CVEs from 2021
Total
6,232
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
4.4%
% with KEV
3.4%
% with exploit
3.4%
Top products
- office 13
- 365_apps 6
- office_long_term_servicing_channel 6
- library_automation_system 5
- single_connect 4
- http_server 3
- solidfire 2
- student_information_management_system 2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2021-28475 | high | — | 8.0 | — | arbitrary code execution in code | |
| CVE-2021-32679 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-32657 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-22209 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22210 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30565 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-22171 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22168 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21114 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-1051 | high | — | 8.0 | — | multiple issues in nvidia-utils | |
| CVE-2021-30561 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-37993 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30556 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-21232 | high | — | 8.0 | — | Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30562 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-37992 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30594 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-20247 | high | — | 8.0 | — | A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailb… | |
| CVE-2021-21115 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30557 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-30537 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21217 | high | — | 8.0 | — | Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |
| CVE-2021-30523 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-3551 | high | — | 8.0 | — | Important: pki-core:10.6 security update | |
| CVE-2021-25215 | high | — | 8.0 | — | Important: bind security update | |
| CVE-2021-30520 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21191 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-30518 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-41611 | high | — | 8.0 | — | An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem all… | |
| CVE-2021-3405 | high | — | 8.0 | — | A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml. | |
| CVE-2021-30630 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-30539 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30516 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39881 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30538 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37998 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-20305 | high | — | 8.0 | — | A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply fun… | |
| CVE-2021-30536 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-4055 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37996 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30526 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21170 | high | — | 8.0 | — | Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted … | |
| CVE-2021-30530 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37990 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30517 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-4093 | high | — | 8.0 | — | A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host ker… | |
| CVE-2021-30510 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37991 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-29477 | high | — | 8.0 | — | Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using t… | |
| CVE-2021-30527 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30519 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37989 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30513 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30629 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-29971 | high | — | 8.0 | — | If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects … | |
| CVE-2021-29959 | high | — | 8.0 | — | When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only… | |
| CVE-2021-21116 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21192 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-37982 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37977 | high | — | 8.0 | — | Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-21222 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37985 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-4054 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39904 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21111 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37986 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30581 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21225 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-36377 | high | — | 8.0 | — | Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. | |
| CVE-2021-41259 | high | — | 8.0 | — | multiple issues in nim | |
| CVE-2021-4056 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-29966 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2021-21233 | high | — | 8.0 | — | Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-21223 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-32749 | high | — | 8.0 | — | fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to poss… | |
| CVE-2021-30615 | high | — | 8.0 | — | Chromium: CVE-2021-30615 Cross-origin data leak in Navigation | |
| CVE-2021-37983 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39882 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22166 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22167 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-43535 | high | — | 8.0 | — | A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firef… | |
| CVE-2021-30598 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |
| CVE-2021-30599 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |
| CVE-2021-30602 | high | — | 8.0 | — | Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30600 | high | — | 8.0 | — | Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30601 | high | — | 8.0 | — | Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted… | |
| CVE-2021-30604 | high | — | 8.0 | — | Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30603 | high | — | 8.0 | — | Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30607 | high | — | 8.0 | — | Chromium: CVE-2021-30607 Use after free in Permissions | |
| CVE-2021-30606 | high | — | 8.0 | — | Chromium: CVE-2021-30606 Use after free in Blink | |
| CVE-2021-30613 | high | — | 8.0 | — | Chromium: CVE-2021-30613 Use after free in Base internals | |
| CVE-2021-30612 | high | — | 8.0 | — | Chromium: CVE-2021-30612 Use after free in WebRTC | |
| CVE-2021-30614 | high | — | 8.0 | — | Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip | |
| CVE-2021-30616 | high | — | 8.0 | — | Chromium: CVE-2021-30616 Use after free in Media | |
| CVE-2021-30617 | high | — | 8.0 | — | Chromium: CVE-2021-30617 Policy bypass in Blink | |
| CVE-2021-30619 | high | — | 8.0 | — | Chromium: CVE-2021-30619 UI Spoofing in Autofill | |
| CVE-2021-30620 | high | — | 8.0 | — | Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink | |
| CVE-2021-30622 | high | — | 8.0 | — | Chromium: CVE-2021-30622 Use after free in WebApp Installs | |
| CVE-2021-30623 | high | — | 8.0 | — | Chromium: CVE-2021-30623 Use after free in Bookmarks | |
| CVE-2021-21226 | high | — | 8.0 | — | multiple issues in chromium |