CVEs from 2021
Total
4,865
critical
critical 280
high
high 982
medium
medium 1,156
low
low 134
% Critical
5.8%
% with KEV
4.4%
% with exploit
4.7%
Top vendors
Top products
- office 13
- retail_service_backbone 7
- retail_integration_bus 7
- communications_unified_inventory_management 7
- universal_forwarder 6
- 365_apps 6
- retail_store_inventory_management 6
- retail_eftlink 6
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-43612 | medium | — | 5.5 | 2y ago | Moderate: lldpd security update | |||
| CVE-2021-47098 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations Commit b50aa49638c7 ("hwmon: (lm90) Prevent integer u… | |||
| CVE-2021-47457 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible() Using wait_event_interruptible() to wait for complet… | |||
| CVE-2021-47185 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc When running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm6… | |||
| CVE-2021-47383 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tty: Fix out-of-bound vmalloc access in imageblit This issue happens when a userspace program does an ioctl FBIOPUT_VSCREENINFO p… | |||
| CVE-2021-47385 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field If driver read val value sufficient for (va… | |||
| CVE-2021-47459 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv It will trigger UAF for rx_kref of j1939_priv as following. … | |||
| CVE-2021-47400 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: hns3: do not allow call hns3_nic_net_open repeatedly hns3_nic_net_open() is not allowed to called repeatly, but there is no … | |||
| CVE-2021-41092 | medium | — | 5.5 | 2y ago | Docker CLI leaks private registry credentials to registry-1.docker.io in github.com/docker/cli | |||
| CVE-2021-41089 | medium | — | 5.5 | 2y ago | Unexpected chmod of host files via 'docker cp' in Moby Docker Engine in github.com/docker/docker | |||
| CVE-2021-47171 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: usb: fix memory leak in smsc75xx_bind Syzbot reported memory leak in smsc75xx_bind(). The problem was is non-freed memory in… | |||
| CVE-2021-47118 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: pid: take a reference when initializing `cad_pid` During boot, kernel_init_freeable() initializes `cad_pid` to the init task's st… | |||
| CVE-2021-46934 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: i2c: validate user data in compat ioctl Wrong user data may cause warning in i2c_transfer(), ex: zero msgs. Userspace should not … | |||
| CVE-2021-47013 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send In emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..). If… | |||
| CVE-2021-47055 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mtd: require write permissions for locking and badblock ioctls MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus requir… | |||
| CVE-2021-47153 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Don't generate an interrupt on bus reset Now that the i2c-i801 driver supports interrupts, setting the KILL bit in a a… | |||
| CVE-2021-3753 | medium | — | 5.5 | 2y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2021-4204 | medium | — | 5.5 | 2y ago | Moderate: kernel security, bug fix, and enhancement update | |||
| CVE-2021-47316 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: nfsd: fix NULL dereference in nfs3svc_encode_getaclres In error cases the dentry may be NULL. Before 20798dfe249a, the encoder a… | |||
| CVE-2021-41244 | medium | — | 5.5 | 2y ago | Grafana Fine-grained access control vulnerability | |||
| CVE-2021-41043 | medium | — | 5.5 | 2y ago | Moderate: tcpdump security update | |||
| CVE-2021-29390 | medium | — | 5.5 | 2y ago | Moderate: libjpeg-turbo security update | |||
| CVE-2021-41072 | medium | — | 5.5 | 2y ago | Moderate: squashfs-tools security update | |||
| CVE-2021-40153 | medium | — | 5.5 | 2y ago | Moderate: squashfs-tools security update | |||
| CVE-2021-3382 | medium | — | 5.5 | 2y ago | Buffer Overflow in gitea in code.gitea.io/gitea | |||
