CVEs from 2021
Total
4,788
critical
critical 281
high
high 1,022
medium
medium 1,179
low
low 138
% Critical
5.9%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- mbed_tls 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-33339 | unknown | — | — | 4y ago | Liferay Portal Fragment Module and Liferay DXP Vulnerable to Cross-Site Scripting | |||
| CVE-2021-33336 | unknown | — | — | 4y ago | Liferay Portal Journal Module and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) | |||
| CVE-2021-33338 | unknown | — | — | 4y ago | Liferay Portal Layout Module and Liferay DXP Exposes the Cross-Site Request Forgery (CSRF) Token in URLs | |||
| CVE-2021-33337 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Cross-site scripting (XSS) vulnerability in the Document Library module | |||
| CVE-2021-35463 | unknown | — | — | 4y ago | Liferay Portal cross-site scripting (XSS) vulnerability in the Frontend Taglib module | |||
| CVE-2021-33324 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Don't Check Permissions of Pages | |||
| CVE-2021-33326 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Cross-site scripting (XSS) vulnerability in the Frontend JS module | |||
| CVE-2021-33323 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP autosaves form data for other users to see | |||
| CVE-2021-33328 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Edit Vocabulary Page | |||
| CVE-2021-33325 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Stores User Passwords in Cleartext | |||
| CVE-2021-33321 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP insecure default configuration | |||
| CVE-2021-33320 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP vulnerable to email spam via lack of flagging rate | |||
| CVE-2021-33334 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Fails to Properly Check User Permissions | |||
| CVE-2021-33331 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Allows Arbitrary Redirect of Users to External URLs | |||
| CVE-2021-33333 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Fails to Check User Permissions for Workflow Submissions | |||
| CVE-2021-33332 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) | |||
| CVE-2021-34802 | unknown | — | — | 4y ago | Improper Privilege Management in Neo4j Graph Database | |||
| CVE-2021-21675 | unknown | — | — | 4y ago | CSRF vulnerabilities in Jenkins requests-plugin Plugin | |||
| CVE-2021-21674 | unknown | — | — | 4y ago | Missing permission check in Jenkins requests-plugin Plugin allows viewing pending requests | |||
| CVE-2021-21676 | unknown | — | — | 4y ago | Missing permission check in Jenkins requests-plugin Plugin allows sending emails | |||
| CVE-2021-21673 | unknown | — | — | 4y ago | Open redirect vulnerability in Jenkins CAS Plugin | |||
| CVE-2021-31649 | unknown | — | — | 4y ago | JFinal Java Deserialization Vulnerability | |||
| CVE-2021-21669 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Generic Webhook Trigger Plugin | |||
| CVE-2021-21664 | unknown | — | — | 4y ago | Incorrect permission check in XebiaLabs XL Deploy Plugin allows capturing credentials | |||
| CVE-2021-21665 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin allows capturing credentials | |||
| CVE-2021-21663 | unknown | — | — | 4y ago | Missing permission check in Jenkins XebiaLabs XL Deploy Plugin allows capturing credentials | |||
| CVE-2021-20267 | unknown | — | — | 4y ago | A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersona… | |||
| CVE-2021-22118 | unknown | — | — | 4y ago | Improper Privilege Management in Spring Framework | |||
| CVE-2021-33194 | unknown | — | — | 4y ago | golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input. | |||
| CVE-2021-21660 | unknown | — | — | 4y ago | XSS vulnerability in Jenkins Markdown Formatter Plugin | |||
| CVE-2021-21659 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins URLTrigger Plugin | |||
| CVE-2021-23937 | unknown | — | — | 4y ago | DNS based denial of service in Apache Wicket | |||
| CVE-2021-21658 | unknown | — | — | 4y ago | XML external entity vulnerability in Jenkins Nuget Plugin | |||
| CVE-2021-21657 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Filesystem Trigger Plugin | |||
| CVE-2021-25934 | unknown | — | — | 4y ago | OpenNMS Horizon vulnerable to XSS | |||
| CVE-2021-29045 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via the Redirect's Admin Page | |||
| CVE-2021-29053 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Vulnerable to Multiple SQL Injections | |||
| CVE-2021-29043 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP May Reveal S3 Store's Proxy Password | |||
| CVE-2021-29048 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in the Layout Admin Page | |||
| CVE-2021-29044 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Membership Request Admin Page | |||
| CVE-2021-29046 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Asset Module Parameter | |||
| CVE-2021-29051 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Asset Publisher App | |||
| CVE-2021-29052 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Fails to Check Permissions | |||
| CVE-2021-29040 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Reveals Data via Overly Verbose Error Messages | |||
| CVE-2021-29041 | unknown | — | — | 4y ago | Liferay DXP Vulnerable to Denial-of-service (DoS) in the Multi-Factor Authentication Module | |||
| CVE-2021-29047 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Fails to Invalidate CAPTCHA Answers After Use | |||
| CVE-2021-22137 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch | |||
| CVE-2021-21647 | unknown | — | — | 4y ago | Missing permission check in Jenkins CloudBees CD Plugin allows scheduling builds | |||
| CVE-2021-21642 | unknown | — | — | 4y ago | XML External Entity Reference vulnerability in Jenkins Config File Provider Plugin | |||
