VIR Vulnerability Intelligence Relay

CVEs from 2021

6,087 normalized CVEs published or assigned in this year.

Total
6,087
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
4.5%
% with KEV
3.5%
% with exploit
3.5%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-21159 high 8.0 Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-22221 high 8.0 multiple issues in gitlab arch
CVE-2021-32778 high 8.0 multiple issues in istio arch
CVE-2021-22219 high 8.0 multiple issues in gitlab arch
CVE-2021-39909 high 8.0 multiple issues in gitlab arch
CVE-2021-28457 high 8.0 arbitrary code execution in code arch
CVE-2021-22181 high 8.0 multiple issues in gitlab arch
CVE-2021-22915 high 8.0 multiple issues in nextcloud arch
CVE-2021-28471 high 8.0 arbitrary code execution in code arch
CVE-2021-28477 high 8.0 arbitrary code execution in code arch
CVE-2021-30521 high 8.0 Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. archdebian
CVE-2021-28473 high 8.0 arbitrary code execution in code arch
CVE-2021-22231 high 8.0 multiple issues in gitlab arch
CVE-2021-2074 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-32703 high 8.0 multiple issues in nextcloud arch
CVE-2021-32705 high 8.0 multiple issues in nextcloud arch
CVE-2021-32680 high 8.0 multiple issues in nextcloud arch
CVE-2021-22226 high 8.0 multiple issues in gitlab arch
CVE-2021-39933 high 8.0 multiple issues in gitlab arch
CVE-2021-32725 high 8.0 multiple issues in nextcloud arch
CVE-2021-22228 high 8.0 multiple issues in gitlab arch
CVE-2021-39917 high 8.0 multiple issues in gitlab arch
CVE-2021-42322 high 8.0 multiple issues in code arch
CVE-2021-22227 high 8.0 multiple issues in gitlab arch
CVE-2021-27064 high 8.0 privilege escalation in code arch
CVE-2021-22211 high 8.0 multiple issues in gitlab arch
CVE-2021-32305 high 8.0 arbitrary command execution in websvn arch
CVE-2021-29503 high 8.0 cross-site scripting in hedgedoc arch
CVE-2021-23960 high 8.0 Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, an… archsusedebian
CVE-2021-39945 high 8.0 multiple issues in gitlab arch
CVE-2021-23965 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2021-22171 high 8.0 multiple issues in gitlab arch
CVE-2021-30522 high 8.0 multiple issues in chromium archdebian
CVE-2021-22168 high 8.0 multiple issues in gitlab arch
CVE-2021-30609 high 8.0 Chromium: CVE-2021-30609 Use after free in Sign-In archdebian
CVE-2021-30524 high 8.0 multiple issues in chromium archdebian
CVE-2021-39915 high 8.0 multiple issues in gitlab arch
CVE-2021-37968 high 8.0 Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-35560 high 8.0 Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated att… archsusedebian
CVE-2021-38300 high 8.0 arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel co… archdebian
CVE-2021-39941 high 8.0 multiple issues in gitlab arch
CVE-2021-20179 high 8.0 Important: pki-core:10.6 security update debianrockylinux
CVE-2021-2128 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows low pr… archdebian
CVE-2021-32919 high 8.0 An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not co… archdebian
CVE-2021-32920 high 8.0 Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests. archdebian
CVE-2021-2127 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-2279 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows unau… archdebian
CVE-2021-2284 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… archdebian
CVE-2021-39891 high 8.0 multiple issues in gitlab arch
CVE-2021-39886 high 8.0 multiple issues in gitlab arch
CVE-2021-39879 high 8.0 multiple issues in gitlab arch
CVE-2021-21162 high 8.0 Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-39875 high 8.0 multiple issues in gitlab arch
CVE-2021-41524 high 8.0 multiple issues in apache debianarch
CVE-2021-39873 high 8.0 multiple issues in gitlab arch
CVE-2021-30631 high 8.0 arbitrary code execution in chromium arch
CVE-2021-39887 high 8.0 multiple issues in gitlab arch
CVE-2021-39872 high 8.0 multiple issues in gitlab arch
CVE-2021-2086 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-41611 high 8.0 An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem all… archdebian
CVE-2021-39913 high 8.0 multiple issues in gitlab arch
CVE-2021-39912 high 8.0 multiple issues in gitlab arch
CVE-2021-32777 high 8.0 multiple issues in istio arch
CVE-2021-39874 high 8.0 multiple issues in gitlab arch
CVE-2021-37960 high 8.0 multiple issues in chromium arch
CVE-2021-39911 high 8.0 multiple issues in gitlab arch
CVE-2021-39901 high 8.0 multiple issues in gitlab arch
CVE-2021-39890 high 8.0 multiple issues in gitlab arch
CVE-2021-27803 high 8.0 A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (poten… archsusedebian
CVE-2021-39883 high 8.0 multiple issues in gitlab arch
CVE-2021-2145 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high… archdebian
CVE-2021-39866 high 8.0 multiple issues in gitlab arch
CVE-2021-39896 high 8.0 multiple issues in gitlab arch
CVE-2021-39900 high 8.0 multiple issues in gitlab arch
CVE-2021-21156 high 8.0 Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script. archdebian
CVE-2021-1051 high 8.0 multiple issues in nvidia-utils arch
CVE-2021-39867 high 8.0 multiple issues in gitlab arch
CVE-2021-39885 high 8.0 multiple issues in gitlab arch
CVE-2021-22259 high 8.0 multiple issues in gitlab arch
CVE-2021-39934 high 8.0 multiple issues in gitlab arch
CVE-2021-39898 high 8.0 multiple issues in gitlab arch
CVE-2021-39888 high 8.0 multiple issues in gitlab arch
CVE-2021-39907 high 8.0 multiple issues in gitlab arch
CVE-2021-22216 high 8.0 multiple issues in gitlab arch
CVE-2021-39903 high 8.0 multiple issues in gitlab arch
CVE-2021-22218 high 8.0 multiple issues in gitlab arch
CVE-2021-39902 high 8.0 multiple issues in gitlab arch
CVE-2021-22215 high 8.0 information disclosure in gitlab arch
CVE-2021-21153 high 8.0 Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. archdebian
CVE-2021-22239 high 8.0 multiple issues in gitlab arch
CVE-2021-22214 high 8.0 multiple issues in gitlab arch
CVE-2021-28475 high 8.0 arbitrary code execution in code arch
CVE-2021-22225 high 8.0 multiple issues in gitlab arch
CVE-2021-36377 high 8.0 Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. archdebian
CVE-2021-32679 high 8.0 multiple issues in nextcloud arch
CVE-2021-39897 high 8.0 multiple issues in gitlab arch
CVE-2021-30535 high 8.0 multiple issues in chromium archdebian
CVE-2021-22236 high 8.0 multiple issues in gitlab arch
CVE-2021-21150 high 8.0 Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted… archdebian
CVE-2021-32653 high 8.0 multiple issues in nextcloud arch