CVEs from 2021
Total
4,867
critical
critical 280
high
high 983
medium
medium 1,157
low
low 134
% Critical
5.8%
% with KEV
4.4%
% with exploit
4.7%
Top vendors
Top products
- office 13
- retail_service_backbone 7
- retail_integration_bus 7
- communications_unified_inventory_management 7
- universal_forwarder 6
- 365_apps 6
- retail_store_inventory_management 6
- retail_eftlink 6
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-45444 | medium | — | 5.5 | 4y ago | Moderate: zsh security update | |||
| CVE-2021-25219 | medium | — | 5.5 | 4y ago | Moderate: bind security, bug fix, and enhancement update | |||
| CVE-2021-3698 | medium | — | 5.5 | 4y ago | A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates t… | |||
| CVE-2021-3660 | medium | — | 5.5 | 4y ago | Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be use… | |||
| CVE-2021-38185 | medium | — | 5.5 | 4y ago | Moderate: cpio security update | |||
| CVE-2021-39272 | medium | — | 5.5 | 4y ago | Moderate: fetchmail security update | |||
| CVE-2021-36386 | medium | — | 5.5 | 4y ago | Moderate: fetchmail security update | |||
| CVE-2021-44225 | medium | — | 5.5 | 4y ago | Moderate: keepalived security and bug fix update | |||
| CVE-2021-45930 | medium | — | 5.5 | 4y ago | Moderate: qt5-qtsvg security update | |||
| CVE-2021-32786 | medium | — | 5.5 | 4y ago | Moderate: mod_auth_openidc:2.3 security update | |||
| CVE-2021-32792 | medium | — | 5.5 | 4y ago | Moderate: mod_auth_openidc:2.3 security update | |||
| CVE-2021-39191 | medium | — | 5.5 | 4y ago | Moderate: mod_auth_openidc:2.3 security update | |||
| CVE-2021-32791 | medium | — | 5.5 | 4y ago | Moderate: mod_auth_openidc:2.3 security update | |||
| CVE-2021-39358 | medium | — | 5.5 | 4y ago | Moderate: gfbgraph security update | |||
| CVE-2021-30809 | medium | — | 5.5 | 4y ago | Moderate: webkit2gtk3 security, bug fix, and enhancement update | |||
| CVE-2021-30849 | medium | — | 5.5 | 4y ago | Moderate: webkit2gtk3 security, bug fix, and enhancement update | |||
| CVE-2021-30889 | medium | — | 5.5 | 4y ago | Moderate: webkit2gtk3 security, bug fix, and enhancement update | |||
| CVE-2021-30823 | medium | — | 5.5 | 4y ago | Moderate: webkit2gtk3 security, bug fix, and enhancement update | |||
| CVE-2021-30888 | medium | — | 5.5 | 4y ago | Moderate: webkit2gtk3 security, bug fix, and enhancement update | |||
| CVE-2021-45482 | medium | — | 5.5 | 4y ago | Moderate: webkit2gtk3 security, bug fix, and enhancement update | |||
| CVE-2021-30884 | medium | — | 5.5 | 4y ago | Moderate: webkit2gtk3 security, bug fix, and enhancement update | |||
| CVE-2021-30848 | medium | — | 5.5 | 4y ago | Moderate: webkit2gtk3 security, bug fix, and enhancement update | |||
| CVE-2021-45481 | medium | — | 5.5 | 4y ago | Moderate: webkit2gtk3 security, bug fix, and enhancement update | |||
| CVE-2021-30887 | medium | — | 5.5 | 4y ago | Moderate: webkit2gtk3 security, bug fix, and enhancement update | |||
| CVE-2021-45483 | medium | — | 5.5 | 4y ago | Moderate: webkit2gtk3 security, bug fix, and enhancement update | |||
| CVE-2021-30818 | medium | — | 5.5 | 4y ago | Moderate: webkit2gtk3 security, bug fix, and enhancement update | |||
| CVE-2021-30984 | medium | — | 5.5 | 4y ago | Moderate: webkit2gtk3 security, bug fix, and enhancement update | |||
| CVE-2021-30953 | medium | — | 5.5 | 4y ago | Moderate: webkit2gtk3 security, bug fix, and enhancement update | |||
| CVE-2021-30934 | medium | — | 5.5 | 4y ago | Moderate: webkit2gtk3 security, bug fix, and enhancement update | |||
| CVE-2021-30954 | medium | — | 5.5 | 4y ago | Moderate: webkit2gtk3 security, bug fix, and enhancement update | |||
