CVEs from 2021

6,258 normalized CVEs published or assigned in this year.

Total

6,258

critical

critical 272

high

high 976

medium

medium 1,141

low

low 135

% Critical

4.3%

% with KEV

3.4%

% with exploit

3.4%

Top vendors

Top products

office 13
365_apps 6
office_long_term_servicing_channel 6
library_automation_system 5
single_connect 4
http_server 3
solidfire 2
student_information_management_system 2

Top packages

PyPI/tensorflow-cpu 885
PyPI/tensorflow 885
PyPI/tensorflow-gpu 885
Packagist/moodle/moodle 126
Packagist/magento/community-edition 124
Maven/com.liferay.portal:release.dxp.bom 82
PyPI/salt 74
Maven/org.jenkins-ci.main:jenkins-core 60

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2021-3156	critical	—	10.0	4y ago	Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation.
CVE-2021-4102	critical	—	10.0	5y ago	Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multipl…
CVE-2021-44228	critical	—	10.0	5y ago	Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
CVE-2021-21148	critical	—	10.0	5y ago	Google Chromium V8 Engine contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect m…
CVE-2021-22205	critical	—	10.0	5y ago	GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through Exi…
CVE-2021-42013	critical	—	10.0	5y ago	Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under defa…
CVE-2021-30551	critical	—	10.0	5y ago	Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multipl…