VIR Vulnerability Intelligence Relay

CVEs from 2021

5,048 normalized CVEs published or assigned in this year.

Total
5,048
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-33582 high 8.0 Important: cyrus-imapd security update debiansuserockylinux
CVE-2021-32749 high 8.0 fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to poss… archdebian
CVE-2021-30540 high 8.0 Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page. archdebian
CVE-2021-39893 high 8.0 multiple issues in gitlab arch
CVE-2021-21194 high 8.0 Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-23987 high 8.0 Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enoug… archsusedebian
CVE-2021-23999 high 8.0 If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vul… archsusedebian
CVE-2021-30589 high 8.0 multiple issues in chromium archdebian
CVE-2021-30615 high 8.0 Chromium: CVE-2021-30615 Cross-origin data leak in Navigation archdebian
CVE-2021-41259 high 8.0 multiple issues in nim arch
CVE-2021-39900 high 8.0 multiple issues in gitlab arch
CVE-2021-21150 high 8.0 Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted… archdebian
CVE-2021-39867 high 8.0 multiple issues in gitlab arch
CVE-2021-21215 high 8.0 Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. archdebian
CVE-2021-36377 high 8.0 Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. archdebian
CVE-2021-21207 high 8.0 Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chro… archdebian
CVE-2021-39892 high 8.0 multiple issues in gitlab arch
CVE-2021-27064 high 8.0 privilege escalation in code arch
CVE-2021-30609 high 8.0 Chromium: CVE-2021-30609 Use after free in Sign-In archdebian
CVE-2021-30597 high 8.0 multiple issues in chromium archdebian
CVE-2021-30602 high 8.0 Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30592 high 8.0 multiple issues in chromium archdebian
CVE-2021-44879 high 8.0 In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference. archsusedebian
CVE-2021-25746 high 8.0 information disclosure in kubectl-ingress-nginx archsuse
CVE-2021-30624 high 8.0 Chromium: CVE-2021-30624 Use after free in Autofill archdebian
CVE-2021-30590 high 8.0 multiple issues in chromium archdebian
CVE-2021-30604 high 8.0 Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30601 high 8.0 Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted… archdebian
CVE-2021-29428 high 8.0 In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds c… archsusedebian
CVE-2021-30585 high 8.0 multiple issues in chromium archdebian
CVE-2021-30627 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30614 high 8.0 Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip archdebian
CVE-2021-23974 high 8.0 The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86. archsusedebian
CVE-2021-27803 high 8.0 A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (poten… archsusedebian
CVE-2021-23960 high 8.0 Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, an… archsusedebian
CVE-2021-25216 high 8.0 In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of t… debianarchsuse
CVE-2021-38491 high 8.0 Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox < 92. archsusedebian
CVE-2021-32657 high 8.0 multiple issues in nextcloud arch
CVE-2021-30588 high 8.0 multiple issues in chromium archdebian
CVE-2021-22259 high 8.0 multiple issues in gitlab arch
CVE-2021-39877 high 8.0 multiple issues in gitlab arch
CVE-2021-21171 high 8.0 Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. archdebian
CVE-2021-38510 high 8.0 The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating s… archsusedebian
CVE-2021-39870 high 8.0 multiple issues in gitlab arch
CVE-2021-37958 high 8.0 Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. archdebian
CVE-2021-21164 high 8.0 Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-4063 high 8.0 multiple issues in chromium archdebian
CVE-2021-30629 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-39874 high 8.0 multiple issues in gitlab arch
CVE-2021-37994 high 8.0 multiple issues in chromium archdebian
CVE-2021-39934 high 8.0 multiple issues in gitlab arch
CVE-2021-39931 high 8.0 multiple issues in gitlab arch
CVE-2021-30524 high 8.0 multiple issues in chromium archdebian
CVE-2021-29975 high 8.0 Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly… archsusedebian
CVE-2021-30522 high 8.0 multiple issues in chromium archdebian
CVE-2021-26434 high 8.0 multiple issues in code arch
CVE-2021-29961 high 8.0 When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89. archdebian
CVE-2021-30575 high 8.0 multiple issues in chromium archdebian
CVE-2021-30596 high 8.0 multiple issues in chromium archdebian
CVE-2021-30521 high 8.0 Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. archdebian
CVE-2021-20305 high 8.0 A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply fun… archsuserockylinuxdebian
CVE-2021-35538 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows low pr… archdebian
CVE-2021-32920 high 8.0 Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests. archdebian
CVE-2021-39913 high 8.0 multiple issues in gitlab arch
CVE-2021-37965 high 8.0 Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-4093 high 8.0 A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host ker… rockylinuxdebian
CVE-2021-2281 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… archdebian
CVE-2021-39889 high 8.0 multiple issues in gitlab arch
CVE-2021-3405 high 8.0 A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml. archdebian
CVE-2021-23953 high 8.0 If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects … archsusedebian
CVE-2021-38300 high 8.0 arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel co… archdebian
CVE-2021-37999 high 8.0 multiple issues in chromium archdebian
CVE-2021-30599 high 8.0 Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. archdebian
CVE-2021-30534 high 8.0 multiple issues in chromium archdebian
CVE-2021-2443 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-30625 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-23954 high 8.0 Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability … archsusedebian
CVE-2021-23968 high 8.0 If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be u… archsusedebian
CVE-2021-22227 high 8.0 multiple issues in gitlab arch
CVE-2021-23955 high 8.0 The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85. archdebian
CVE-2021-22228 high 8.0 multiple issues in gitlab arch
CVE-2021-4065 high 8.0 multiple issues in chromium archdebian
CVE-2021-29462 high 8.0 The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because… archdebian
CVE-2021-32726 high 8.0 multiple issues in nextcloud arch
CVE-2021-35560 high 8.0 Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated att… archsusedebian
CVE-2021-37978 high 8.0 Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-29427 high 8.0 In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gra… archsusedebian
CVE-2021-2283 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… archdebian
CVE-2021-2131 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-4068 high 8.0 multiple issues in chromium archdebian
CVE-2021-32917 high 8.0 An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use … archdebian
CVE-2021-23981 high 8.0 A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information lea… archsusedebian
CVE-2021-2321 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-21168 high 8.0 Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. archdebian
CVE-2021-2442 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-38499 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2021-21231 high 8.0 Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-43891 high 8.0 multiple issues in code arch
CVE-2021-21221 high 8.0 Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HT… archdebian
CVE-2021-2250 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high p… archdebian