security update | |
| CVE-2021-4048 | medium | — | 5.5 | 4y ago | Moderate: openblas security update | |
| CVE-2021-30002 | medium | — | 5.5 | 4y ago | An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a33… | |
| CVE-2021-44533 | medium | — | 5.5 | 4y ago | Moderate: nodejs:16 security, bug fix, and enhancement update | |
| CVE-2021-3497 | medium | — | 5.5 | 4y ago | Moderate: gstreamer1-plugins-good security update | |
| CVE-2021-0308 | medium | — | 5.5 | 4y ago | Moderate: gdisk security update | |
| CVE-2021-44532 | medium | — | 5.5 | 4y ago | Moderate: nodejs:16 security, bug fix, and enhancement update | |
| CVE-2021-26423 | medium | — | 5.5 | 4y ago | .NET Core Elevation of Privilege Vulnerability | |
| CVE-2021-35546 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2021-35626 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2021-35612 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2021-35634 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2021-35608 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2021-35602 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2021-35607 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2021-35596 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2021-35577 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2021-35575 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2021-35624 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2021-35622 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2021-35623 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2021-35610 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2021-35591 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2021-35647 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2021-35646 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2021-35645 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2021-35648 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |
| CVE-2021-35644 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update |