CVEs from 2021
Total
4,880
critical
critical 279
high
high 1,007
medium
medium 1,166
low
low 136
% Critical
5.7%
% with KEV
4.4%
% with exploit
4.7%
Top vendors
Top products
- office 13
- primavera_gateway 10
- weblogic_server 9
- modicon_m340_bmxp342020 8
- log4j 8
- primavera_unifier 8
- retail_service_backbone 7
- communications_unified_inventory_management 7
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-4009 | medium | — | 5.5 | 4y ago | RHSA-2022:1917: xorg-x11-server and xorg-x11-server-Xwayland security update (Moderate) | |||
| CVE-2021-28116 | medium | — | 5.5 | 4y ago | RHSA-2022:1939: squid:4 security and bug fix update (Moderate) | |||
| CVE-2021-4008 | medium | — | 5.5 | 4y ago | RHSA-2022:1917: xorg-x11-server and xorg-x11-server-Xwayland security update (Moderate) | |||
| CVE-2021-44141 | medium | — | 5.5 | 4y ago | RHSA-2022:2074: samba security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-21703 | medium | — | 5.5 | 4y ago | RHSA-2022:1935: php:7.4 security update (Moderate) | |||
| CVE-2021-20316 | medium | — | 5.5 | 4y ago | RHSA-2022:2074: samba security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-4010 | medium | — | 5.5 | 4y ago | RHSA-2022:1917: xorg-x11-server and xorg-x11-server-Xwayland security update (Moderate) | |||
| CVE-2021-21705 | medium | — | 5.5 | 4y ago | RHSA-2022:1935: php:7.4 security update (Moderate) | |||
| CVE-2021-4156 | medium | — | 5.5 | 4y ago | RHSA-2022:1968: libsndfile security update (Moderate) | |||
| CVE-2021-4011 | medium | — | 5.5 | 4y ago | RHSA-2022:1917: xorg-x11-server and xorg-x11-server-Xwayland security update (Moderate) | |||
| CVE-2021-3639 | medium | — | 5.5 | 4y ago | RHSA-2022:1934: mod_auth_mellon security update (Moderate) | |||
| CVE-2021-2154 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-46657 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-46658 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-46667 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-46662 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-35604 | medium | — | 5.5 | 4y ago | RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-46666 | medium | — | 5.5 | 4y ago | RHSA-2022:1557: mariadb:10.5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-4115 | medium | — | 5.5 | 4y ago | RHSA-2022:1546: polkit security update (Moderate) | |||
| CVE-2021-20180 | medium | — | 5.5 | 4y ago | Insertion of Sensitive Information into Log File in ansible | |||
| CVE-2021-3999 | medium | — | 5.5 | 4y ago | RHSA-2022:0896: glibc security update (Moderate) | |||
| CVE-2021-31566 | medium | — | 5.5 | 4y ago | RHSA-2022:0892: libarchive security update (Moderate) | |||
| CVE-2021-23177 | medium | — | 5.5 | 4y ago | RHSA-2022:0892: libarchive security update (Moderate) | |||
| CVE-2021-39275 | medium | — | 5.5 | 4y ago | RHSA-2022:0891: httpd:2.4 security update (Moderate) | |||
| CVE-2021-34798 | medium | — | 5.5 | 4y ago | RHSA-2022:0891: httpd:2.4 security update (Moderate) | |||
| CVE-2021-3620 | medium | — | 5.5 | 4y ago | A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest th… | |||
| CVE-2021-32066 | medium | — | 5.5 | 4y ago | RHSA-2022:0672: ruby:2.5 security update (Moderate) | |||
| CVE-2021-31810 | medium | — | 5.5 | 4y ago | RHSA-2022:0672: ruby:2.5 security update (Moderate) | |||
| CVE-2021-27918 | medium | — | 5.5 | 4y ago | RHSA-2021:3076: go-toolset:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-3114 | medium | — | 5.5 | 4y ago | RHSA-2021:4226: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-33196 | medium | — | 5.5 | 4y ago | RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2021-36221 | medium | — | 5.5 | 4y ago | RHSA-2022:7457: container-tools:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-29622 | medium | — | 5.5 | 4y ago | Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redire… | |||
