CVEs from 2021
Total
6,258
critical
critical 272
high
high 976
medium
medium 1,141
low
low 135
% Critical
4.3%
% with KEV
3.4%
% with exploit
3.4%
Top products
- office 13
- 365_apps 6
- office_long_term_servicing_channel 6
- library_automation_system 5
- single_connect 4
- http_server 3
- solidfire 2
- student_information_management_system 2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2021-4069 | low | — | 2.5 | — | vim is vulnerable to Use After Free | |
| CVE-2021-4110 | low | — | 2.5 | — | mruby is vulnerable to NULL Pointer Dereference | |
| CVE-2021-30219 | low | — | 2.5 | — | denial of service in samurai | |
| CVE-2021-31855 | low | — | 2.5 | — | KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g., an IMAP server) caus… | |
| CVE-2021-20217 | low | — | 2.5 | — | A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system a… | |
| CVE-2021-1405 | low | — | 2.5 | — | A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service con… | |
| CVE-2021-36769 | low | — | 2.5 | — | A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8. An attacker can cause the server to receive messages in a different o… | |
| CVE-2021-41865 | low | — | 2.5 | — | denial of service in nomad | |
| CVE-2021-3673 | low | — | 2.5 | — | A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS. | |
| CVE-2021-28089 | low | — | 2.5 | — | Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001. | |
| CVE-2021-34813 | low | — | 2.5 | — | Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has … | |
| CVE-2021-28090 | low | — | 2.5 | — | Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002. | |
| CVE-2021-20205 | low | — | 2.5 | — | Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image. | |
| CVE-2021-3477 | low | — | 2.5 | — | There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer over… | |
| CVE-2021-38373 | low | — | 2.5 | — | In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked. | |
| CVE-2021-20216 | low | — | 2.5 | — | A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is t… | |
| CVE-2021-36367 | low | — | 2.5 | — | PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a l… | |
| CVE-2021-28831 | low | — | 2.5 | — | decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. | |
| CVE-2021-32815 | low | — | 2.5 | — | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The assertion failure is triggered when Exiv2 is used to modify the metadata… | |
| CVE-2021-3443 | low | — | 2.5 | — | denial of service in jasper | |
| CVE-2021-34334 | low | — | 2.5 | — | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a c… | |
| CVE-2021-3549 | low | — | 2.5 | — | An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a… | |
| CVE-2021-37615 | low | — | 2.5 | — | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and earlier. … | |
| CVE-2021-37616 | low | — | 2.5 | — | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and earlier. … | |
| CVE-2021-22897 | low | — | 2.5 | — | curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The s… | |
| CVE-2021-22222 | low | — | 2.5 | — | Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file | |
| CVE-2021-34335 | low | — | 2.5 | — | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A floating point exception (FPE) due to an integer divide by zero was found … | |
| CVE-2021-32707 | low | — | 2.5 | — | information disclosure in nextcloud-app-mail | |
| CVE-2021-3927 | low | — | 2.5 | — | vim is vulnerable to Heap-based Buffer Overflow | |
| CVE-2021-35331 | low | — | 2.5 | — | In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding | |
| CVE-2021-20177 | low | — | 2.5 | — | A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can pa… | |
| CVE-2021-26934 | low | — | 2.5 | — | An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration… | |
| CVE-2021-3178 | low | — | 2.5 | — | fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPL… | |
| CVE-2021-32718 | low | — | 2.5 | — | RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation mess… | |
| CVE-2021-32719 | low | — | 2.5 | — | RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` … | |
| CVE-2021-32613 | low | — | 2.5 | — | In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS. | |
| CVE-2021-33500 | low | — | 2.5 | — | PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetW… | |
| CVE-2021-3968 | low | — | 2.5 | — | vim is vulnerable to Heap-based Buffer Overflow | |
| CVE-2021-43877 | low | — | 2.5 | — | privilege escalation in dotnet-runtime | |
| CVE-2021-40985 | low | — | 2.5 | — | A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp. | |
| CVE-2021-4021 | low | — | 2.5 | — | A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0, 5.5.4 and 5.5.2. Mapping a huge section filled with zeros of an ELF64 binary for MIPS architecture can lead to uncontrolled res… | |
| CVE-2021-39247 | low | — | 2.5 | — | Zint Barcode Generator before 2.10.0 has a one-byte buffer over-read, related to is_last_single_ascii in code1.c, and rs_encode_uint in reedsol.c. | |
| CVE-2021-3928 | low | — | 2.5 | — | vim is vulnerable to Use of Uninitialized Variable | |
| CVE-2021-28117 | low | — | 2.5 | — | libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of… | |
| CVE-2021-37621 | low | — | 2.5 | — | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infini… | |
| CVE-2021-20189 | low | — | 2.5 | — | incorrect calculation in imagemagick | |
| CVE-2021-3474 | low | — | 2.5 | — | There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with app… | |