| CVE-2021-30951 | medium | — | 5.5 | 4y ago | Moderate: webkit2gtk3 security, bug fix, and enhancement update | |||
| CVE-2021-30890 | medium | — | 5.5 | 4y ago | Moderate: webkit2gtk3 security, bug fix, and enhancement update | |||
| CVE-2021-30851 | medium | — | 5.5 | 4y ago | Moderate: webkit2gtk3 security, bug fix, and enhancement update | |||
| CVE-2021-30936 | medium | — | 5.5 | 4y ago | Moderate: webkit2gtk3 security, bug fix, and enhancement update | |||
| CVE-2021-30897 | medium | — | 5.5 | 4y ago | Moderate: webkit2gtk3 security, bug fix, and enhancement update | |||
| CVE-2021-30846 | medium | — | 5.5 | 4y ago | Moderate: webkit2gtk3 security, bug fix, and enhancement update | |||
| CVE-2021-30836 | medium | — | 5.5 | 4y ago | Moderate: webkit2gtk3 security, bug fix, and enhancement update | |||
| CVE-2021-3733 | medium | — | 5.5 | 4y ago | There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression D… | |||
| CVE-2021-4011 | medium | — | 5.5 | 4y ago | Moderate: xorg-x11-server and xorg-x11-server-Xwayland security update | |||
| CVE-2021-20316 | medium | — | 5.5 | 4y ago | A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of t… | |||
| CVE-2021-4009 | medium | — | 5.5 | 4y ago | Moderate: xorg-x11-server and xorg-x11-server-Xwayland security update | |||
| CVE-2021-4008 | medium | — | 5.5 | 4y ago | Moderate: xorg-x11-server and xorg-x11-server-Xwayland security update | |||
| CVE-2021-4010 | medium | — | 5.5 | 4y ago | Moderate: xorg-x11-server and xorg-x11-server-Xwayland security update | |||
| CVE-2021-28116 | medium | — | 5.5 | 4y ago | Moderate: squid:4 security and bug fix update | |||
| CVE-2021-21705 | medium | — | 5.5 | 4y ago | Moderate: php:7.4 security update | |||
| CVE-2021-21703 | medium | — | 5.5 | 4y ago | Moderate: php:7.4 security update | |||
| CVE-2021-44141 | medium | — | 5.5 | 4y ago | All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under th… | |||
| CVE-2021-2154 | medium | — | 5.5 | 4y ago | Moderate: mariadb:10.5 security, bug fix, and enhancement update | |||
| CVE-2021-46662 | medium | — | 5.5 | 4y ago | Moderate: mariadb:10.5 security, bug fix, and enhancement update | |||
| CVE-2021-46657 | medium | — | 5.5 | 4y ago | Moderate: mariadb:10.5 security, bug fix, and enhancement update | |||
| CVE-2021-46667 | medium | — | 5.5 | 4y ago | Moderate: mariadb:10.5 security, bug fix, and enhancement update | |||
| CVE-2021-46658 | medium | — | 5.5 | 4y ago | Moderate: mariadb:10.5 security, bug fix, and enhancement update | |||
| CVE-2021-35604 | medium | — | 5.5 | 4y ago | Moderate: mariadb:10.5 security, bug fix, and enhancement update | |||
| CVE-2021-46666 | medium | — | 5.5 | 4y ago | Moderate: mariadb:10.5 security, bug fix, and enhancement update | |||
| CVE-2021-4115 | medium | — | 5.5 | 4y ago | Moderate: polkit security update | |||
| CVE-2021-20180 | medium | — | 5.5 | 4y ago | Insertion of Sensitive Information into Log File in ansible | |||
| CVE-2021-3999 | medium | — | 5.5 | 4y ago | Moderate: glibc security update | |||
| CVE-2021-31566 | medium | — | 5.5 | 4y ago | Moderate: libarchive security update | |||
| CVE-2021-23177 | medium | — | 5.5 | 4y ago | Moderate: libarchive security update | |||
| CVE-2021-39275 | medium | — | 5.5 | 4y ago | Moderate: httpd:2.4 security update | |||
| CVE-2021-34798 | medium | — | 5.5 | 4y ago | Moderate: httpd:2.4 security update | |||
| CVE-2021-3620 | medium | — | 5.5 | 4y ago | A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest th… | |||
| CVE-2021-27918 | medium | — | 5.5 | 4y ago | Moderate: go-toolset:rhel8 security, bug fix, and enhancement update | |||
| CVE-2021-3114 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |||
