CVEs from 2021

4,807 normalized CVEs published or assigned in this year.

Total

4,807

critical

critical 280

high

high 1,018

medium

medium 1,175

low

low 138

% Critical

5.8%

% with KEV

4.4%

% with exploit

5.3%

Top vendors

Top products

simatic_wincc_runtime_advanced 28
office 13
primavera_gateway 10
weblogic_server 9
primavera_unifier 8
modicon_m340_bmxp342020 8
log4j 8
communications_unified_inventory_management 7

Top packages

PyPI/tensorflow-cpu 885
PyPI/tensorflow 885
PyPI/tensorflow-gpu 885
Packagist/moodle/moodle 126
Packagist/magento/community-edition 124
Maven/com.liferay.portal:release.dxp.bom 82
PyPI/salt 74
Maven/org.jenkins-ci.main:jenkins-core 60

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2021-44228	critical	—	10.0				5y ago	Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
CVE-2021-42013	critical	—	10.0				5y ago	It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Al…
CVE-2021-22205	critical	—	10.0				5y ago	GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through Exi…
CVE-2021-22204	medium	—	8.0				5y ago	Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
CVE-2021-29447	medium	—	6.5				—	Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress install…
CVE-2021-3490	medium	—	6.5				—	The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kern…
CVE-2021-31806	medium	—	6.5				5y ago	RHSA-2021:4292: squid:4 security, bug fix, and enhancement update (Moderate)
CVE-2021-31807	medium	—	6.5				5y ago	RHSA-2021:4292: squid:4 security, bug fix, and enhancement update (Moderate)
CVE-2021-21300	low	—	3.5				—	Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as…