VIR Vulnerability Intelligence Relay

CVEs from 2021

4,841 normalized CVEs published or assigned in this year.

Total
4,841
critical
critical 279
high
high 1,005
medium
medium 1,166
low
low 138
% Critical
5.8%
% with KEV
4.4%
% with exploit
5.3%

Top vendors

Top products

  • office 13
  • primavera_gateway 10
  • weblogic_server 9
  • modicon_m340_bmxp342020 8
  • log4j 8
  • primavera_unifier 8
  • retail_service_backbone 7
  • communications_unified_inventory_management 7

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2021-42567 unknown 5y ago Cross-site Scripting in Apereo CAS
CVE-2021-43795 unknown 5y ago Path Traversal in com.linecorp.armeria:armeria
CVE-2021-40369 unknown 5y ago Apache JSPWiki Cross-site Scripting due to carefully crafted plugin link invocation
CVE-2021-22095 unknown 5y ago Deserialization of Untrusted Data in Spring AMQP
CVE-2021-44140 unknown 5y ago Incorrect Default Permissions in Apache JSPWiki
CVE-2021-40830 unknown 5y ago Improper certificate management in AWS IoT Device SDK v2
CVE-2021-40829 unknown 5y ago Improper certificate management in AWS IoT Device SDK v2
CVE-2021-40828 unknown 5y ago Improper certificate management in AWS IoT Device SDK v2
CVE-2021-41270 unknown 5y ago Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 bef…
CVE-2021-40831 unknown 5y ago Improper certificate management in AWS IoT Device SDK v2
CVE-2021-41268 unknown 5y ago Symfony/SecurityBundle is the security system for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Since the rework of the Remember me cookie in version…
CVE-2021-41267 unknown 5y ago Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the "trusted_headers"…
CVE-2021-39231 unknown 5y ago Exposure of sensitive information in Apache Ozone
CVE-2021-39233 unknown 5y ago Incorrect Authorization in Apache Ozone
CVE-2021-41532 unknown 5y ago Apache Ozone exposes OM, SCM and Datanode metadata
CVE-2021-39235 unknown 5y ago Incorrect permissions in Apache Ozone
CVE-2021-36372 unknown 5y ago Improper Privilege Management in Apache Ozone
CVE-2021-39232 unknown 5y ago Incorrect Authorization in Apache Ozone
CVE-2021-39236 unknown 5y ago Apache Ozone user impersonation due to non-validation of Ozone S3 tokens
CVE-2021-39234 unknown 5y ago Incorrect Authorization in Apache Ozone
CVE-2021-22053 unknown 5y ago Code injection in spring-cloud-netflix-hystrix-dashboard
CVE-2021-37580 unknown 5y ago Improper Authentication in Apache ShenYu Admin
CVE-2021-45710 unknown 5y ago An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory…
CVE-2021-41269 unknown 5y ago Critical vulnerability found in cron-utils
CVE-2021-43570 unknown 5y ago Improper Verification of Cryptographic Signature in starkbank-ecdsa
CVE-2021-43466 unknown 5y ago Template injection in thymeleaf-spring5
CVE-2021-22051 unknown 5y ago Request injection in Spring Cloud Gateway
CVE-2021-33611 unknown 5y ago Reflected cross-site scripting in vaadin-menu-bar webjar resources in Vaadin 14
CVE-2021-41973 unknown 5y ago Infinite loop in Apache MINA
CVE-2021-27644 unknown 5y ago SQL injection in Apache DolphinScheduler
CVE-2021-41189 unknown 5y ago Communities and collections administrators can escalate their privilege up to system administrator
CVE-2021-40865 unknown 5y ago Deserialization of Untrusted Data leading to Remote Code Execution in Apache Storm
CVE-2021-41182 unknown 5y ago XSS in the `altField` option of the Datepicker widget in jquery-ui
CVE-2021-41184 unknown 5y ago XSS in the `of` option of the `.position()` util in jquery-ui
CVE-2021-41183 unknown 5y ago XSS in `*Text` options of the Datepicker widget in jquery-ui
CVE-2021-42575 unknown 5y ago Policies not properly enforced in OWASP Java HTML Sanitizer
CVE-2021-33609 unknown 5y ago Denial of service in DataCommunicator class in Vaadin 8
CVE-2021-25738 unknown 5y ago Code injection in Kubernetes Java Client
CVE-2021-3312 unknown 5y ago XML External Entity Reference in org.opencms:opencms-core
CVE-2021-28170 unknown 5y ago Improper Input Validation in Jakarta Expression Language
CVE-2021-41862 unknown 5y ago Expression injection in AviatorScript
CVE-2021-41616 unknown 5y ago Deserialization of Untrusted Data in org.apache.ddlutils:ddlutils
CVE-2021-25959 unknown 5y ago Cross-site Scripting in OpenCRX
CVE-2021-36749 unknown 5y ago Druid ingestion system Authenticated users can read data from other sources than intended
