CVEs from 2021
Total
5,048
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%
Top products
- office 13
- 365_apps 6
- office_long_term_servicing_channel 6
- library_automation_system 5
- single_connect 4
- http_server 3
- solidfire 2
- student_information_management_system 2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2021-30592 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39885 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21172 | high | — | 8.0 | — | Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | |
| CVE-2021-30596 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-38016 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39900 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30594 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39888 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21215 | high | — | 8.0 | — | Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. | |
| CVE-2021-21214 | high | — | 8.0 | — | Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. | |
| CVE-2021-4052 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21203 | high | — | 8.0 | — | Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-37987 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21229 | high | — | 8.0 | — | Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |
| CVE-2021-4067 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-23995 | high | — | 8.0 | — | When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulner… | |
| CVE-2021-38007 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-29462 | high | — | 8.0 | — | The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because… | |
| CVE-2021-2086 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |
| CVE-2021-2126 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |
| CVE-2021-32305 | high | — | 8.0 | — | arbitrary command execution in websvn | |
| CVE-2021-30524 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37981 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-23985 | high | — | 8.0 | — | If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unno… | |
| CVE-2021-30593 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21190 | high | — | 8.0 | — | Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |
| CVE-2021-38006 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-33582 | high | — | 8.0 | — | Important: cyrus-imapd security update | |
| CVE-2021-38004 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37993 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-4064 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-38015 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39944 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-38496 | high | — | 8.0 | — | During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbir… | |
| CVE-2021-2283 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… | |
| CVE-2021-30588 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37986 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21174 | high | — | 8.0 | — | Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |
| CVE-2021-30576 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21189 | high | — | 8.0 | — | Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |
| CVE-2021-21205 | high | — | 8.0 | — | Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |
| CVE-2021-30590 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-29966 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2021-4063 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-29987 | high | — | 8.0 | — | After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location,… | |
| CVE-2021-37985 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39911 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-32734 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-37996 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-4068 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39941 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30574 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-22216 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-4054 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21167 | high | — | 8.0 | — | Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-29969 | high | — | 8.0 | — | If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore … | |
| CVE-2021-21163 | high | — | 8.0 | — | Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server. | |
| CVE-2021-29991 | high | — | 8.0 | — | Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affect… | |
| CVE-2021-32678 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-32703 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-30528 | high | — | 8.0 | — | Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their… | |
| CVE-2021-32726 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-22227 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-23997 | high | — | 8.0 | — | Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enough effort this could have been exploited to run arbitrary … | |
| CVE-2021-22211 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-38501 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |
| CVE-2021-4056 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30630 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-2145 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high… | |
| CVE-2021-23988 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2021-37995 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37990 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-2130 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |
| CVE-2021-21231 | high | — | 8.0 | — | Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-39945 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-1054 | high | — | 8.0 | — | multiple issues in nvidia-utils | |
| CVE-2021-32919 | high | — | 8.0 | — | An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not co… | |
| CVE-2021-37992 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-38013 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37962 | high | — | 8.0 | — | Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HT… | |
| CVE-2021-32921 | high | — | 8.0 | — | An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a… | |
| CVE-2021-23999 | high | — | 8.0 | — | If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vul… | |
| CVE-2021-39881 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-38021 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-29973 | high | — | 8.0 | — | Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user's password would be ente… | |
| CVE-2021-39940 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-2266 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high p… | |
| CVE-2021-38009 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-23971 | high | — | 8.0 | — | When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the… | |
| CVE-2021-2291 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows low … | |
| CVE-2021-39909 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39915 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21230 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-36952 | high | — | 8.0 | — | multiple issues in code | |
| CVE-2021-38011 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-38020 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30575 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37989 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-4059 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30627 | high | — | 8.0 | — | arbitrary code execution in chromium |