CVEs from 2021
Total
4,816
critical
critical 279
high
high 1,005
medium
medium 1,166
low
low 138
% Critical
5.8%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- office 13
- primavera_gateway 10
- weblogic_server 9
- modicon_m340_bmxp342020 8
- log4j 8
- primavera_unifier 8
- retail_service_backbone 7
- communications_unified_inventory_management 7
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-21429 | unknown | — | — | 5y ago | Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin | |||
| CVE-2021-29442 | unknown | — | — | 5y ago | Authentication bypass for specific endpoint | |||
| CVE-2021-29441 | unknown | — | — | 5y ago | Authentication Bypass | |||
| CVE-2021-28168 | unknown | — | — | 5y ago | Local information disclosure via system temporary directory | |||
| CVE-2021-29459 | unknown | — | — | 5y ago | XSS Cross Site Scripting | |||
| CVE-2021-31408 | unknown | — | — | 5y ago | Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19 | |||
| CVE-2021-29451 | unknown | — | — | 5y ago | Missing validation of JWT signature in `ManyDesigns/Portofino` | |||
| CVE-2021-31404 | unknown | — | — | 5y ago | Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18 | |||
| CVE-2021-31403 | unknown | — | — | 5y ago | Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8 | |||
| CVE-2021-31406 | unknown | — | — | 5y ago | Timing side channel vulnerability in endpoint request handler in Vaadin 15-19 | |||
| CVE-2021-31405 | unknown | — | — | 5y ago | Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17 | |||
| CVE-2021-23369 | unknown | — | — | 5y ago | Remote code execution in handlebars when compiling templates | |||
| CVE-2021-28163 | unknown | — | — | 5y ago | Directory exposure in jetty | |||
| CVE-2021-28100 | unknown | — | — | 5y ago | Netflix/Priam: Temporary Directory Information Disclosure | |||
| CVE-2021-28099 | unknown | — | — | 5y ago | Insecure temporary file in Netflix OSS Hollow | |||
| CVE-2021-21380 | unknown | — | — | 5y ago | Rating Script Service expose XWiki to SQL injection | |||
| CVE-2021-21379 | unknown | — | — | 5y ago | It's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro | |||
| CVE-2021-21351 | unknown | — | — | 5y ago | XStream is vulnerable to an Arbitrary Code Execution attack | |||
| CVE-2021-21350 | unknown | — | — | 5y ago | XStream is vulnerable to an Arbitrary Code Execution attack | |||
| CVE-2021-21349 | unknown | — | — | 5y ago | A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host | |||
| CVE-2021-21348 | unknown | — | — | 5y ago | XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos) | |||
| CVE-2021-21347 | unknown | — | — | 5y ago | XStream is vulnerable to an Arbitrary Code Execution attack | |||
| CVE-2021-21346 | unknown | — | — | 5y ago | XStream is vulnerable to an Arbitrary Code Execution attack | |||
| CVE-2021-21345 | unknown | — | — | 5y ago | XStream is vulnerable to a Remote Command Execution attack | |||
| CVE-2021-21344 | unknown | — | — | 5y ago | XStream is vulnerable to an Arbitrary Code Execution attack | |||
| CVE-2021-21343 | unknown | — | — | 5y ago | XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights | |||
| CVE-2021-21342 | unknown | — | — | 5y ago | A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host | |||
| CVE-2021-21341 | unknown | — | — | 5y ago | XStream can cause a Denial of Service. | |||
| CVE-2021-25329 | unknown | — | — | 5y ago | Potential remote code execution in Apache Tomcat | |||
| CVE-2021-22132 | unknown | — | — | 5y ago | Insufficiently Protected Credentials in Elasticsearch | |||
| CVE-2021-22134 | unknown | — | — | 5y ago | Exposure of Sensitive Information to an Unauthorized Actor | |||
| CVE-2021-21364 | unknown | — | — | 5y ago | Generated Code Contains Local Information Disclosure Vulnerability | |||
| CVE-2021-21363 | unknown | — | — | 5y ago | Generator Web Application: Local Privilege Escalation Vulnerability via System Temp Directory | |||
| CVE-2021-21361 | unknown | — | — | 5y ago | Sensitive information disclosure via log in com.bmuschko:gradle-vagrant-plugin | |||
| CVE-2021-21331 | unknown | — | — | 5y ago | Local Information Disclosure Vulnerability | |||
| CVE-2021-21479 | unknown | — | — | 5y ago | Remote Code Execution in SCIMono | |||
| CVE-2021-21294 | unknown | — | — | 5y ago | Unbounded connection acceptance in http4s-blaze-server | |||
| CVE-2021-21293 | unknown | — | — | 5y ago | Unbounded connection acceptance leads to file handle exhaustion | |||
| CVE-2021-21028 | unknown | — | — | 5y ago | Reflected Cross-site Scripting in ACS Commons | |||
| CVE-2021-3137 | unknown | — | — | 5y ago | Cross Site Scripting (XSS) in XWiki | |||
| CVE-2021-20190 | unknown | — | — | 5y ago | Deserialization of untrusted data in jackson-databind | |||
| CVE-2021-21234 | unknown | — | — | 6y ago | Directory Traversal in spring-boot-actuator-logview |