CVEs from 2021
Total
6,087
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
4.5%
% with KEV
3.5%
% with exploit
3.5%
Top products
- office 13
- 365_apps 6
- office_long_term_servicing_channel 6
- library_automation_system 5
- single_connect 4
- http_server 3
- solidfire 2
- student_information_management_system 2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2021-38300 | high | — | 8.0 | — | arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel co… | |
| CVE-2021-20179 | high | — | 8.0 | — | Important: pki-core:10.6 security update | |
| CVE-2021-30508 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-2129 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |
| CVE-2021-41387 | high | — | 8.0 | — | seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root. | |
| CVE-2021-0535 | high | — | 8.0 | — | multiple issues in wpa_supplicant | |
| CVE-2021-39175 | high | — | 8.0 | — | cross-site scripting in hedgedoc | |
| CVE-2021-3570 | high | — | 8.0 | — | A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or pote… | |
| CVE-2021-39912 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39869 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-43540 | high | — | 8.0 | — | WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects … | |
| CVE-2021-30631 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-22216 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-2120 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |
| CVE-2021-22213 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39915 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-32655 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-2285 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… | |
| CVE-2021-22220 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39945 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22221 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-4057 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-22218 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-32919 | high | — | 8.0 | — | An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not co… | |
| CVE-2021-32920 | high | — | 8.0 | — | Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests. | |
| CVE-2021-32921 | high | — | 8.0 | — | An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a… | |
| CVE-2021-37967 | high | — | 8.0 | — | Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted … | |
| CVE-2021-33582 | high | — | 8.0 | — | Important: cyrus-imapd security update | |
| CVE-2021-22219 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-29947 | high | — | 8.0 | — | Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… | |
| CVE-2021-38494 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2021-21230 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-22236 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-23962 | high | — | 8.0 | — | Incorrect use of the '<RowCountChanged>' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox < 85. | |
| CVE-2021-28373 | high | — | 8.0 | — | The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch f… | |
| CVE-2021-22181 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-32653 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-21160 | high | — | 8.0 | — | Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-22915 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-30535 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-22237 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-37993 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-28457 | high | — | 8.0 | — | arbitrary code execution in code | |
| CVE-2021-39909 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-28471 | high | — | 8.0 | — | arbitrary code execution in code | |
| CVE-2021-4066 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37981 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39898 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-3557 | high | — | 8.0 | — | information disclosure in argocd | |
| CVE-2021-29265 | high | — | 8.0 | — | An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race… | |
| CVE-2021-32688 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-39905 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-28473 | high | — | 8.0 | — | arbitrary code execution in code | |
| CVE-2021-39871 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-28469 | high | — | 8.0 | — | arbitrary code execution in code | |
| CVE-2021-39895 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22230 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-32734 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-22223 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39907 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22225 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-32656 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-22229 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39903 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-32741 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-38493 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… | |
| CVE-2021-21233 | high | — | 8.0 | — | Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-39902 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-32705 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-30542 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-32703 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-39914 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22231 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-2128 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows low pr… | |
| CVE-2021-22226 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-41524 | high | — | 8.0 | — | multiple issues in apache | |
| CVE-2021-32680 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-2123 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |
| CVE-2021-32726 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-35540 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows low pr… | |
| CVE-2021-39875 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-32725 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-32678 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-39873 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22232 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-37962 | high | — | 8.0 | — | Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HT… | |
| CVE-2021-22227 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39872 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22224 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39910 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22228 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39891 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-32305 | high | — | 8.0 | — | arbitrary command execution in websvn | |
| CVE-2021-21204 | high | — | 8.0 | — | Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-29503 | high | — | 8.0 | — | cross-site scripting in hedgedoc | |
| CVE-2021-39913 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22211 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-35545 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows high p… | |
| CVE-2021-37980 | high | — | 8.0 | — | Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. | |
| CVE-2021-4061 | high | — | 8.0 | — | multiple issues in chromium |