2021 breaks the record for security vulnerabilities

The US-CERT Vulnerability database has recorded 18376 vulnerabilities as of December 8, 2021, which surpasses the 2020 record of 18351.

More than 50 common vulnerabilities and exposures (CVEs) were logged every day in 2021, according to Redscan Labs researchers. 

In addition, Redscan Labs analysis shows:

  • 90% of all CVEs uncovered in 2021 so far can be exploited by attackers with little technical skills
  • CVEs that require no user interaction, such as clicking a link, downloading a file or sharing their credentials, accounted for 61% of the total volume up to now
  • 54% of vulnerabilities so far this year are categorized as having “high” availability, meaning they are readily accessible/exploitable by attackers.

Redscan analysis, however, revealed that no privilege CVEs continued to decline in 2021: 55% of 2021 CVEs require no privileges to exploit, down from 59% in 2020 and 66% in 2019. Vulnerabilities with a high confidentiality rating dropped from 59% to 53% of CVEs over the past year — these are CVEs believed to impact confidential data.

Read the full report by Maria Henriquez on the Security Magazine blog.

This Month's Leaders