VIR Vulnerability Intelligence Relay

CVEs from 2021

4,817 normalized CVEs published or assigned in this year.

Total
4,817
critical
critical 279
high
high 1,005
medium
medium 1,166
low
low 138
% Critical
5.8%
% with KEV
4.4%
% with exploit
5.3%

Top vendors

Top products

  • office 13
  • primavera_gateway 10
  • weblogic_server 9
  • modicon_m340_bmxp342020 8
  • log4j 8
  • primavera_unifier 8
  • retail_service_backbone 7
  • communications_unified_inventory_management 7

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2021-21631 unknown 4y ago Missing permission check in Jenkins Cloud Statistics Plugin
CVE-2021-21629 unknown 4y ago CSRF vulnerability in Jenkins Build With Parameters Plugin
CVE-2021-21628 unknown 4y ago Stored XSS vulnerability in Jenkins Build With Parameters Plugin
CVE-2021-21630 unknown 4y ago Stored XSS vulnerability in Jenkins Extra Columns Plugin
CVE-2021-21627 unknown 4y ago CSRF vulnerability in Jenkins Libvirt Agents Plugin
CVE-2021-21626 unknown 4y ago Missing permission checks in Jenkins Warnings Next Generation Plugin allow listing workspace contents
CVE-2021-21624 unknown 4y ago Incorrect permission checks in Jenkins Role-based Authorization Strategy Plugin may allow accessing some items
CVE-2021-21625 unknown 4y ago Missing permission checks in Jenkins CloudBees AWS Credentials Plugin allows enumerating credentials IDs
CVE-2021-21623 unknown 4y ago Incorrect permission checks in Jenkins Matrix Authorization Strategy Plugin may allow accessing some items
CVE-2021-20218 unknown 4y ago Improper Limitation of a Pathname to a Restricted Directory in Fabric8 Kubernetes Client
CVE-2021-21619 unknown 4y ago XSS vulnerability in Jenkins Claim Plugin
CVE-2021-21621 unknown 4y ago Support bundles can include user session IDs in Jenkins Support Core Plugin
CVE-2021-21622 unknown 4y ago Stored XSS vulnerability in Jenkins Artifact Repository Parameter Plugin
CVE-2021-21616 unknown 4y ago Stored XSS vulnerability in Jenkins Active Choices Plugin
CVE-2021-21617 unknown 4y ago CSRF vulnerability in Jenkins Configuration Slicing Plugin
CVE-2021-21618 unknown 4y ago Stored XSS vulnerability in Jenkins Repository Connector Plugin
CVE-2021-3396 unknown 4y ago OpenNMS Horizon RCE via JEXL2 expression
CVE-2021-0341 unknown 4y ago Square OkHttp can accept the wrong certificate
CVE-2021-21613 unknown 4y ago XSS vulnerability in Jenkins TICS Plugin
CVE-2021-21612 unknown 4y ago Credentials stored in plain text by Jenkins TraceTronic ECU-TEST Plugin
CVE-2021-21614 unknown 4y ago Credentials stored in plain text by Jenkins Bumblebee HP ALM Plugin
CVE-2021-23267 unknown 4y ago Crafter CMS Crafter Studio vulnerable to Improper Control of Dynamically-Managed Code Resources
CVE-2021-23265 unknown 4y ago Improper Privilege Management in craftercms
CVE-2021-23266 unknown 4y ago Log value insertion in craftercms
CVE-2021-23792 unknown 4y ago External Entity Reference in TwelveMonkeys ImageIO
CVE-2021-40822 unknown 4y ago GeoServer allows SSRF via the option for setting a proxy host
CVE-2021-3503 unknown 4y ago Metrics exposure in Wildfly
CVE-2021-31805 unknown 4y ago Expression Language Injection in Apache Struts
CVE-2021-44138 unknown 4y ago Path Traversal in Caucho Resin
CVE-2021-43142 unknown 4y ago Improper Restriction of XML External Entity Reference in wutka jox
CVE-2021-43090 unknown 4y ago Improper Restriction of XML External Entity Reference in soa-model
CVE-2021-20323 unknown 4y ago Cross-site Scripting in Keycloak
CVE-2021-30180 unknown 4y ago Code injection in Apache Dubbo
CVE-2021-30179 unknown 4y ago Deserialization of Untrusted Data in Apache Dubbo
CVE-2021-30181 unknown 4y ago Code injection in Apache Dubbo
CVE-2021-25640 unknown 4y ago Server-Side Request Forgery in Apache Dubbo
CVE-2021-25641 unknown 4y ago Deserializer tampering in Apache Dubbo
CVE-2021-30638 unknown 4y ago Information Exposure in Apache Tapestry
CVE-2021-21655 unknown 4y ago Cross-Site Request Forgery in Jenkins P4 Plugin
CVE-2021-21656 unknown 4y ago XML external entity (XXE) attacks in Jenkins Xcode integration Plugin
CVE-2021-23901 unknown 4y ago XML external entity (XXE) injection in Apache Nutch
CVE-2021-22114 unknown 4y ago Path Traversal in Spring-integration-zip
CVE-2021-44667 unknown 4y ago Cross-site Scripting in Nacos
CVE-2021-38296 unknown 4y ago Authentication Bypass by Capture-replay in Apache Spark
CVE-2021-44585 unknown 4y ago Cross-site Scripting in jeecg-boot