| CVE-2021-27358 | medium | — | 5.5 | 4y ago | RHSA-2021:4226: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-4122 | medium | — | 5.5 | 4y ago | RHSA-2022:0370: cryptsetup security update (Moderate) | |||
| CVE-2021-3521 | medium | — | 5.5 | 4y ago | RHSA-2022:0368: rpm security update (Moderate) | |||
| CVE-2021-4192 | medium | — | 5.5 | 4y ago | RHSA-2022:0366: vim security update (Moderate) | |||
| CVE-2021-3872 | medium | — | 5.5 | 4y ago | RHSA-2022:0366: vim security update (Moderate) | |||
| CVE-2021-4193 | medium | — | 5.5 | 4y ago | RHSA-2022:0366: vim security update (Moderate) | |||
| CVE-2021-3984 | medium | — | 5.5 | 4y ago | RHSA-2022:0366: vim security update (Moderate) | |||
| CVE-2021-22570 | medium | — | 5.5 | 4y ago | RHSA-2022:7464: protobuf security update (Moderate) | |||
| CVE-2021-44217 | medium | — | 5.5 | 4y ago | In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2021-41772 | medium | — | 5.5 | 4y ago | RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2021-41771 | medium | — | 5.5 | 4y ago | RHSA-2022:1819: go-toolset:rhel8 security and bug fix update (Moderate) | |||
| CVE-2021-45116 | medium | — | 5.5 | 4y ago | An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter … | |||
| CVE-2021-45452 | medium | — | 5.5 | 4y ago | Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. | |||
| CVE-2021-45115 | medium | — | 5.5 | 4y ago | An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that wa… | |||
| CVE-2021-23214 | medium | — | 5.5 | 5y ago | RHSA-2022:1830: postgresql:10 security update (Moderate) | |||
| CVE-2021-3677 | medium | — | 5.5 | 5y ago | RHSA-2021:5236: postgresql:13 security update (Moderate) | |||
| CVE-2021-20321 | medium | — | 5.5 | 5y ago | RHSA-2021:5241: kernel-rt security and bug fix update (Moderate) | |||
| CVE-2021-42550 | medium | — | 5.5 | 5y ago | Deserialization of Untrusted Data in logback | |||
| CVE-2021-22960 | medium | — | 5.5 | 5y ago | RHSA-2022:0350: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-22959 | medium | — | 5.5 | 5y ago | RHSA-2022:0350: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-43255 | medium | 5.5 | 5.5 | 5y ago | Microsoft Office Trust Center Spoofing Vulnerability | |||
| CVE-2021-42295 | medium | 5.5 | 5.5 | 5y ago | Visual Basic for Applications Information Disclosure Vulnerability | |||
| CVE-2021-43243 | medium | 5.5 | 5.5 | 5y ago | VP9 Video Extensions Information Disclosure Vulnerability | |||
| CVE-2021-4044 | medium | — | 5.5 | 5y ago | Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (… | |||
| CVE-2021-43818 | medium | — | 5.5 | 5y ago | RHSA-2022:1932: python-lxml security update (Moderate) | |||
| CVE-2021-43415 | medium | — | 5.5 | 5y ago | Improper Authentication in HashiCorp Nomad in github.com/hashicorp/nomad | |||
| CVE-2021-44420 | medium | — | 5.5 | 5y ago | In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. | |||
| CVE-2021-43797 | medium | — | 5.5 | 5y ago | HTTP request smuggling in netty | |||
| CVE-2021-43809 | medium | — | 5.5 | 5y ago | RHSA-2025:7539: ruby:2.5 security update (Moderate) | |||
| CVE-2021-43998 | medium | — | 5.5 | 5y ago | HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault | |||
| CVE-2021-27023 | medium | — | 5.5 | 5y ago | A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007 | |||
| CVE-2021-27025 | medium | — | 5.5 | 5y ago | A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'. | |||
| CVE-2021-41816 | medium | — | 5.5 | 5y ago | CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different n… | |||
