VIR Vulnerability Intelligence Relay

CVEs from 2021

4,786 normalized CVEs published or assigned in this year.

Total
4,786
critical
critical 281
high
high 1,022
medium
medium 1,179
low
low 138
% Critical
5.9%
% with KEV
4.5%
% with exploit
5.3%

Top vendors

Top products

  • simatic_wincc_runtime_advanced 28
  • office 13
  • primavera_gateway 10
  • weblogic_server 9
  • primavera_unifier 8
  • modicon_m340_bmxp342020 8
  • log4j 8
  • mbed_tls 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2021-22132 unknown 5y ago Insufficiently Protected Credentials in Elasticsearch
CVE-2021-22134 unknown 5y ago Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-21364 unknown 5y ago Generated Code Contains Local Information Disclosure Vulnerability
CVE-2021-21363 unknown 5y ago Generator Web Application: Local Privilege Escalation Vulnerability via System Temp Directory
CVE-2021-21361 unknown 5y ago Sensitive information disclosure via log in com.bmuschko:gradle-vagrant-plugin
CVE-2021-21331 unknown 5y ago Local Information Disclosure Vulnerability
CVE-2021-21479 unknown 5y ago Remote Code Execution in SCIMono
CVE-2021-21294 unknown 5y ago Unbounded connection acceptance in http4s-blaze-server
CVE-2021-21293 unknown 5y ago Unbounded connection acceptance leads to file handle exhaustion
CVE-2021-21028 unknown 5y ago Reflected Cross-site Scripting in ACS Commons
CVE-2021-3137 unknown 5y ago Cross Site Scripting (XSS) in XWiki
CVE-2021-20190 unknown 5y ago A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidential…
CVE-2021-21234 unknown 6y ago Directory Traversal in spring-boot-actuator-logview