CVE-2021-46384 unknown 4y ago Remote code execution in net.mingsoft:ms-mcms
CVE-2021-38266 unknown 4y ago Liferay Portal and Liferay DXP fails to properly import users from LDAP
CVE-2021-3654 unknown 4y ago A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.
CVE-2021-38264 unknown 4y ago Liferay Portal vulnerable to cross-site scripting (XSS) via the keywords parameter
CVE-2021-38267 unknown 4y ago Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in edit blog entry page
CVE-2021-38269 unknown 4y ago Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in the Gogo Shell module
CVE-2021-38263 unknown 4y ago Liferay Portal and Liferay DXP cross-site scripting (XSS) vulnerability via the script console
CVE-2021-38265 unknown 4y ago Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS)
CVE-2021-38268 unknown 4y ago Liferay Portal and Liferay DXP has incorrect default permissions for site members
CVE-2021-41193 unknown 4y ago Use of Externally-Controlled Format String in wire-avs
CVE-2021-44550 unknown 4y ago Access Control vulnerability within CoreNLP
CVE-2021-46036 unknown 4y ago File upload leading to RCE in MCMS
CVE-2021-46037 unknown 4y ago Path traversal in MCMS
CVE-2021-46063 unknown 4y ago Server Side Template Injection in MCMS
CVE-2021-46062 unknown 4y ago MCMS Arbitrary File Deletion vulnerability
CVE-2021-44868 unknown 4y ago SQL injection in MCMS
CVE-2021-3127 unknown 4y ago NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled.
CVE-2021-44521 unknown 4y ago Apache Cassandra vulnerable to Code Injection due to unsafe configuration
CVE-2021-46366 unknown 4y ago Cross-Site Request Forgery in Magnolia CMS
CVE-2021-46361 unknown 4y ago Arbitrary code execution in Magnolia CMS
CVE-2021-46365 unknown 4y ago Improper Restriction of XML External Entity Reference in Magnolia CMS
CVE-2021-46364 unknown 4y ago Deserialization of Untrusted Data in Magnolia CMS
CVE-2021-46363 unknown 4y ago Arbitrary code execution in Magnolia CMS
CVE-2021-31684 unknown 4y ago Out of bounds read in json-smart
CVE-2021-43841 unknown 4y ago Cross-site Scripting by SVG upload in xwiki-platform
CVE-2021-32732 unknown 4y ago Cross-Site Request Forgery in xwiki-platform
CVE-2021-41496 unknown 4y ago Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative val…
CVE-2021-41495 unknown 4y ago Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attack…
CVE-2021-36151 unknown 4y ago Hadoop token in temp file visible to all users in Apache Gobblin
CVE-2021-36152 unknown 4y ago Apache Gobblin trusts all certificates used for LDAP connections in Gobblin-as-a-Service
CVE-2021-41571 unknown 4y ago Improper Input Validation in Apache Pulsar
CVE-2021-42767 unknown 4y ago Neo4j Graph Database vulnerable to Path Traversal
CVE-2021-43859 unknown 4y ago Denial of Service by injecting highly recursive collections or maps in XStream
CVE-2021-23460 unknown 4y ago Prototype pollution in min-dash
CVE-2021-41766 unknown 4y ago Insecure Java Deserialization in Apache Karaf
CVE-2021-45029 unknown 4y ago Code injection in ShenYu
CVE-2021-46383 unknown 4y ago Mingsoft MCMS SQL injection vulnerability
CVE-2021-46386 unknown 4y ago Mingsoft MCMS vulnerable to Remote Code Execution via file upload.
CVE-2021-46385 unknown 4y ago Mingsoft MCMS SQL injection vulnerability
CVE-2021-46089 unknown 4y ago SQL Injection in JeecgBoot
CVE-2021-23566 unknown 4y ago The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
CVE-2021-42357 unknown 4y ago Cross-site Scripting in Apache Knox SSO
CVE-2021-40525 unknown 4y ago Path traversal in Apache James
CVE-2021-22060 unknown 4y ago Log entry injection in Spring Framework
CVE-2021-43297 unknown 4y ago Deserialization of Untrusted Data in Dubbo
CVE-2021-36739 unknown 5y ago Cross-site Scripting in Apache Pluto
CVE-2021-36737 unknown 5y ago Cross-site Scripting in Apache Pluto
CVE-2021-36738 unknown 5y ago Cross-site Scripting in Apache Pluto
CVE-2021-45457 unknown 5y ago In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin.
CVE-2021-45458 unknown 5y ago Use of Hard-coded Credentials in Apache Kylin
CVE-2021-27738 unknown 5y ago Server-Side Request Forgery in Apache Kylin
CVE-2021-36774 unknown 5y ago SQL Injection in Apache Kylin
CVE-2021-31522 unknown 5y ago Kylin can receive user input and load any class through Class.forName(...).
CVE-2021-45456 unknown 5y ago Command Injection in Apache Kylin
CVE-2021-40111 unknown 5y ago Infinite Loop in Apache James