VIR Vulnerability Intelligence Relay

CVEs from 2021

6,257 normalized CVEs published or assigned in this year.

Total
6,257
critical
critical 272
high
high 976
medium
medium 1,141
low
low 135
% Critical
4.3%
% with KEV
3.4%
% with exploit
3.4%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-30612 high 8.0 Chromium: CVE-2021-30612 Use after free in WebRTC archdebian
CVE-2021-30614 high 8.0 Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip archdebian
CVE-2021-30616 high 8.0 Chromium: CVE-2021-30616 Use after free in Media archdebian
CVE-2021-30617 high 8.0 Chromium: CVE-2021-30617 Policy bypass in Blink archdebian
CVE-2021-30619 high 8.0 Chromium: CVE-2021-30619 UI Spoofing in Autofill archdebian
CVE-2021-30620 high 8.0 Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink archdebian
CVE-2021-30622 high 8.0 Chromium: CVE-2021-30622 Use after free in WebApp Installs archdebian
CVE-2021-30623 high 8.0 Chromium: CVE-2021-30623 Use after free in Bookmarks archdebian
CVE-2021-30624 high 8.0 Chromium: CVE-2021-30624 Use after free in Autofill archdebian
CVE-2021-39881 high 8.0 multiple issues in gitlab arch
CVE-2021-39868 high 8.0 multiple issues in gitlab arch
CVE-2021-39877 high 8.0 multiple issues in gitlab arch
CVE-2021-39870 high 8.0 multiple issues in gitlab arch
CVE-2021-32653 high 8.0 multiple issues in nextcloud arch
CVE-2021-39889 high 8.0 multiple issues in gitlab arch
CVE-2021-30627 high 8.0 Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30628 high 8.0 Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. archdebian
CVE-2021-30629 high 8.0 Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30630 high 8.0 Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-37957 high 8.0 Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-37956 high 8.0 Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted… archdebian
CVE-2021-37958 high 8.0 Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. archdebian
CVE-2021-37959 high 8.0 Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a craft… archdebian
CVE-2021-37961 high 8.0 Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21213 high 8.0 Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21217 high 8.0 Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. archdebian
CVE-2021-21222 high 8.0 Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. archdebian
CVE-2021-21223 high 8.0 Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. archdebian
CVE-2021-1055 high 8.0 multiple issues in nvidia-utils arch
CVE-2021-21226 high 8.0 Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. archdebian
CVE-2021-39884 high 8.0 multiple issues in gitlab arch
CVE-2021-21227 high 8.0 Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21229 high 8.0 Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. archdebian
CVE-2021-21228 high 8.0 Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a … archdebian
CVE-2021-32765 high 8.0 Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` proto… archdebian
CVE-2021-21230 high 8.0 Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-4093 high 8.0 A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host ker… rockylinuxdebian
CVE-2021-21233 high 8.0 Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21232 high 8.0 Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30521 high 8.0 Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. archdebian
CVE-2021-30506 high 8.0 Incorrect security UI in Web App Installs in Google Chrome on Android prior to 90.0.4430.212 allowed an attacker who convinced a user to install a web application to inject scripts or HTML into a pri… archdebian
CVE-2021-30507 high 8.0 Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HT… archdebian
CVE-2021-30508 high 8.0 Heap buffer overflow in Media Feeds in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to enable certain features in Chrome to potentially exploit heap corruption via a … archdebian
CVE-2021-37968 high 8.0 Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-37979 high 8.0 heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a craf… archdebian
CVE-2021-30511 high 8.0 Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafte… archdebian
CVE-2021-30512 high 8.0 Use after free in Notifications in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pa… archdebian
CVE-2021-30513 high 8.0 Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-37980 high 8.0 Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. archdebian
CVE-2021-39912 high 8.0 multiple issues in gitlab arch
CVE-2021-39913 high 8.0 multiple issues in gitlab arch
CVE-2021-39934 high 8.0 multiple issues in gitlab arch
CVE-2021-39936 high 8.0 multiple issues in gitlab arch
CVE-2021-39933 high 8.0 multiple issues in gitlab arch
CVE-2021-30537 high 8.0 Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass cookie policy via a crafted HTML page. archdebian
CVE-2021-22239 high 8.0 multiple issues in gitlab arch
CVE-2021-43535 high 8.0 A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firef… debianrockylinux
CVE-2021-43534 high 8.0 Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enoug… debianrockylinux
CVE-2021-22215 high 8.0 information disclosure in gitlab arch
CVE-2021-30618 high 8.0 Chromium: CVE-2021-30618 Inappropriate implementation in DevTools archdebian
CVE-2021-29971 high 8.0 If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects … archdebian
CVE-2021-29959 high 8.0 When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only… archdebian
CVE-2021-30536 high 8.0 Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. archdebian
CVE-2021-4129 high 8.0 Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of t… debianrockylinux
CVE-2021-39888 high 8.0 multiple issues in gitlab arch
CVE-2021-38500 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… archdebianrockylinux
CVE-2021-38496 high 8.0 During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbir… archdebianrockylinux
CVE-2021-39885 high 8.0 multiple issues in gitlab arch
CVE-2021-21174 high 8.0 Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. archdebian
CVE-2021-29987 high 8.0 After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location,… archdebian
CVE-2021-39872 high 8.0 multiple issues in gitlab arch
CVE-2021-39873 high 8.0 multiple issues in gitlab arch
CVE-2021-30531 high 8.0 Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. archdebian
CVE-2021-22259 high 8.0 multiple issues in gitlab arch
CVE-2021-39875 high 8.0 multiple issues in gitlab arch
CVE-2021-41524 high 8.0 multiple issues in apache debianarch
CVE-2021-39891 high 8.0 multiple issues in gitlab arch
CVE-2021-39887 high 8.0 multiple issues in gitlab arch
CVE-2021-39886 high 8.0 multiple issues in gitlab arch
CVE-2021-39879 high 8.0 multiple issues in gitlab arch
CVE-2021-37960 high 8.0 multiple issues in chromium arch
CVE-2021-39890 high 8.0 multiple issues in gitlab arch
CVE-2021-39878 high 8.0 multiple issues in gitlab arch
CVE-2021-39874 high 8.0 multiple issues in gitlab arch
CVE-2021-39866 high 8.0 multiple issues in gitlab arch
CVE-2021-39883 high 8.0 multiple issues in gitlab arch
CVE-2021-26434 high 8.0 multiple issues in code arch
CVE-2021-41387 high 8.0 seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root. archdebian
CVE-2021-39175 high 8.0 cross-site scripting in hedgedoc arch
CVE-2021-32777 high 8.0 multiple issues in istio arch
CVE-2021-30631 high 8.0 arbitrary code execution in chromium arch
CVE-2021-22216 high 8.0 multiple issues in gitlab arch
CVE-2021-22213 high 8.0 multiple issues in gitlab arch
CVE-2021-32654 high 8.0 multiple issues in nextcloud arch
CVE-2021-22220 high 8.0 multiple issues in gitlab arch
CVE-2021-22221 high 8.0 multiple issues in gitlab arch
CVE-2021-22218 high 8.0 multiple issues in gitlab arch
CVE-2021-22214 high 8.0 multiple issues in gitlab arch
CVE-2021-32778 high 8.0 multiple issues in istio arch
CVE-2021-2264 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows low pr… archdebian