CVEs from 2021

4,841 normalized CVEs published or assigned in this year.

Total

4,841

critical

critical 279

high

high 1,005

medium

medium 1,166

low

low 138

% Critical

5.8%

% with KEV

4.4%

% with exploit

5.3%

Top vendors

Top products

office 13
primavera_gateway 10
weblogic_server 9
modicon_m340_bmxp342020 8
log4j 8
primavera_unifier 8
retail_service_backbone 7
communications_unified_inventory_management 7

Top packages

PyPI/tensorflow-cpu 885
PyPI/tensorflow 885
PyPI/tensorflow-gpu 885
Packagist/moodle/moodle 126
Packagist/magento/community-edition 124
Maven/com.liferay.portal:release.dxp.bom 82
PyPI/salt 74
Maven/org.jenkins-ci.main:jenkins-core 60

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2021-21343	unknown	—	—				5y ago	XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights
CVE-2021-21342	unknown	—	—				5y ago	A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
CVE-2021-21341	unknown	—	—				5y ago	XStream can cause a Denial of Service.
CVE-2021-25329	unknown	—	—				5y ago	Potential remote code execution in Apache Tomcat
CVE-2021-22132	unknown	—	—				5y ago	Insufficiently Protected Credentials in Elasticsearch
CVE-2021-22134	unknown	—	—				5y ago	Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-21364	unknown	—	—				5y ago	Generated Code Contains Local Information Disclosure Vulnerability
CVE-2021-21363	unknown	—	—				5y ago	Generator Web Application: Local Privilege Escalation Vulnerability via System Temp Directory
CVE-2021-21361	unknown	—	—				5y ago	Sensitive information disclosure via log in com.bmuschko:gradle-vagrant-plugin
CVE-2021-21331	unknown	—	—				5y ago	Local Information Disclosure Vulnerability
CVE-2021-21479	unknown	—	—				5y ago	Remote Code Execution in SCIMono
CVE-2021-21294	unknown	—	—				5y ago	Unbounded connection acceptance in http4s-blaze-server
CVE-2021-21293	unknown	—	—				5y ago	Unbounded connection acceptance leads to file handle exhaustion
CVE-2021-21028	unknown	—	—				5y ago	Reflected Cross-site Scripting in ACS Commons
CVE-2021-3137	unknown	—	—				5y ago	Cross Site Scripting (XSS) in XWiki
CVE-2021-20190	unknown	—	—				5y ago	Deserialization of untrusted data in jackson-databind
CVE-2021-21234	unknown	—	—				6y ago	Directory Traversal in spring-boot-actuator-logview