VIR Vulnerability Intelligence Relay

CVEs from 2021

6,087 normalized CVEs published or assigned in this year.

Total
6,087
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
4.5%
% with KEV
3.5%
% with exploit
3.5%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-30585 high 8.0 multiple issues in chromium archdebian
CVE-2021-39867 high 8.0 multiple issues in gitlab arch
CVE-2021-30576 high 8.0 multiple issues in chromium archdebian
CVE-2021-38019 high 8.0 multiple issues in chromium archdebian
CVE-2021-38371 high 8.0 The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. archdebian
CVE-2021-30618 high 8.0 Chromium: CVE-2021-30618 Inappropriate implementation in DevTools archdebian
CVE-2021-30579 high 8.0 multiple issues in chromium archdebian
CVE-2021-38020 high 8.0 multiple issues in chromium archdebian
CVE-2021-30582 high 8.0 multiple issues in chromium archdebian
CVE-2021-29477 high 8.0 Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using t… suserockylinuxdebian
CVE-2021-30573 high 8.0 multiple issues in chromium archdebian
CVE-2021-38018 high 8.0 multiple issues in chromium archdebian
CVE-2021-30571 high 8.0 multiple issues in chromium archdebian
CVE-2021-21208 high 8.0 Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code. archdebian
CVE-2021-21150 high 8.0 Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted… archdebian
CVE-2021-21216 high 8.0 Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. archdebian
CVE-2021-30567 high 8.0 multiple issues in chromium archdebian
CVE-2021-38014 high 8.0 multiple issues in chromium archdebian
CVE-2021-21153 high 8.0 Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. archdebian
CVE-2021-30559 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30555 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-21156 high 8.0 Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script. archdebian
CVE-2021-38011 high 8.0 multiple issues in chromium archdebian
CVE-2021-4064 high 8.0 multiple issues in chromium archdebian
CVE-2021-21212 high 8.0 Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP. archdebian
CVE-2021-30569 high 8.0 multiple issues in chromium archdebian
CVE-2021-30564 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-38016 high 8.0 multiple issues in chromium archdebian
CVE-2021-30568 high 8.0 multiple issues in chromium archdebian
CVE-2021-22239 high 8.0 multiple issues in gitlab arch
CVE-2021-30566 high 8.0 multiple issues in chromium archdebian
CVE-2021-38009 high 8.0 multiple issues in chromium archdebian
CVE-2021-21162 high 8.0 Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30565 high 8.0 multiple issues in chromium archdebian
CVE-2021-21165 high 8.0 Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30541 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-4062 high 8.0 multiple issues in chromium archdebian
CVE-2021-21164 high 8.0 Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-30561 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-38007 high 8.0 multiple issues in chromium archdebian
CVE-2021-21168 high 8.0 Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. archdebian
CVE-2021-30556 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-21199 high 8.0 Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pa… archdebian
CVE-2021-30562 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30602 high 8.0 Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30617 high 8.0 Chromium: CVE-2021-30617 Policy bypass in Blink archdebian
CVE-2021-21171 high 8.0 Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. archdebian
CVE-2021-29462 high 8.0 The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because… archdebian
CVE-2021-30537 high 8.0 multiple issues in chromium archdebian
CVE-2021-38004 high 8.0 multiple issues in chromium archdebian
CVE-2021-30523 high 8.0 multiple issues in chromium archdebian
CVE-2021-21172 high 8.0 Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. archdebian
CVE-2021-30520 high 8.0 multiple issues in chromium archdebian
CVE-2021-32657 high 8.0 multiple issues in nextcloud arch
CVE-2021-30624 high 8.0 Chromium: CVE-2021-30624 Use after free in Autofill archdebian
CVE-2021-39932 high 8.0 multiple issues in gitlab arch
CVE-2021-39917 high 8.0 multiple issues in gitlab arch
CVE-2021-39901 high 8.0 multiple issues in gitlab arch
CVE-2021-30506 high 8.0 multiple issues in chromium archdebian
CVE-2021-30603 high 8.0 Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-25215 high 8.0 Important: bind security update debianarchsuserockylinux
CVE-2021-4067 high 8.0 multiple issues in chromium archdebian
CVE-2021-29982 high 8.0 Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 an… archdebian
CVE-2021-39884 high 8.0 multiple issues in gitlab arch
CVE-2021-20305 high 8.0 A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply fun… archsuserockylinuxdebian
CVE-2021-39888 high 8.0 multiple issues in gitlab arch
CVE-2021-22167 high 8.0 multiple issues in gitlab arch
CVE-2021-21231 high 8.0 Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30517 high 8.0 multiple issues in chromium archdebian
CVE-2021-4068 high 8.0 multiple issues in chromium archdebian
CVE-2021-21189 high 8.0 Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. archdebian
CVE-2021-30530 high 8.0 multiple issues in chromium archdebian
CVE-2021-29959 high 8.0 When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only… archdebian
CVE-2021-37977 high 8.0 Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30510 high 8.0 multiple issues in chromium archdebian
CVE-2021-37994 high 8.0 multiple issues in chromium archdebian
CVE-2021-21190 high 8.0 Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. archdebian
CVE-2021-30527 high 8.0 multiple issues in chromium archdebian
CVE-2021-39909 high 8.0 multiple issues in gitlab arch
CVE-2021-30519 high 8.0 multiple issues in chromium archdebian
CVE-2021-30513 high 8.0 multiple issues in chromium archdebian
CVE-2021-22171 high 8.0 multiple issues in gitlab arch
CVE-2021-21187 high 8.0 Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. archdebian
CVE-2021-21214 high 8.0 Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. archdebian
CVE-2021-21215 high 8.0 Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. archdebian
CVE-2021-30515 high 8.0 multiple issues in chromium archdebian
CVE-2021-30509 high 8.0 multiple issues in chromium archdebian
CVE-2021-37998 high 8.0 multiple issues in chromium archdebian
CVE-2021-30507 high 8.0 multiple issues in chromium archdebian
CVE-2021-29966 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2021-30514 high 8.0 multiple issues in chromium archdebian
CVE-2021-37996 high 8.0 multiple issues in chromium archdebian
CVE-2021-30512 high 8.0 multiple issues in chromium archdebian
CVE-2021-21196 high 8.0 Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30511 high 8.0 multiple issues in chromium archdebian
CVE-2021-37990 high 8.0 multiple issues in chromium archdebian
CVE-2021-21202 high 8.0 Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chr… archdebian
CVE-2021-21226 high 8.0 multiple issues in chromium archdebian
CVE-2021-21207 high 8.0 Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chro… archdebian
CVE-2021-30526 high 8.0 multiple issues in chromium archdebian