CVEs from 2021
Total
5,048
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%
Top products
- office 13
- 365_apps 6
- office_long_term_servicing_channel 6
- library_automation_system 5
- single_connect 4
- http_server 3
- solidfire 2
- student_information_management_system 2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2021-39913 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-2297 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high… | |
| CVE-2021-2296 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high… | |
| CVE-2021-24002 | high | — | 8.0 | — | When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. Th… | |
| CVE-2021-21210 | high | — | 8.0 | — | Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page. | |
| CVE-2021-24001 | high | — | 8.0 | — | A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. … | |
| CVE-2021-2475 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows high p… | |
| CVE-2021-35538 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows low pr… | |
| CVE-2021-38496 | high | — | 8.0 | — | During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbir… | |
| CVE-2021-21163 | high | — | 8.0 | — | Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server. | |
| CVE-2021-38502 | high | — | 8.0 | — | Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the auth… | |
| CVE-2021-37974 | high | — | 8.0 | — | Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-21184 | high | — | 8.0 | — | Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2021-21232 | high | — | 8.0 | — | Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-32655 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-30625 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-43535 | high | — | 8.0 | — | A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firef… | |
| CVE-2021-21186 | high | — | 8.0 | — | Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a craft… | |
| CVE-2021-22241 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-29983 | high | — | 8.0 | — | Firefox for Android could get stuck in fullscreen mode and not exit it even after normal interactions that should cause it to exit. *Note: This issue only affected Firefox for Android. Other operatin… | |
| CVE-2021-4129 | high | — | 8.0 | — | Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of t… | |
| CVE-2021-2291 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows low … | |
| CVE-2021-35540 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows low pr… | |
| CVE-2021-30631 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-22216 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22213 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-32654 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-22220 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22901 | high | — | 8.0 | — | curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use… | |
| CVE-2021-22218 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22214 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-32778 | high | — | 8.0 | — | multiple issues in istio | |
| CVE-2021-22219 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-38494 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2021-22236 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22181 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-32653 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-22915 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-22237 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-28457 | high | — | 8.0 | — | arbitrary code execution in code | |
| CVE-2021-28471 | high | — | 8.0 | — | arbitrary code execution in code | |
| CVE-2021-28477 | high | — | 8.0 | — | arbitrary code execution in code | |
| CVE-2021-3557 | high | — | 8.0 | — | information disclosure in argocd | |
| CVE-2021-32688 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-28473 | high | — | 8.0 | — | arbitrary code execution in code | |
| CVE-2021-28469 | high | — | 8.0 | — | arbitrary code execution in code | |
| CVE-2021-22230 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22223 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22225 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22229 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-32741 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-32733 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-39873 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39875 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-32765 | high | — | 8.0 | — | Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` proto… | |
| CVE-2021-23956 | high | — | 8.0 | — | An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerabili… | |
| CVE-2021-32678 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-32726 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-41524 | high | — | 8.0 | — | multiple issues in apache | |
| CVE-2021-32725 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-22232 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22227 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22224 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22228 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-32305 | high | — | 8.0 | — | arbitrary command execution in websvn | |
| CVE-2021-29503 | high | — | 8.0 | — | cross-site scripting in hedgedoc | |
| CVE-2021-22211 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22208 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-37980 | high | — | 8.0 | — | Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. | |
| CVE-2021-27064 | high | — | 8.0 | — | privilege escalation in code | |
| CVE-2021-21230 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-21183 | high | — | 8.0 | — | Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2021-39912 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-23965 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2021-26910 | high | — | 8.0 | — | Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation. | |
| CVE-2021-39887 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39886 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30522 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30524 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39879 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21197 | high | — | 8.0 | — | Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-21188 | high | — | 8.0 | — | Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30525 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30528 | high | — | 8.0 | — | Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their… | |
| CVE-2021-37960 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21195 | high | — | 8.0 | — | Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-21233 | high | — | 8.0 | — | Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-2409 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high p… | |
| CVE-2021-39934 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-2454 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Difficult to exploit vulnerability allows low … | |
| CVE-2021-30529 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39890 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-37963 | high | — | 8.0 | — | Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. | |
| CVE-2021-39936 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39878 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-37965 | high | — | 8.0 | — | Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2021-39874 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30532 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39933 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30534 | high | — | 8.0 | — | multiple issues in chromium |