CVEs from 2021

4,786 normalized CVEs published or assigned in this year.

Total

4,786

critical

critical 281

high

high 1,022

medium

medium 1,179

low

low 138

% Critical

5.9%

% with KEV

4.5%

% with exploit

5.3%

Top vendors

Top products

simatic_wincc_runtime_advanced 28
office 13
primavera_gateway 10
weblogic_server 9
primavera_unifier 8
modicon_m340_bmxp342020 8
log4j 8
mbed_tls 8

Top packages

PyPI/tensorflow-cpu 885
PyPI/tensorflow 885
PyPI/tensorflow-gpu 885
Packagist/moodle/moodle 126
Packagist/magento/community-edition 124
Maven/com.liferay.portal:release.dxp.bom 82
PyPI/salt 74
Maven/org.jenkins-ci.main:jenkins-core 60

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2021-4090	high	7.1	7.1				4y ago	An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmval[bmlen-1] in nfsd4_decode_bitmap4 in fs/nfsd/nfs4xdr.c. In this flaw…
CVE-2021-36133	high	7.1	7.1				5y ago	The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/wr…
CVE-2021-41617	high	7.0	7.0				5y ago	sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs …