Q1 2021 CVE Review

Apr 7, 2021

overlay

Director of Security Research at Kenna Security

Share with Your Network

Since this week marks the start of the 2nd quarter, I figured it would be interesting to see where we are with the number of CVEs published this year.

Since January 1st, 2021, the NVD has published:

2792 CVEs

31 Per Day

The five busiest publishing dates were:

2021-01-20 201

2021-01-12 127

2021-01-13 126

2021-03-11 107

2021-02-04 92

CVEs published per day in Q1 2021

How does this compare to CVEs published in Q1 2020

From January 1st, 2020 to April 1st, 2020, there were:

2484 CVEs

27 Per Day

7.11 Average CVSS 3 Score

27.2 Average Kenna Risk Score.

The five busiest publishing dates in the 1st quarter last year were:

2020-03-12 284

2020-01-15 228

2020-02-11 163

2020-03-25 100

2020-02-13 79

CVEs published in 2020 presented in a calendar heat map. Dark reds represented highest days of published CVEs

Looking Ahead

In Q1 of 2020, 15% of CVEs were published (2484 of 15789). If that number were to hold for this year, we are looking at over 17800 CVEs this year (although I would bet the over). Here is a Jupyter notebook you can use to get access to the full data set:

https://gist.github.com/jgamblin/119ef976bfacd12f6ba0f0bc3e276f5f

Listen to our podcast as we look into how 2021 is shaping up.

Read the Latest Content

March Vuln of the Month: CVE-2021-24094

Kenna is closely tracking CVE-2021-24094, a Remote Code Execution vuln in the default TCP/IP stack on all supported Microsoft OS.

Employee Spotlight

Employee Spotlight: Jet’s Pizza with Jerry Gamblin

Jerry Gamblin serves as Principal Security Engineer at Kenna Security, he’s Kenna’s security champion, teacher, and occasional mischief-maker.

Threat Intelligence

CVE 2020 0601 FAQ

A major vulnerability CVE-2020-0601 in the Windows CryptoAPI (crypt32.dll) component has generated has brought a lot of questions to Kenna. Learn more!...