| CVE-2021-3475 | low | — | 2.5 | — | There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with ap… | |
| CVE-2021-3479 | low | — | 2.5 | — | There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption o… | |
| CVE-2021-38604 | low | — | 2.5 | — | In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was… | |
| CVE-2021-27815 | low | — | 2.5 | — | NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS) by uploading a malicio… | |
| CVE-2021-37622 | low | — | 2.5 | — | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infini… | |
| CVE-2021-3652 | low | — | 2.5 | — | Low: 389-ds:1.4 security and bug fix update | |
| CVE-2021-1252 | low | — | 2.5 | — | A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service con… | |
| CVE-2021-1404 | low | — | 2.5 | — | A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an… | |
| CVE-2021-21300 | low | — | 2.5 | — | Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as… | |
| CVE-2021-34183 | low | — | 2.5 | — | denial of service in imagemagick | |
| CVE-2021-3467 | low | — | 2.5 | — | denial of service in jasper | |
| CVE-2021-3658 | low | — | 2.5 | — | bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discov… | |
| CVE-2021-32275 | low | — | 2.5 | — | An issue was discovered in faust through v2.30.5. A NULL pointer dereference exists in the function CosPrim::computeSigOutput() located in cosprim.hh. It allows an attacker to cause Denial of Service. | |
| CVE-2021-39220 | low | — | 2.5 | — | information disclosure in nextcloud-app-mail | |
| CVE-2021-37620 | low | — | 2.5 | — | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The o… | |
| CVE-2021-37623 | low | — | 2.5 | — | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infini… | |
| CVE-2021-3875 | low | — | 2.5 | — | vim is vulnerable to Heap-based Buffer Overflow | |
| CVE-2021-3974 | low | — | 2.5 | — | vim is vulnerable to Use After Free | |
| CVE-2021-27375 | low | — | 2.5 | — | insufficient validation in traefik | |
| CVE-2021-22174 | low | — | 2.5 | — | Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file | |
| CVE-2021-22173 | low | — | 2.5 | — | Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file | |
| CVE-2021-22207 | low | — | 2.5 | — | Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file | |
| CVE-2021-39920 | low | — | 2.5 | — | NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file | |
| CVE-2021-22235 | low | — | 2.5 | — | Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file | |
| CVE-2021-39921 | low | — | 2.5 | — | NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file | |
| CVE-2021-39922 | low | — | 2.5 | — | Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file | |
| CVE-2021-39924 | low | — | 2.5 | — | Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file | |
| CVE-2021-39925 | low | — | 2.5 | — | Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file | |
| CVE-2021-39926 | low | — | 2.5 | — | Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file | |
| CVE-2021-39929 | low | — | 2.5 | — | Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file | |
| CVE-2021-39928 | low | — | 2.5 | — | NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file | |
| CVE-2021-42917 | low | — | 2.5 | — | Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream. | |
| CVE-2021-20269 | low | — | 2.5 | — | A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The … | |
| CVE-2021-28039 | low | — | 2.5 | — | An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of… | |
| CVE-2021-30178 | low | — | 2.5 | — | An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987. | |
| CVE-2021-3476 | low | — | 2.5 | — | A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially aff… | |
| CVE-2021-3478 | low | — | 2.5 | — | There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory… | |
| CVE-2021-20296 | low | — | 2.5 | — | A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could ca… | |
| CVE-2021-23240 | low | — | 2.5 | — | selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary … | |
| CVE-2021-23239 | low | — | 2.5 | — | The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled… | |
| CVE-2021-36690 | low | — | 2.5 | — | A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance o… | |
| CVE-2021-27212 | low | — | 2.5 | — | In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemo… | |
| CVE-2021-20193 | low | — | 2.5 | — | A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat fro… | |
| CVE-2021-30218 | low | — | 2.5 | — | denial of service in samurai | |
| CVE-2021-30046 | low | — | 2.5 | — | denial of service in vigra | |
| CVE-2021-4023 | low | — | 2.5 | — | A flaw was found in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1. The kernel can panic when an improper cancellation operation triggers the submission of new io-urin… | |
| CVE-2021-3671 | low | — | 2.5 | — | A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samb… | |
| CVE-2021-3973 | low | — | 2.5 | — | vim is vulnerable to Heap-based Buffer Overflow | |
| CVE-2021-3903 | low | — | 2.5 | 2y ago | Low: vim security update | |
| CVE-2021-43618 | low | — | 2.5 | 3y ago | Low: gmp security and enhancement update | |
| CVE-2021-3826 | low | — | 2.5 | 3y ago | Low: gdb security update | |
| CVE-2021-44269 | low | — | 2.5 | 4y ago | Low: wavpack security update | |
| CVE-2021-46195 | low | — | 2.5 | 4y ago | Low: mingw-gcc security and bug fix update |