| CVE-2021-21643 | unknown | — | — | 4y ago | Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs | |||
| CVE-2021-21646 | unknown | — | — | 4y ago | Remote code execution vulnerability in Jenkins Templating Engine Plugin | |||
| CVE-2021-21645 | unknown | — | — | 4y ago | Missing permission checks in Jenkins Config File Provider Plugin allow enumerating configuration file IDs | |||
| CVE-2021-21644 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Config File Provider Plugin allows deleting configuration files | |||
| CVE-2021-22510 | unknown | — | — | 4y ago | Reflected XSS vulnerability in Jenkins Micro Focus Application Automation Tools Plugin | |||
| CVE-2021-22511 | unknown | — | — | 4y ago | SSL/TLS certificate validation unconditionally disabled by Jenkins Micro Focus Application Automation Tools Plugin | |||
| CVE-2021-22513 | unknown | — | — | 4y ago | Missing permission checks in Micro Focus Application Automation Tools Plugin | |||
| CVE-2021-22512 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Micro Focus Application Automation Tools Plugin | |||
| CVE-2021-21641 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins promoted builds Plugin | |||
| CVE-2021-21634 | unknown | — | — | 4y ago | Passwords stored in plain text by Jenkins Jabber (XMPP) notifier and control Plugin | |||
| CVE-2021-21637 | unknown | — | — | 4y ago | Missing permission check in Jenkins Team Foundation Server Plugin allow capturing credentials | |||
| CVE-2021-21632 | unknown | — | — | 4y ago | Missing permission checks in Jenkins OWASP Dependency-Track Plugin allow capturing credentials | |||
| CVE-2021-21636 | unknown | — | — | 4y ago | Missing permission check in Jenkins Team Foundation Server Plugin allows enumerating credentials IDs | |||
| CVE-2021-21633 | unknown | — | — | 4y ago | CSRF vulnerability and in Jenkins OWASP Dependency-Track Plugin allow capturing credentials | |||
| CVE-2021-21631 | unknown | — | — | 4y ago | Missing permission check in Jenkins Cloud Statistics Plugin | |||
| CVE-2021-21635 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins REST List Parameter Plugin | |||
| CVE-2021-21629 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Build With Parameters Plugin | |||
| CVE-2021-21630 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Extra Columns Plugin | |||
| CVE-2021-21628 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Build With Parameters Plugin | |||
| CVE-2021-21627 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Libvirt Agents Plugin | |||
| CVE-2021-21624 | unknown | — | — | 4y ago | Incorrect permission checks in Jenkins Role-based Authorization Strategy Plugin may allow accessing some items | |||
| CVE-2021-21626 | unknown | — | — | 4y ago | Missing permission checks in Jenkins Warnings Next Generation Plugin allow listing workspace contents | |||
| CVE-2021-21625 | unknown | — | — | 4y ago | Missing permission checks in Jenkins CloudBees AWS Credentials Plugin allows enumerating credentials IDs | |||
| CVE-2021-21623 | unknown | — | — | 4y ago | Incorrect permission checks in Jenkins Matrix Authorization Strategy Plugin may allow accessing some items | |||
| CVE-2021-20218 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Fabric8 Kubernetes Client | |||
| CVE-2021-21619 | unknown | — | — | 4y ago | XSS vulnerability in Jenkins Claim Plugin | |||
| CVE-2021-21616 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Active Choices Plugin | |||
| CVE-2021-21622 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Artifact Repository Parameter Plugin | |||
| CVE-2021-21621 | unknown | — | — | 4y ago | Support bundles can include user session IDs in Jenkins Support Core Plugin | |||
| CVE-2021-21618 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Repository Connector Plugin | |||
| CVE-2021-21617 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Configuration Slicing Plugin | |||
| CVE-2021-3396 | unknown | — | — | 4y ago | OpenNMS Horizon RCE via JEXL2 expression | |||
| CVE-2021-0341 | unknown | — | — | 4y ago | Square OkHttp can accept the wrong certificate | |||
| CVE-2021-21613 | unknown | — | — | 4y ago | XSS vulnerability in Jenkins TICS Plugin | |||
| CVE-2021-21612 | unknown | — | — | 4y ago | Credentials stored in plain text by Jenkins TraceTronic ECU-TEST Plugin | |||
| CVE-2021-21614 | unknown | — | — | 4y ago | Credentials stored in plain text by Jenkins Bumblebee HP ALM Plugin | |||
| CVE-2021-23267 | unknown | — | — | 4y ago | Crafter CMS Crafter Studio vulnerable to Improper Control of Dynamically-Managed Code Resources | |||
| CVE-2021-23266 | unknown | — | — | 4y ago | Log value insertion in craftercms | |||
| CVE-2021-23265 | unknown | — | — | 4y ago | Improper Privilege Management in craftercms | |||
| CVE-2021-23792 | unknown | — | — | 4y ago | External Entity Reference in TwelveMonkeys ImageIO | |||
| CVE-2021-40822 | unknown | — | — | 4y ago | GeoServer allows SSRF via the option for setting a proxy host | |||
| CVE-2021-3503 | unknown | — | — | 4y ago | Metrics exposure in Wildfly | |||
| CVE-2021-31805 | unknown | — | — | 4y ago | Expression Language Injection in Apache Struts | |||
| CVE-2021-44138 | unknown | — | — | 4y ago | Path Traversal in Caucho Resin | |||
| CVE-2021-43142 | unknown | — | — | 4y ago | Improper Restriction of XML External Entity Reference in wutka jox | |||
| CVE-2021-43090 | unknown | — | — | 4y ago | Improper Restriction of XML External Entity Reference in soa-model | |||
| CVE-2021-20323 | unknown | — | — | 4y ago | Cross-site Scripting in Keycloak | |||
| CVE-2021-30180 | unknown | — | — | 4y ago | Code injection in Apache Dubbo | |||
| CVE-2021-30179 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Apache Dubbo | |||
| CVE-2021-30181 | unknown | — | — | 4y ago | Code injection in Apache Dubbo | |||
| CVE-2021-25640 | unknown | — | — | 4y ago | Server-Side Request Forgery in Apache Dubbo |