CVEs from 2021
Total
4,791
critical
critical 281
high
high 1,022
medium
medium 1,179
low
low 138
% Critical
5.9%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- mbed_tls 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-21380 | unknown | — | — | 5y ago | Rating Script Service expose XWiki to SQL injection | |||
| CVE-2021-21379 | unknown | — | — | 5y ago | It's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro | |||
| CVE-2021-21351 | unknown | — | — | 5y ago | XStream is vulnerable to an Arbitrary Code Execution attack | |||
| CVE-2021-21350 | unknown | — | — | 5y ago | XStream is vulnerable to an Arbitrary Code Execution attack | |||
| CVE-2021-21349 | unknown | — | — | 5y ago | A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host | |||
| CVE-2021-21348 | unknown | — | — | 5y ago | XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos) | |||
| CVE-2021-21347 | unknown | — | — | 5y ago | XStream is vulnerable to an Arbitrary Code Execution attack | |||
| CVE-2021-21346 | unknown | — | — | 5y ago | XStream is vulnerable to an Arbitrary Code Execution attack | |||
| CVE-2021-21345 | unknown | — | — | 5y ago | XStream is vulnerable to a Remote Command Execution attack | |||
| CVE-2021-21344 | unknown | — | — | 5y ago | XStream is vulnerable to an Arbitrary Code Execution attack | |||
| CVE-2021-21343 | unknown | — | — | 5y ago | XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights | |||
| CVE-2021-21342 | unknown | — | — | 5y ago | A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host | |||
| CVE-2021-21341 | unknown | — | — | 5y ago | XStream can cause a Denial of Service. | |||
| CVE-2021-25329 | unknown | — | — | 5y ago | The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikel… | |||
| CVE-2021-22132 | unknown | — | — | 5y ago | Insufficiently Protected Credentials in Elasticsearch | |||
| CVE-2021-22134 | unknown | — | — | 5y ago | Exposure of Sensitive Information to an Unauthorized Actor | |||
| CVE-2021-21364 | unknown | — | — | 5y ago | Generated Code Contains Local Information Disclosure Vulnerability | |||
| CVE-2021-21363 | unknown | — | — | 5y ago | Generator Web Application: Local Privilege Escalation Vulnerability via System Temp Directory | |||
| CVE-2021-21361 | unknown | — | — | 5y ago | Sensitive information disclosure via log in com.bmuschko:gradle-vagrant-plugin | |||
| CVE-2021-21331 | unknown | — | — | 5y ago | Local Information Disclosure Vulnerability | |||
| CVE-2021-21479 | unknown | — | — | 5y ago | Remote Code Execution in SCIMono | |||
| CVE-2021-21294 | unknown | — | — | 5y ago | Unbounded connection acceptance in http4s-blaze-server | |||
| CVE-2021-21293 | unknown | — | — | 5y ago | Unbounded connection acceptance leads to file handle exhaustion | |||
| CVE-2021-21028 | unknown | — | — | 5y ago | Reflected Cross-site Scripting in ACS Commons | |||
| CVE-2021-3137 | unknown | — | — | 5y ago | Cross Site Scripting (XSS) in XWiki | |||
| CVE-2021-20190 | unknown | — | — | 5y ago | Deserialization of untrusted data in jackson-databind | |||
| CVE-2021-21234 | unknown | — | — | 6y ago | Directory Traversal in spring-boot-actuator-logview |