| CVE-2021-41819 | medium | — | 5.5 | 5y ago | RHSA-2022:6450: ruby:3.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-41281 | medium | — | 5.5 | 5y ago | Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a rem… | |||
| CVE-2021-41868 | medium | — | 5.5 | 5y ago | OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality. | |||
| CVE-2021-41867 | medium | — | 5.5 | 5y ago | An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat f… | |||
| CVE-2021-3918 | medium | — | 5.5 | 5y ago | RHSA-2022:0350: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-41190 | medium | — | 5.5 | 5y ago | RHSA-2022:7457: container-tools:rhel8 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-41164 | medium | — | 5.5 | 5y ago | Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML | |||
| CVE-2021-41165 | medium | — | 5.5 | 5y ago | HTML comments vulnerability allowing to execute JavaScript code | |||
| CVE-2021-41817 | medium | — | 5.5 | 5y ago | RHSA-2022:6450: ruby:3.0 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-42574 | medium | — | 5.5 | 5y ago | RHSA-2021:4743: llvm-toolset:rhel8 security update (Moderate) | |||
| CVE-2021-35603 | medium | — | 5.5 | 5y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2021-35561 | medium | — | 5.5 | 5y ago | RHSA-2022:5837: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2021-3778 | medium | — | 5.5 | 5y ago | RHSA-2021:4517: vim security update (Moderate) | |||
| CVE-2021-3796 | medium | — | 5.5 | 5y ago | RHSA-2021:4517: vim security update (Moderate) | |||
| CVE-2021-23336 | medium | — | 5.5 | 5y ago | RHSA-2021:4162: python38:3.8 and python38-devel:3.8 security update (Moderate) | |||
| CVE-2021-36084 | medium | — | 5.5 | 5y ago | RHSA-2021:4513: libsepol security update (Moderate) | |||
| CVE-2021-36086 | medium | — | 5.5 | 5y ago | RHSA-2021:4513: libsepol security update (Moderate) | |||
| CVE-2021-36087 | medium | — | 5.5 | 5y ago | RHSA-2021:4513: libsepol security update (Moderate) | |||
| CVE-2021-36085 | medium | — | 5.5 | 5y ago | RHSA-2021:4513: libsepol security update (Moderate) | |||
| CVE-2021-22925 | medium | — | 5.5 | 5y ago | RHSA-2021:4511: curl security and bug fix update (Moderate) | |||
| CVE-2021-22898 | medium | — | 5.5 | 5y ago | RHSA-2021:4511: curl security and bug fix update (Moderate) | |||
| CVE-2021-22876 | medium | — | 5.5 | 5y ago | RHSA-2021:4511: curl security and bug fix update (Moderate) | |||
| CVE-2021-3445 | medium | — | 5.5 | 5y ago | RHSA-2021:4464: dnf security and bug fix update (Moderate) | |||
| CVE-2021-20232 | medium | — | 5.5 | 5y ago | RHSA-2021:4451: gnutls and nettle security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-3580 | medium | — | 5.5 | 5y ago | RHSA-2021:4451: gnutls and nettle security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-20231 | medium | — | 5.5 | 5y ago | RHSA-2021:4451: gnutls and nettle security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-3565 | medium | — | 5.5 | 5y ago | RHSA-2021:4413: tpm2-tools security and enhancement update (Moderate) | |||
| CVE-2021-33560 | medium | — | 5.5 | 5y ago | RHSA-2021:4409: libgcrypt security and bug fix update (Moderate) | |||
| CVE-2021-3426 | medium | — | 5.5 | 5y ago | RHSA-2021:4399: python3 security update (Moderate) | |||
| CVE-2021-3800 | medium | — | 5.5 | 5y ago | RHSA-2021:4385: glib2 security and bug fix update (Moderate) | |||
| CVE-2021-25214 | medium | — | 5.5 | 5y ago | RHSA-2021:4384: bind security and bug fix update (Moderate) | |||
| CVE-2021-1844 | medium | — | 5.5 | 5y ago | RHSA-2021:4381: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-1788 | medium | — | 5.5 | 5y ago | RHSA-2021:4381: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2021-30795 | medium | — | 5.5 | 5y ago | RHSA-2021:4381: GNOME security, bug fix, and enhancement update (Moderate) |