| CVE-2021-47002 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix null pointer dereference in svc_rqst_free() When alloc_pages_node() returns null in svc_rqst_alloc(), the null rq_scr… | |||
| CVE-2021-41091 | medium | — | 5.5 | 2y ago | Moby (Docker Engine) Insufficiently restricted permissions on data directory in github.com/docker/docker | |||
| CVE-2021-21334 | medium | — | 5.5 | 2y ago | containerd environment variable leak | |||
| CVE-2021-3282 | medium | — | 5.5 | 2y ago | Improper Authentication in HashiCorp Vault in github.com/hashicorp/vault | |||
| CVE-2021-21285 | medium | — | 5.5 | 2y ago | moby docker daemon crash during image pull of malicious image | |||
| CVE-2021-21284 | medium | — | 5.5 | 2y ago | moby Access to remapped root allows privilege escalation to real root | |||
| CVE-2021-35939 | medium | — | 5.5 | 2y ago | Moderate: rpm security update | |||
| CVE-2021-35938 | medium | — | 5.5 | 2y ago | Moderate: rpm security update | |||
| CVE-2021-35937 | medium | — | 5.5 | 2y ago | Moderate: rpm security update | |||
| CVE-2021-3502 | medium | — | 5.5 | 3y ago | Moderate: avahi security update | |||
| CVE-2021-43784 | medium | — | 5.5 | 3y ago | Moderate: runc security update | |||
| CVE-2021-32142 | medium | — | 5.5 | 3y ago | Moderate: LibRaw security update | |||
| CVE-2021-3468 | medium | — | 5.5 | 3y ago | Moderate: avahi security update | |||
| CVE-2021-33644 | medium | — | 5.5 | 3y ago | Moderate: libtar security update | |||
| CVE-2021-33645 | medium | — | 5.5 | 3y ago | Moderate: libtar security update | |||
| CVE-2021-3782 | medium | — | 5.5 | 3y ago | Moderate: wayland security, bug fix, and enhancement update | |||
| CVE-2021-33646 | medium | — | 5.5 | 3y ago | Moderate: libtar security update | |||
| CVE-2021-33643 | medium | — | 5.5 | 3y ago | Moderate: libtar security update | |||
| CVE-2021-46790 | medium | — | 5.5 | 3y ago | Moderate: libguestfs-winsupport security update | |||
| CVE-2021-35065 | medium | — | 5.5 | 3y ago | Moderate: nodejs:18 security, bug fix, and enhancement update | |||
| CVE-2021-44648 | medium | — | 5.5 | 3y ago | Moderate: gdk-pixbuf2 security update | |||
| CVE-2021-46829 | medium | — | 5.5 | 3y ago | Moderate: gdk-pixbuf2 security update | |||
| CVE-2021-46822 | medium | — | 5.5 | 3y ago | Moderate: libjpeg-turbo security update | |||
| CVE-2021-44964 | medium | — | 5.5 | 3y ago | Moderate: lua security update | |||
| CVE-2021-43519 | medium | — | 5.5 | 3y ago | Moderate: lua security update | |||
| CVE-2021-44906 | medium | — | 5.5 | 3y ago | Moderate: nodejs:16 security, bug fix, and enhancement update | |||
| CVE-2021-46848 | medium | — | 5.5 | 3y ago | Moderate: libtasn1 security update | |||
| CVE-2021-33621 | medium | — | 5.5 | 4y ago | Moderate: ruby:3.0 security update | |||
| CVE-2021-4024 | medium | — | 5.5 | 4y ago | Moderate: podman security and bug fix update | |||
| CVE-2021-20199 | medium | — | 5.5 | 4y ago | Moderate: podman security and bug fix update | |||
| CVE-2021-47646 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: Revert "Revert "block, bfq: honor already-setup queue merges"" A crash [1] happened to be triggered in conjunction with commit 2d… | |||
| CVE-2021-33198 | medium | — | 5.5 | 4y ago | Moderate: buildah security and bug fix update | |||
| CVE-2021-21708 | medium | — | 5.5 | 4y ago | Moderate: php:7.4 security, bug fix, and enhancement update | |||
| CVE-2021-47572 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled (!… | |||
| CVE-2021-47103 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: inet: fully convert sk->sk_rx_dst to RCU rules syzbot reported various issues around early demux, one being included in this chan… | |||
| CVE-2021-3640 | medium | — | 5.5 | 4y ago | A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_d… | |||
| CVE-2021-34558 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |||
| CVE-2021-47649 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: udmabuf: validate ubuf->pagecount Syzbot has reported GPF in sg_alloc_append_table_from_pages(). The problem was in ubuf->pages =… | |||