| CVE-2021-33196 | medium | — | 5.5 | 4y ago | Moderate: go-toolset:rhel8 security, bug fix, and enhancement update | |||
| CVE-2021-36221 | medium | — | 5.5 | 4y ago | Moderate: go-toolset:rhel8 security, bug fix, and enhancement update | |||
| CVE-2021-27358 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |||
| CVE-2021-29622 | medium | — | 5.5 | 4y ago | Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redire… | |||
| CVE-2021-4122 | medium | — | 5.5 | 4y ago | Moderate: cryptsetup security update | |||
| CVE-2021-3521 | medium | — | 5.5 | 4y ago | Moderate: rpm security update | |||
| CVE-2021-4192 | medium | — | 5.5 | 4y ago | vim is vulnerable to Use After Free | |||
| CVE-2021-3872 | medium | — | 5.5 | 4y ago | vim is vulnerable to Heap-based Buffer Overflow | |||
| CVE-2021-3984 | medium | — | 5.5 | 4y ago | vim is vulnerable to Heap-based Buffer Overflow | |||
| CVE-2021-4019 | medium | — | 5.5 | 4y ago | vim is vulnerable to Heap-based Buffer Overflow | |||
| CVE-2021-4193 | medium | — | 5.5 | 4y ago | vim is vulnerable to Out-of-bounds Read | |||
| CVE-2021-22570 | medium | — | 5.5 | 4y ago | Withdrawn Advisory: NULL Pointer Dereference in Protocol Buffers | |||
| CVE-2021-44217 | medium | — | 5.5 | 4y ago | In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2021-41772 | medium | — | 5.5 | 4y ago | Moderate: go-toolset:rhel8 security and bug fix update | |||
| CVE-2021-41771 | medium | — | 5.5 | 4y ago | Moderate: go-toolset:rhel8 security and bug fix update | |||
| CVE-2021-45116 | medium | — | 5.5 | 4y ago | An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter … | |||
| CVE-2021-45452 | medium | — | 5.5 | 4y ago | Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. | |||
| CVE-2021-45115 | medium | — | 5.5 | 4y ago | An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that wa… | |||
| CVE-2021-23214 | medium | — | 5.5 | 5y ago | Moderate: postgresql:13 security update | |||
| CVE-2021-3677 | medium | — | 5.5 | 5y ago | Moderate: postgresql:13 security update | |||
| CVE-2021-20321 | medium | — | 5.5 | 5y ago | A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the syste… | |||
| CVE-2021-42550 | medium | — | 5.5 | 5y ago | Deserialization of Untrusted Data in logback | |||
| CVE-2021-22960 | medium | — | 5.5 | 5y ago | Moderate: nodejs:14 security, bug fix, and enhancement update | |||
| CVE-2021-22959 | medium | — | 5.5 | 5y ago | Moderate: nodejs:14 security, bug fix, and enhancement update | |||
| CVE-2021-43255 | medium | 5.5 | 5.5 | 5y ago | Microsoft Office Trust Center Spoofing Vulnerability | |||
| CVE-2021-42295 | medium | 5.5 | 5.5 | 5y ago | Visual Basic for Applications Information Disclosure Vulnerability | |||
| CVE-2021-43243 | medium | 5.5 | 5.5 | 5y ago | VP9 Video Extensions Information Disclosure Vulnerability | |||
| CVE-2021-4044 | medium | — | 5.5 | 5y ago | Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (… | |||
| CVE-2021-43818 | medium | — | 5.5 | 5y ago | Moderate: python27:2.7 security update | |||
| CVE-2021-43415 | medium | — | 5.5 | 5y ago | Improper Authentication in HashiCorp Nomad in github.com/hashicorp/nomad | |||
| CVE-2021-44420 | medium | — | 5.5 | 5y ago | In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. | |||
| CVE-2021-43797 | medium | — | 5.5 | 5y ago | HTTP request smuggling in netty | |||
| CVE-2021-43809 | medium | — | 5.5 | 5y ago | Moderate: ruby:2.5 security update | |||
| CVE-2021-43998 | medium | — | 5.5 | 5y ago | HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault | |||
| CVE-2021-27023 | medium | — | 5.5 | 5y ago | A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007 | |||
| CVE-2021-27025 | medium | — | 5.5 | 5y ago | A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'. |