CVE-2021-38153 unknown 5y ago Observable Discrepancy in Apache Kafka
CVE-2021-41084 unknown 5y ago Response Splitting from unsanitized headers
CVE-2021-26333 unknown 5y ago An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle an…
CVE-2021-40690 unknown 5y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Santuario
CVE-2021-41079 unknown 5y ago Infinite loop in Tomcat due to parsing error
CVE-2021-22147 unknown 5y ago Exposure of sensitive information in Elasticsearch
CVE-2021-39239 unknown 5y ago XML External Entity Reference in Apache Jena
CVE-2021-41303 unknown 5y ago Apache Shiro vulnerable to a specially crafted HTTP request causing an authentication bypass
CVE-2021-40146 unknown 5y ago Remote Code Execution in Any23
CVE-2021-38555 unknown 5y ago XML Injection in Any23
CVE-2021-37579 unknown 5y ago Security check skip in Apache Dubbo
CVE-2021-36161 unknown 5y ago Remote Code Execution in Apache Dubbo
CVE-2021-36162 unknown 5y ago Remote Code Execution in Apache Dubbo
CVE-2021-36163 unknown 5y ago Hessian protocol configuration vulnerability in Apache Dubbo
CVE-2021-40143 unknown 5y ago HTTP header injection in Sonatype Nexus Repository
CVE-2021-39194 unknown 5y ago Improper Handling of Missing Values in kaml
CVE-2021-39177 unknown 5y ago User impersonation due to incorrect handling of the login JWT
CVE-2021-27578 unknown 5y ago Cross-site Scripting in Apache Zeppelin
CVE-2021-39185 unknown 5y ago Default CORS config allows any origin with credentials
CVE-2021-34371 unknown 5y ago Deserialization of Untrusted Data in Neo4j
CVE-2021-39132 unknown 5y ago YAML deserialization can run untrusted code
CVE-2021-39133 unknown 5y ago Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server
CVE-2021-32827 unknown 5y ago Injection in MockServer
CVE-2021-33605 unknown 5y ago Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20
CVE-2021-39139 unknown 5y ago XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-39140 unknown 5y ago XStream can cause a Denial of Service
CVE-2021-39141 unknown 5y ago XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-39145 unknown 5y ago XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-39146 unknown 5y ago XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-39147 unknown 5y ago XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-39148 unknown 5y ago XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-39149 unknown 5y ago XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-39150 unknown 5y ago A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
CVE-2021-39151 unknown 5y ago XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-39152 unknown 5y ago A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
CVE-2021-39153 unknown 5y ago XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-39154 unknown 5y ago XStream is vulnerable to an Arbitrary Code Execution attack
CVE-2021-37714 unknown 5y ago Uncaught Exception in jsoup
CVE-2021-33348 unknown 5y ago Cross-site scripting in jfinal
CVE-2021-26920 unknown 5y ago Druid ingestion system Authenticated users can read data from other sources than intended
CVE-2021-33192 unknown 5y ago Cross-site scripting in Apache Jena Fuseki
CVE-2021-30640 unknown 5y ago Authentication Bypass by Alternate Name in Apache Tomcat
CVE-2021-33037 unknown 5y ago HTTP Request Smuggling in Apache Tomcat
CVE-2021-30639 unknown 5y ago Improper Handling of Exceptional Conditions in Apache Tomcat
CVE-2021-37578 unknown 5y ago Deserialization of Untrusted Data in Apache jUDDI
CVE-2021-22144 unknown 5y ago Denial of Service in Elasticsearch
CVE-2021-33900 unknown 5y ago Missing encryption in Apache Directory Studio
CVE-2021-23408 unknown 5y ago Prototype Pollution in GraphHopper
CVE-2021-35043 unknown 5y ago Cross-site Scripting in OWASP AntiSamy
CVE-2021-36090 unknown 5y ago Improper Handling of Length Parameter Inconsistency in Compress
CVE-2021-35517 unknown 5y ago Improper Handling of Length Parameter Inconsistency in Compress
CVE-2021-35516 unknown 5y ago Improper Handling of Length Parameter Inconsistency in Compress
CVE-2021-35515 unknown 5y ago Excessive Iteration in Compress
CVE-2021-30129 unknown 5y ago Buffer Overflow in Apache Mina SSHD
CVE-2021-32769 unknown 5y ago Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in micronaut-core
CVE-2021-32012 unknown 5y ago Denial of Service in SheetJS Pro