VIR Vulnerability Intelligence Relay

CVEs from 2021

6,087 normalized CVEs published or assigned in this year.

Total
6,087
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
4.5%
% with KEV
3.5%
% with exploit
3.5%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-21179 high 8.0 Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-38575 high 8.0 Important: edk2 security update archdebiansuserockylinux
CVE-2021-32920 high 8.0 Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests. archdebian
CVE-2021-39909 high 8.0 multiple issues in gitlab arch
CVE-2021-32917 high 8.0 An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use … archdebian
CVE-2021-21186 high 8.0 Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a craft… archdebian
CVE-2021-23986 high 8.0 A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read… archsusedebian
CVE-2021-39895 high 8.0 multiple issues in gitlab arch
CVE-2021-23998 high 8.0 Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Fir… archsusedebian
CVE-2021-29961 high 8.0 When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89. archdebian
CVE-2021-39914 high 8.0 multiple issues in gitlab arch
CVE-2021-28457 high 8.0 arbitrary code execution in code arch
CVE-2021-23974 high 8.0 The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86. archsusedebian
CVE-2021-21176 high 8.0 Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. archdebian
CVE-2021-39890 high 8.0 multiple issues in gitlab arch
CVE-2021-29991 high 8.0 Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affect… archsusedebian
CVE-2021-23954 high 8.0 Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability … archsusedebian
CVE-2021-30609 high 8.0 Chromium: CVE-2021-30609 Use after free in Sign-In archdebian
CVE-2021-39903 high 8.0 multiple issues in gitlab arch
CVE-2021-39911 high 8.0 multiple issues in gitlab arch
CVE-2021-39941 high 8.0 multiple issues in gitlab arch
CVE-2021-39901 high 8.0 multiple issues in gitlab arch
CVE-2021-37963 high 8.0 Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. archdebian
CVE-2021-26925 high 8.0 Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering. archdebian
CVE-2021-39866 high 8.0 multiple issues in gitlab arch
CVE-2021-3781 high 8.0 A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document… archsusedebian
CVE-2021-3998 high 8.0 A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. archsusedebian
CVE-2021-32654 high 8.0 multiple issues in nextcloud arch
CVE-2021-42322 high 8.0 multiple issues in code arch
CVE-2021-23988 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archsusedebian
CVE-2021-37965 high 8.0 Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-39933 high 8.0 multiple issues in gitlab arch
CVE-2021-39891 high 8.0 multiple issues in gitlab arch
CVE-2021-39896 high 8.0 multiple issues in gitlab arch
CVE-2021-39902 high 8.0 multiple issues in gitlab arch
CVE-2021-39900 high 8.0 multiple issues in gitlab arch
CVE-2021-33833 high 8.0 ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA). archdebiansuse
CVE-2021-39878 high 8.0 multiple issues in gitlab arch
CVE-2021-21261 high 8.0 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to exec… archsusedebian
CVE-2021-39945 high 8.0 multiple issues in gitlab arch
CVE-2021-39932 high 8.0 multiple issues in gitlab arch
CVE-2021-39867 high 8.0 multiple issues in gitlab arch
CVE-2021-30529 high 8.0 multiple issues in chromium archdebian
CVE-2021-39885 high 8.0 multiple issues in gitlab arch
CVE-2021-25217 high 8.0 Important: dhcp security update archsusedebianrockylinux
CVE-2021-22259 high 8.0 multiple issues in gitlab arch
CVE-2021-39897 high 8.0 multiple issues in gitlab arch
CVE-2021-21158 high 8.0 insufficient validation in chromium arch
CVE-2021-22216 high 8.0 multiple issues in gitlab arch
CVE-2021-39872 high 8.0 multiple issues in gitlab arch
CVE-2021-39931 high 8.0 multiple issues in gitlab arch
CVE-2021-30618 high 8.0 Chromium: CVE-2021-30618 Inappropriate implementation in DevTools archdebian
CVE-2021-38494 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2021-38371 high 8.0 The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. archdebian
CVE-2021-39883 high 8.0 multiple issues in gitlab arch
CVE-2021-39873 high 8.0 multiple issues in gitlab arch
CVE-2021-37978 high 8.0 Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-38498 high 8.0 During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Fire… archsusedebianrockylinux
CVE-2021-38497 high 8.0 Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerabil… archsusedebianrockylinux
CVE-2021-29985 high 8.0 A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR… archsusedebianrockylinux
CVE-2021-29981 high 8.0 An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulner… archsusedebian
CVE-2021-29976 high 8.0 Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort s… archsusedebianrockylinux
CVE-2021-38500 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… archdebianrockylinux
CVE-2021-4129 high 8.0 Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of t… debianrockylinux
CVE-2021-43534 high 8.0 Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enoug… debianrockylinux
CVE-2021-32734 high 8.0 multiple issues in nextcloud arch
CVE-2021-43535 high 8.0 A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firef… debianrockylinux
CVE-2021-32656 high 8.0 multiple issues in nextcloud arch
CVE-2021-32780 high 8.0 multiple issues in istio arch
CVE-2021-32781 high 8.0 multiple issues in istio arch
CVE-2021-39871 high 8.0 multiple issues in gitlab arch
CVE-2021-37983 high 8.0 multiple issues in chromium archdebian
CVE-2021-39892 high 8.0 multiple issues in gitlab arch
CVE-2021-39894 high 8.0 multiple issues in gitlab arch
CVE-2021-41259 high 8.0 multiple issues in nim arch
CVE-2021-25742 high 8.0 information disclosure in kubectl-ingress-nginx arch
CVE-2021-39893 high 8.0 multiple issues in gitlab arch
CVE-2021-30481 high 8.0 arbitrary code execution in steam arch
CVE-2021-39869 high 8.0 multiple issues in gitlab arch
CVE-2021-39938 high 8.0 multiple issues in gitlab arch
CVE-2021-0535 high 8.0 multiple issues in wpa_supplicant arch
CVE-2021-43908 high 8.0 multiple issues in code arch
CVE-2021-39910 high 8.0 multiple issues in gitlab arch
CVE-2021-21218 high 8.0 Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. archdebian
CVE-2021-30625 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30621 high 8.0 Chromium: CVE-2021-30621 UI Spoofing in Autofill archdebian
CVE-2021-21163 high 8.0 Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server. archdebian
CVE-2021-30540 high 8.0 Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page. archdebian
CVE-2021-37974 high 8.0 Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-36377 high 8.0 Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. archdebian
CVE-2021-30534 high 8.0 multiple issues in chromium archdebian
CVE-2021-38502 high 8.0 Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the auth… archrockylinuxdebian
CVE-2021-30581 high 8.0 multiple issues in chromium archdebian
CVE-2021-37966 high 8.0 Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. archdebian
CVE-2021-30532 high 8.0 multiple issues in chromium archdebian
CVE-2021-29952 high 8.0 When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnera… archdebian
CVE-2021-35542 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-35538 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows low pr… archdebian
CVE-2021-2475 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-2454 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Difficult to exploit vulnerability allows low … archdebian