CVEs from 2021

4,807 normalized CVEs published or assigned in this year.

Total

4,807

critical

critical 280

high

high 1,018

medium

medium 1,175

low

low 138

% Critical

5.8%

% with KEV

4.4%

% with exploit

5.3%

Top vendors

Top products

simatic_wincc_runtime_advanced 28
office 13
primavera_gateway 10
weblogic_server 9
primavera_unifier 8
modicon_m340_bmxp342020 8
log4j 8
communications_unified_inventory_management 7

Top packages

PyPI/tensorflow-cpu 885
PyPI/tensorflow 885
PyPI/tensorflow-gpu 885
Packagist/moodle/moodle 126
Packagist/magento/community-edition 124
Maven/com.liferay.portal:release.dxp.bom 82
PyPI/salt 74
Maven/org.jenkins-ci.main:jenkins-core 60

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2021-22555	high	—	10.0				8mo ago	Linux Kernel contains a heap out-of-bounds write vulnerability that could allow an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space.
CVE-2021-43798	high	—	10.0				2y ago	Grafana contains a path traversal vulnerability that could allow access to local files.
CVE-2021-3560	high	—	10.0				3y ago	Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation.
CVE-2021-4034	high	—	10.0				4y ago	The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.
CVE-2021-3156	high	—	10.0				4y ago	Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation.
CVE-2021-41773	high	—	10.0				5y ago	A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-li…
CVE-2021-21220	high	—	10.0				5y ago	Google Chromium V8 Engine contains an improper input validation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could af…
CVE-2021-32305	high	—	9.0				—	arbitrary command execution in websvn
CVE-2021-44790	high	—	9.0				4y ago	A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerab…
CVE-2021-23017	high	—	9.0				5y ago	RHSA-2022:0323: nginx:1.20 security update (Important)
CVE-2021-27928	high	—	9.0				5y ago	RHSA-2021:1242: mariadb:10.3 and mariadb-devel:10.3 security update (Important)