CVEs from 2021
Total
6,257
critical
critical 272
high
high 976
medium
medium 1,141
low
low 135
% Critical
4.3%
% with KEV
3.4%
% with exploit
3.4%
Top products
- office 13
- 365_apps 6
- office_long_term_servicing_channel 6
- library_automation_system 5
- single_connect 4
- http_server 3
- solidfire 2
- student_information_management_system 2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2021-30592 | high | — | 8.0 | — | Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a craf… | |
| CVE-2021-32749 | high | — | 8.0 | — | fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to poss… | |
| CVE-2021-30615 | high | — | 8.0 | — | Chromium: CVE-2021-30615 Cross-origin data leak in Navigation | |
| CVE-2021-39904 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39882 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30590 | high | — | 8.0 | — | Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-22166 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30591 | high | — | 8.0 | — | Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30593 | high | — | 8.0 | — | Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted… | |
| CVE-2021-22167 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30594 | high | — | 8.0 | — | Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. | |
| CVE-2021-30596 | high | — | 8.0 | — | Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |
| CVE-2021-30597 | high | — | 8.0 | — | Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. | |
| CVE-2021-37977 | high | — | 8.0 | — | Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30598 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |
| CVE-2021-30599 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |
| CVE-2021-30602 | high | — | 8.0 | — | Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30600 | high | — | 8.0 | — | Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30601 | high | — | 8.0 | — | Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted… | |
| CVE-2021-30604 | high | — | 8.0 | — | Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30603 | high | — | 8.0 | — | Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30607 | high | — | 8.0 | — | Chromium: CVE-2021-30607 Use after free in Permissions | |
| CVE-2021-30606 | high | — | 8.0 | — | Chromium: CVE-2021-30606 Use after free in Blink | |
| CVE-2021-30613 | high | — | 8.0 | — | Chromium: CVE-2021-30613 Use after free in Base internals | |
| CVE-2021-30612 | high | — | 8.0 | — | Chromium: CVE-2021-30612 Use after free in WebRTC | |
| CVE-2021-30614 | high | — | 8.0 | — | Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip | |
| CVE-2021-30616 | high | — | 8.0 | — | Chromium: CVE-2021-30616 Use after free in Media | |
| CVE-2021-30617 | high | — | 8.0 | — | Chromium: CVE-2021-30617 Policy bypass in Blink | |
| CVE-2021-30619 | high | — | 8.0 | — | Chromium: CVE-2021-30619 UI Spoofing in Autofill | |
| CVE-2021-30620 | high | — | 8.0 | — | Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink | |
| CVE-2021-30622 | high | — | 8.0 | — | Chromium: CVE-2021-30622 Use after free in WebApp Installs | |
| CVE-2021-30623 | high | — | 8.0 | — | Chromium: CVE-2021-30623 Use after free in Bookmarks | |
| CVE-2021-30624 | high | — | 8.0 | — | Chromium: CVE-2021-30624 Use after free in Autofill | |
| CVE-2021-39881 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39868 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39877 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39870 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21153 | high | — | 8.0 | — | Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |
| CVE-2021-39889 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30627 | high | — | 8.0 | — | Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30628 | high | — | 8.0 | — | Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. | |
| CVE-2021-30629 | high | — | 8.0 | — | Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30630 | high | — | 8.0 | — | Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. | |
| CVE-2021-37957 | high | — | 8.0 | — | Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-37956 | high | — | 8.0 | — | Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted… | |
| CVE-2021-37958 | high | — | 8.0 | — | Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. | |
| CVE-2021-37959 | high | — | 8.0 | — | Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a craft… | |
| CVE-2021-37961 | high | — | 8.0 | — | Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-21213 | high | — | 8.0 | — | Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-21217 | high | — | 8.0 | — | Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |
| CVE-2021-21222 | high | — | 8.0 | — | Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | |
| CVE-2021-21223 | high | — | 8.0 | — | Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |
| CVE-2021-22221 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-1055 | high | — | 8.0 | — | multiple issues in nvidia-utils | |
| CVE-2021-39896 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-28473 | high | — | 8.0 | — | arbitrary code execution in code | |
| CVE-2021-21199 | high | — | 8.0 | — | Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pa… | |
| CVE-2021-39901 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-32733 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-22231 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30525 | high | — | 8.0 | — | Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML … | |
| CVE-2021-37966 | high | — | 8.0 | — | Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |
| CVE-2021-29477 | high | — | 8.0 | — | Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using t… | |
| CVE-2021-39887 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-41387 | high | — | 8.0 | — | seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root. | |
| CVE-2021-38499 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2021-21168 | high | — | 8.0 | — | Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |
| CVE-2021-37960 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-32778 | high | — | 8.0 | — | multiple issues in istio | |
| CVE-2021-4093 | high | — | 8.0 | — | A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host ker… | |
| CVE-2021-39913 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39912 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21164 | high | — | 8.0 | — | Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2021-28469 | high | — | 8.0 | — | arbitrary code execution in code | |
| CVE-2021-37980 | high | — | 8.0 | — | Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. | |
| CVE-2021-30513 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-39934 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39936 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39933 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39932 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39931 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39917 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39911 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-42322 | high | — | 8.0 | — | multiple issues in code | |
| CVE-2021-39941 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39915 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39945 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39906 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39897 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39909 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39898 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39905 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39895 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39907 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39903 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39902 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39914 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-41524 | high | — | 8.0 | — | multiple issues in apache | |
| CVE-2021-39875 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-29959 | high | — | 8.0 | — | When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only… |