| CVE-2021-3507 | medium | — | 5.5 | 4y ago | Moderate: qemu-kvm security, bug fix, and enhancement update | |||
| CVE-2021-47657 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free() If virtio_gpu_object_shmem_init() fails (e.g. due to faul… | |||
| CVE-2021-47639 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU Zap both valid and invalid roots when zapping/unmapping a gfn r… | |||
| CVE-2021-47378 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: destroy cm id before destroy qp to avoid use after free We should always destroy cm_id before destroy qp to avoid to g… | |||
| CVE-2021-20291 | medium | — | 5.5 | 4y ago | Moderate: container-tools:rhel8 security, bug fix, and enhancement update | |||
| CVE-2021-46828 | medium | — | 5.5 | 4y ago | Moderate: libtirpc security update | |||
| CVE-2021-28861 | medium | — | 5.5 | 4y ago | Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. N… | |||
| CVE-2021-3750 | medium | — | 5.5 | 4y ago | Moderate: qemu-kvm security, bug fix, and enhancement update | |||
| CVE-2021-33197 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |||
| CVE-2021-3611 | medium | — | 5.5 | 4y ago | Moderate: qemu-kvm security, bug fix, and enhancement update | |||
| CVE-2021-47580 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix type in min_t to avoid stack OOB Change min_t() to use type "u32" instead of type "int" to avoid stack out … | |||
| CVE-2021-47099 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: veth: ensure skb entering GRO are not cloned. After commit d3256efd8e8b ("veth: allow enabling NAPI even without XDP"), if GRO is… | |||
| CVE-2021-4158 | medium | — | 5.5 | 4y ago | Moderate: qemu-kvm security, bug fix, and enhancement update | |||
| CVE-2021-0561 | medium | — | 5.5 | 4y ago | Moderate: flac security update | |||
| CVE-2021-47556 | medium | — | 5.5 | 4y ago | In the Linux kernel, the following vulnerability has been resolved: ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce() ethtool_set_coalesce() now uses both the .get_coalesce() and .… | |||
| CVE-2021-33195 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |||
| CVE-2021-25220 | medium | — | 5.5 | 4y ago | Moderate: dhcp security and enhancement update | |||
| CVE-2021-21707 | medium | — | 5.5 | 4y ago | Moderate: php:7.4 security, bug fix, and enhancement update | |||
| CVE-2021-44532 | medium | — | 5.5 | 4y ago | Moderate: nodejs:16 security, bug fix, and enhancement update | |||
| CVE-2021-0308 | medium | — | 5.5 | 4y ago | Moderate: gdisk security update | |||
| CVE-2021-44531 | medium | — | 5.5 | 4y ago | Moderate: nodejs:16 security, bug fix, and enhancement update | |||
| CVE-2021-4048 | medium | — | 5.5 | 4y ago | Moderate: openblas security update | |||
| CVE-2021-30002 | medium | — | 5.5 | 4y ago | An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a33… | |||
| CVE-2021-25636 | medium | — | 5.5 | 4y ago | Moderate: libreoffice security update | |||
| CVE-2021-44533 | medium | — | 5.5 | 4y ago | Moderate: nodejs:16 security, bug fix, and enhancement update | |||
| CVE-2021-3497 | medium | — | 5.5 | 4y ago | Moderate: gstreamer1-plugins-good security update | |||
| CVE-2021-35577 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |||
| CVE-2021-35591 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |||
| CVE-2021-35626 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |||
| CVE-2021-35575 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |||
| CVE-2021-35596 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |||
| CVE-2021-35607 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |||
| CVE-2021-35608 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |||
| CVE-2021-35612 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |||
| CVE-2021-35625 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |||
| CVE-2021-35627 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update | |||
| CVE-2021-35628 | medium | — | 5.5 | 4y ago | Moderate: mysql:8.0 security, bug fix, and enhancement update |