VIR Vulnerability Intelligence Relay

CVEs from 2021

5,048 normalized CVEs published or assigned in this year.

Total
5,048
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-39901 high 8.0 multiple issues in gitlab arch
CVE-2021-22216 high 8.0 multiple issues in gitlab arch
CVE-2021-21232 high 8.0 Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30615 high 8.0 Chromium: CVE-2021-30615 Cross-origin data leak in Navigation archdebian
CVE-2021-25746 high 8.0 information disclosure in kubectl-ingress-nginx archsuse
CVE-2021-22167 high 8.0 multiple issues in gitlab arch
CVE-2021-39896 high 8.0 multiple issues in gitlab arch
CVE-2021-39900 high 8.0 multiple issues in gitlab arch
CVE-2021-30622 high 8.0 Chromium: CVE-2021-30622 Use after free in WebApp Installs archdebian
CVE-2021-30614 high 8.0 Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip archdebian
CVE-2021-39867 high 8.0 multiple issues in gitlab arch
CVE-2021-39885 high 8.0 multiple issues in gitlab arch
CVE-2021-22259 high 8.0 multiple issues in gitlab arch
CVE-2021-30601 high 8.0 Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted… archdebian
CVE-2021-22214 high 8.0 multiple issues in gitlab arch
CVE-2021-39888 high 8.0 multiple issues in gitlab arch
CVE-2021-22236 high 8.0 multiple issues in gitlab arch
CVE-2021-37957 high 8.0 Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-22181 high 8.0 multiple issues in gitlab arch
CVE-2021-32653 high 8.0 multiple issues in nextcloud arch
CVE-2021-22215 high 8.0 information disclosure in gitlab arch
CVE-2021-30623 high 8.0 Chromium: CVE-2021-30623 Use after free in Bookmarks archdebian
CVE-2021-28471 high 8.0 arbitrary code execution in code arch
CVE-2021-22239 high 8.0 multiple issues in gitlab arch
CVE-2021-30624 high 8.0 Chromium: CVE-2021-30624 Use after free in Autofill archdebian
CVE-2021-28475 high 8.0 arbitrary code execution in code arch
CVE-2021-39868 high 8.0 multiple issues in gitlab arch
CVE-2021-39884 high 8.0 multiple issues in gitlab arch
CVE-2021-32679 high 8.0 multiple issues in nextcloud arch
CVE-2021-30599 high 8.0 Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. archdebian
CVE-2021-32749 high 8.0 fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to poss… archdebian
CVE-2021-39917 high 8.0 multiple issues in gitlab arch
CVE-2021-30612 high 8.0 Chromium: CVE-2021-30612 Use after free in WebRTC archdebian
CVE-2021-30508 high 8.0 multiple issues in chromium archdebian
CVE-2021-32657 high 8.0 multiple issues in nextcloud arch
CVE-2021-37983 high 8.0 multiple issues in chromium archdebian
CVE-2021-38496 high 8.0 During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbir… archdebianrockylinux
CVE-2021-22209 high 8.0 multiple issues in gitlab arch
CVE-2021-22210 high 8.0 multiple issues in gitlab arch
CVE-2021-32733 high 8.0 multiple issues in nextcloud arch
CVE-2021-2283 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… archdebian
CVE-2021-32678 high 8.0 multiple issues in nextcloud arch
CVE-2021-30600 high 8.0 Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-22226 high 8.0 multiple issues in gitlab arch
CVE-2021-39940 high 8.0 multiple issues in gitlab arch
CVE-2021-32680 high 8.0 multiple issues in nextcloud arch
CVE-2021-27064 high 8.0 privilege escalation in code arch
CVE-2021-32725 high 8.0 multiple issues in nextcloud arch
CVE-2021-22890 high 8.0 curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.… archdebiansuse
CVE-2021-39881 high 8.0 multiple issues in gitlab arch
CVE-2021-22227 high 8.0 multiple issues in gitlab arch
CVE-2021-22232 high 8.0 multiple issues in gitlab arch
CVE-2021-23994 high 8.0 A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. archsusedebian
CVE-2021-29982 high 8.0 Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 an… archdebian
CVE-2021-29503 high 8.0 cross-site scripting in hedgedoc arch
CVE-2021-32305 high 8.0 arbitrary command execution in websvn arch
CVE-2021-2125 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-30629 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-39937 high 8.0 multiple issues in gitlab arch
CVE-2021-39932 high 8.0 multiple issues in gitlab arch
CVE-2021-23987 high 8.0 Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enoug… archsusedebian
CVE-2021-30528 high 8.0 Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their… archdebian
CVE-2021-30529 high 8.0 multiple issues in chromium archdebian
CVE-2021-37963 high 8.0 Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. archdebian
CVE-2021-23970 high 8.0 Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86. archsusedebian
CVE-2021-37968 high 8.0 Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-20179 high 8.0 Important: pki-core:10.6 security update debianrockylinux
CVE-2021-35560 high 8.0 Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated att… archsusedebian
CVE-2021-37997 high 8.0 multiple issues in chromium archdebian
CVE-2021-39877 high 8.0 multiple issues in gitlab arch
CVE-2021-41611 high 8.0 An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem all… archdebian
CVE-2021-21230 high 8.0 Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-39898 high 8.0 multiple issues in gitlab arch
CVE-2021-2264 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows low pr… archdebian
CVE-2021-26925 high 8.0 Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering. archdebian
CVE-2021-44879 high 8.0 In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference. archsusedebian
CVE-2021-21228 high 8.0 Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a … archdebian
CVE-2021-42327 high 8.0 dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to th… archsusedebian
CVE-2021-21169 high 8.0 Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. archdebian
CVE-2021-21198 high 8.0 Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. archdebian
CVE-2021-30535 high 8.0 multiple issues in chromium archdebian
CVE-2021-39870 high 8.0 multiple issues in gitlab arch
CVE-2021-23964 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… archsusedebian
CVE-2021-23981 high 8.0 A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information lea… archsusedebian
CVE-2021-39909 high 8.0 multiple issues in gitlab arch
CVE-2021-30628 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-1053 high 8.0 multiple issues in nvidia-utils archsusedebian
CVE-2021-30581 high 8.0 multiple issues in chromium archdebian
CVE-2021-1052 high 8.0 multiple issues in nvidia-utils archsusedebian
CVE-2021-39934 high 8.0 multiple issues in gitlab arch
CVE-2021-39913 high 8.0 multiple issues in gitlab arch
CVE-2021-37961 high 8.0 Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-20305 high 8.0 A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply fun… archsuserockylinuxdebian
CVE-2021-29957 high 8.0 If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are … archsuserockylinuxdebian
CVE-2021-39933 high 8.0 multiple issues in gitlab arch
CVE-2021-42322 high 8.0 multiple issues in code arch
CVE-2021-22166 high 8.0 multiple issues in gitlab arch
CVE-2021-21227 high 8.0 Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-39915 high 8.0 multiple issues in gitlab arch
CVE-2021-39945 high 8.0 multiple issues in gitlab arch