CVEs from 2021
Total
5,210
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
5.2%
% with KEV
4.1%
% with exploit
4.1%
Top products
- office 13
- 365_apps 6
- office_long_term_servicing_channel 6
- library_automation_system 5
- single_connect 4
- http_server 3
- solidfire 2
- student_information_management_system 2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2021-21207 | high | — | 8.0 | — | Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chro… | |
| CVE-2021-21223 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21111 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37991 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30526 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30607 | high | — | 8.0 | — | Chromium: CVE-2021-30607 Use after free in Permissions | |
| CVE-2021-21222 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37979 | high | — | 8.0 | — | heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a craf… | |
| CVE-2021-39933 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-29982 | high | — | 8.0 | — | Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 an… | |
| CVE-2021-21192 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-37988 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21116 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30531 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21191 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-39911 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39901 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21115 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21114 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39896 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39900 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21106 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39867 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22259 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39885 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39888 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21185 | high | — | 8.0 | — | Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a cr… | |
| CVE-2021-22215 | high | — | 8.0 | — | information disclosure in gitlab | |
| CVE-2021-22239 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21109 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-28475 | high | — | 8.0 | — | arbitrary code execution in code | |
| CVE-2021-32679 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-32657 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-22209 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22210 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-37985 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-4063 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-29987 | high | — | 8.0 | — | After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location,… | |
| CVE-2021-37982 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39870 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22171 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22168 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30630 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-1051 | high | — | 8.0 | — | multiple issues in nvidia-utils | |
| CVE-2021-4058 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-38496 | high | — | 8.0 | — | During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbir… | |
| CVE-2021-30594 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-25215 | high | — | 8.0 | — | Important: bind security update | |
| CVE-2021-39906 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39909 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30575 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-29962 | high | — | 8.0 | — | Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnera… | |
| CVE-2021-4061 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39941 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-26925 | high | — | 8.0 | — | Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering. | |
| CVE-2021-1053 | high | — | 8.0 | — | multiple issues in nvidia-utils | |
| CVE-2021-30627 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-1052 | high | — | 8.0 | — | multiple issues in nvidia-utils | |
| CVE-2021-30593 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-38500 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |
| CVE-2021-38022 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-38300 | high | — | 8.0 | — | arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel co… | |
| CVE-2021-30589 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-4129 | high | — | 8.0 | — | Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of t… | |
| CVE-2021-41524 | high | — | 8.0 | — | multiple issues in apache | |
| CVE-2021-39914 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30578 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30606 | high | — | 8.0 | — | Chromium: CVE-2021-30606 Use after free in Blink | |
| CVE-2021-38013 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37968 | high | — | 8.0 | — | Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2021-30574 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-41611 | high | — | 8.0 | — | An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem all… | |
| CVE-2021-42327 | high | — | 8.0 | — | dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to th… | |
| CVE-2021-39891 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30626 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-39913 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-38008 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-3405 | high | — | 8.0 | — | A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml. | |
| CVE-2021-30596 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30613 | high | — | 8.0 | — | Chromium: CVE-2021-30613 Use after free in Base internals | |
| CVE-2021-39878 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-44879 | high | — | 8.0 | — | In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference. | |
| CVE-2021-37993 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-29971 | high | — | 8.0 | — | If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects … | |
| CVE-2021-4056 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37965 | high | — | 8.0 | — | Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2021-30592 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30616 | high | — | 8.0 | — | Chromium: CVE-2021-30616 Use after free in Media | |
| CVE-2021-30600 | high | — | 8.0 | — | Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-20305 | high | — | 8.0 | — | A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply fun… | |
| CVE-2021-30591 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30508 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-4054 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39932 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30608 | high | — | 8.0 | — | Chromium: CVE-2021-30608 Use after free in Web Share | |
| CVE-2021-37983 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30590 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21170 | high | — | 8.0 | — | Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted … | |
| CVE-2021-30588 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30536 | high | — | 8.0 | — | multiple issues in chromium |