CVEs from 2021
Total
5,048
critical
critical 273
high
high 973
medium
medium 1,145
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%
Top products
- office 13
- 365_apps 6
- office_long_term_servicing_channel 6
- library_automation_system 5
- single_connect 4
- http_server 3
- solidfire 3
- hci_management_node 3
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2021-32657 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-21205 | high | — | 8.0 | — | Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |
| CVE-2021-30620 | high | — | 8.0 | — | Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink | |
| CVE-2021-30623 | high | — | 8.0 | — | Chromium: CVE-2021-30623 Use after free in Bookmarks | |
| CVE-2021-30517 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-2282 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… | |
| CVE-2021-32679 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-39867 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-43534 | high | — | 8.0 | — | Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enoug… | |
| CVE-2021-30564 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-35540 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows low pr… | |
| CVE-2021-39896 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-29946 | high | — | 8.0 | — | Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox … | |
| CVE-2021-36740 | high | — | 8.0 | — | Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, a… | |
| CVE-2021-2126 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |
| CVE-2021-23971 | high | — | 8.0 | — | When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the… | |
| CVE-2021-30609 | high | — | 8.0 | — | Chromium: CVE-2021-30609 Use after free in Sign-In | |
| CVE-2021-37994 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-23954 | high | — | 8.0 | — | Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability … | |
| CVE-2021-39944 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39940 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39899 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21158 | high | — | 8.0 | — | insufficient validation in chromium | |
| CVE-2021-30512 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-38491 | high | — | 8.0 | — | Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox < 92. | |
| CVE-2021-31618 | high | — | 8.0 | — | denial of service in apache | |
| CVE-2021-30541 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-30574 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37995 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37982 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30597 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37987 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-2264 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows low pr… | |
| CVE-2021-21261 | high | — | 8.0 | — | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to exec… | |
| CVE-2021-23961 | high | — | 8.0 | — | Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine.… | |
| CVE-2021-2250 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high p… | |
| CVE-2021-3998 | high | — | 8.0 | — | A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. | |
| CVE-2021-37960 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-32655 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-30521 | high | — | 8.0 | — | Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | |
| CVE-2021-21217 | high | — | 8.0 | — | Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |
| CVE-2021-30626 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-30596 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30526 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37997 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-43535 | high | — | 8.0 | — | A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firef… | |
| CVE-2021-29977 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2021-22211 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-37991 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39879 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39904 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22208 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21180 | high | — | 8.0 | — | Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-23964 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |
| CVE-2021-21152 | high | — | 8.0 | — | Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-37983 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21159 | high | — | 8.0 | — | Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30535 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30571 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30619 | high | — | 8.0 | — | Chromium: CVE-2021-30619 UI Spoofing in Autofill | |
| CVE-2021-30557 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-21196 | high | — | 8.0 | — | Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-21186 | high | — | 8.0 | — | Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a craft… | |
| CVE-2021-30509 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21185 | high | — | 8.0 | — | Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a cr… | |
| CVE-2021-30565 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-2124 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |
| CVE-2021-30608 | high | — | 8.0 | — | Chromium: CVE-2021-30608 Use after free in Web Share | |
| CVE-2021-39886 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-2073 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |
| CVE-2021-21231 | high | — | 8.0 | — | Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-2287 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… | |
| CVE-2021-21195 | high | — | 8.0 | — | Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-35538 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows low pr… | |
| CVE-2021-30590 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30515 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30510 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30523 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-23982 | high | — | 8.0 | — | Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRT… | |
| CVE-2021-30520 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37956 | high | — | 8.0 | — | Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted… | |
| CVE-2021-27803 | high | — | 8.0 | — | A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (poten… | |
| CVE-2021-23998 | high | — | 8.0 | — | Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Fir… | |
| CVE-2021-21168 | high | — | 8.0 | — | Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |
| CVE-2021-30555 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-1052 | high | — | 8.0 | — | multiple issues in nvidia-utils | |
| CVE-2021-32765 | high | — | 8.0 | — | Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` proto… | |
| CVE-2021-30603 | high | — | 8.0 | — | Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-21177 | high | — | 8.0 | — | Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |
| CVE-2021-21230 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-32305 | high | — | 8.0 | — | arbitrary command execution in websvn | |
| CVE-2021-30572 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30591 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21165 | high | — | 8.0 | — | Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-21156 | high | — | 8.0 | — | Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script. | |
| CVE-2021-32749 | high | — | 8.0 | — | fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to poss… | |
| CVE-2021-36377 | high | — | 8.0 | — | Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. | |
| CVE-2021-30616 | high | — | 8.0 | — | Chromium: CVE-2021-30616 Use after free in Media | |
| CVE-2021-29157 | high | — | 8.0 | — | Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled locatio… | |
| CVE-2021-39890 | high | — | 8.0 | — | multiple issues in gitlab |