VIR Vulnerability Intelligence Relay

CVEs from 2021

6,232 normalized CVEs published or assigned in this year.

Total
6,232
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
4.4%
% with KEV
3.4%
% with exploit
3.4%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-29982 high 8.0 Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 an… archdebian
CVE-2021-30622 high 8.0 Chromium: CVE-2021-30622 Use after free in WebApp Installs archdebian
CVE-2021-30606 high 8.0 Chromium: CVE-2021-30606 Use after free in Blink archdebian
CVE-2021-23975 high 8.0 The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof funct… archsusedebian
CVE-2021-21205 high 8.0 Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. archdebian
CVE-2021-21174 high 8.0 Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. archdebian
CVE-2021-21201 high 8.0 Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. archdebian
CVE-2021-41611 high 8.0 An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem all… archdebian
CVE-2021-38500 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… archdebianrockylinux
CVE-2021-21185 high 8.0 Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a cr… archdebian
CVE-2021-25217 high 8.0 Important: dhcp security update archsusedebianrockylinux
CVE-2021-39870 high 8.0 multiple issues in gitlab arch
CVE-2021-30526 high 8.0 multiple issues in chromium archdebian
CVE-2021-39896 high 8.0 multiple issues in gitlab arch
CVE-2021-22215 high 8.0 information disclosure in gitlab arch
CVE-2021-39867 high 8.0 multiple issues in gitlab arch
CVE-2021-39885 high 8.0 multiple issues in gitlab arch
CVE-2021-39888 high 8.0 multiple issues in gitlab arch
CVE-2021-22168 high 8.0 multiple issues in gitlab arch
CVE-2021-22209 high 8.0 multiple issues in gitlab arch
CVE-2021-21153 high 8.0 Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. archdebian
CVE-2021-32679 high 8.0 multiple issues in nextcloud arch
CVE-2021-22210 high 8.0 multiple issues in gitlab arch
CVE-2021-22171 high 8.0 multiple issues in gitlab arch
CVE-2021-30543 high 8.0 multiple issues in chromium archdebian
CVE-2021-30518 high 8.0 multiple issues in chromium archdebian
CVE-2021-37961 high 8.0 Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-22890 high 8.0 curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.… archdebiansuse
CVE-2021-23970 high 8.0 Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86. archsusedebian
CVE-2021-30568 high 8.0 multiple issues in chromium archdebian
CVE-2021-30564 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30584 high 8.0 multiple issues in chromium archdebian
CVE-2021-21115 high 8.0 multiple issues in chromium archdebian
CVE-2021-1051 high 8.0 multiple issues in nvidia-utils arch
CVE-2021-37958 high 8.0 Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. archdebian
CVE-2021-30512 high 8.0 multiple issues in chromium archdebian
CVE-2021-21230 high 8.0 Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30523 high 8.0 multiple issues in chromium archdebian
CVE-2021-32751 high 8.0 Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code e… archsusedebian
CVE-2021-29428 high 8.0 In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds c… archsusedebian
CVE-2021-30562 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30618 high 8.0 Chromium: CVE-2021-30618 Inappropriate implementation in DevTools archdebian
CVE-2021-30609 high 8.0 Chromium: CVE-2021-30609 Use after free in Sign-In archdebian
CVE-2021-21110 high 8.0 multiple issues in chromium archdebian
CVE-2021-30510 high 8.0 multiple issues in chromium archdebian
CVE-2021-30561 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30539 high 8.0 multiple issues in chromium archdebian
CVE-2021-30566 high 8.0 multiple issues in chromium archdebian
CVE-2021-20247 high 8.0 A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailb… archdebian
CVE-2021-21107 high 8.0 multiple issues in chromium archdebian
CVE-2021-30628 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-37957 high 8.0 Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-37959 high 8.0 Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a craft… archdebian
CVE-2021-37963 high 8.0 Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. archdebian
CVE-2021-30556 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30515 high 8.0 multiple issues in chromium archdebian
CVE-2021-1053 high 8.0 NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a us… archsusedebian
CVE-2021-21192 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-21106 high 8.0 multiple issues in chromium archdebian
CVE-2021-21114 high 8.0 multiple issues in chromium archdebian
CVE-2021-30519 high 8.0 multiple issues in chromium archdebian
CVE-2021-30601 high 8.0 Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted… archdebian
CVE-2021-21109 high 8.0 multiple issues in chromium archdebian
CVE-2021-21168 high 8.0 Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. archdebian
CVE-2021-21223 high 8.0 multiple issues in chromium archdebian
CVE-2021-30514 high 8.0 multiple issues in chromium archdebian
CVE-2021-30602 high 8.0 Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21113 high 8.0 multiple issues in chromium archdebian
CVE-2021-30569 high 8.0 multiple issues in chromium archdebian
CVE-2021-21150 high 8.0 Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted… archdebian
CVE-2021-23971 high 8.0 When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the… archsusedebian
CVE-2021-21116 high 8.0 multiple issues in chromium archdebian
CVE-2021-38371 high 8.0 The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. archdebian
CVE-2021-30557 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-42327 high 8.0 dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to th… archsusedebian
CVE-2021-30536 high 8.0 multiple issues in chromium archdebian
CVE-2021-4068 high 8.0 multiple issues in chromium archdebian
CVE-2021-30506 high 8.0 multiple issues in chromium archdebian
CVE-2021-30513 high 8.0 multiple issues in chromium archdebian
CVE-2021-21226 high 8.0 multiple issues in chromium archdebian
CVE-2021-30517 high 8.0 multiple issues in chromium archdebian
CVE-2021-28375 high 8.0 An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85… archsusedebian
CVE-2021-29987 high 8.0 After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location,… archdebian
CVE-2021-30516 high 8.0 multiple issues in chromium archdebian
CVE-2021-30607 high 8.0 Chromium: CVE-2021-30607 Use after free in Permissions archdebian
CVE-2021-29157 high 8.0 Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled locatio… archdebiansuse
CVE-2021-30509 high 8.0 multiple issues in chromium archdebian
CVE-2021-30579 high 8.0 multiple issues in chromium archdebian
CVE-2021-36740 high 8.0 Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, a… suserockylinuxdebian
CVE-2021-30567 high 8.0 multiple issues in chromium archdebian
CVE-2021-30527 high 8.0 multiple issues in chromium archdebian
CVE-2021-30541 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-39911 high 8.0 multiple issues in gitlab arch
CVE-2021-30555 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30572 high 8.0 multiple issues in chromium archdebian
CVE-2021-30571 high 8.0 multiple issues in chromium archdebian
CVE-2021-30573 high 8.0 multiple issues in chromium archdebian
CVE-2021-30582 high 8.0 multiple issues in chromium archdebian
CVE-2021-21191 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-39940 high 8.0 multiple issues in gitlab arch