VIR Vulnerability Intelligence Relay

CVEs from 2021

5,048 normalized CVEs published or assigned in this year.

Total
5,048
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-30537 high 8.0 multiple issues in chromium archdebian
CVE-2021-38494 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2021-23956 high 8.0 An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerabili… archdebian
CVE-2021-37971 high 8.0 Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. archdebian
CVE-2021-4065 high 8.0 multiple issues in chromium archdebian
CVE-2021-2126 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-4129 high 8.0 Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of t… debianrockylinux
CVE-2021-32777 high 8.0 multiple issues in istio arch
CVE-2021-21109 high 8.0 multiple issues in chromium archdebian
CVE-2021-29429 high 8.0 In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable t… archsusedebian
CVE-2021-21184 high 8.0 Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-43535 high 8.0 A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firef… debianrockylinux
CVE-2021-29976 high 8.0 Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort s… archsusedebianrockylinux
CVE-2021-3781 high 8.0 A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document… archsusedebian
CVE-2021-30510 high 8.0 multiple issues in chromium archdebian
CVE-2021-32778 high 8.0 multiple issues in istio arch
CVE-2021-38498 high 8.0 During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Fire… archsusedebianrockylinux
CVE-2021-42327 high 8.0 dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to th… archsusedebian
CVE-2021-22210 high 8.0 multiple issues in gitlab arch
CVE-2021-37970 high 8.0 Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21114 high 8.0 multiple issues in chromium archdebian
CVE-2021-2125 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-30629 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-21106 high 8.0 multiple issues in chromium archdebian
CVE-2021-21115 high 8.0 multiple issues in chromium archdebian
CVE-2021-35542 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-21112 high 8.0 multiple issues in chromium archdebian
CVE-2021-30579 high 8.0 multiple issues in chromium archdebian
CVE-2021-29980 high 8.0 Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunder… archsusedebianrockylinux
CVE-2021-37966 high 8.0 Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. archdebian
CVE-2021-1052 high 8.0 multiple issues in nvidia-utils archsusedebian
CVE-2021-21186 high 8.0 Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a craft… archdebian
CVE-2021-23955 high 8.0 The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85. archdebian
CVE-2021-21215 high 8.0 Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. archdebian
CVE-2021-2123 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-2281 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… archdebian
CVE-2021-21108 high 8.0 multiple issues in chromium archdebian
CVE-2021-2287 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… archdebian
CVE-2021-38505 high 8.0 Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain… archsusedebian
CVE-2021-22214 high 8.0 multiple issues in gitlab arch
CVE-2021-2409 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-35538 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows low pr… archdebian
CVE-2021-30562 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-39871 high 8.0 multiple issues in gitlab arch
CVE-2021-43908 high 8.0 multiple issues in code arch
CVE-2021-39892 high 8.0 multiple issues in gitlab arch
CVE-2021-38510 high 8.0 The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating s… archsusedebian
CVE-2021-22168 high 8.0 multiple issues in gitlab arch
CVE-2021-2291 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows low … archdebian
CVE-2021-39887 high 8.0 multiple issues in gitlab arch
CVE-2021-30582 high 8.0 multiple issues in chromium archdebian
CVE-2021-39175 high 8.0 cross-site scripting in hedgedoc arch
CVE-2021-30631 high 8.0 arbitrary code execution in chromium arch
CVE-2021-37972 high 8.0 Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-0535 high 8.0 multiple issues in wpa_supplicant arch
CVE-2021-30520 high 8.0 multiple issues in chromium archdebian
CVE-2021-22219 high 8.0 multiple issues in gitlab arch
CVE-2021-21149 high 8.0 Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. archdebian
CVE-2021-4076 high 8.0 A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys. archdebian
CVE-2021-30608 high 8.0 Chromium: CVE-2021-30608 Use after free in Web Share archdebian
CVE-2021-22236 high 8.0 multiple issues in gitlab arch
CVE-2021-29969 high 8.0 If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore … archsuserockylinuxdebian
CVE-2021-22166 high 8.0 multiple issues in gitlab arch
CVE-2021-30536 high 8.0 multiple issues in chromium archdebian
CVE-2021-22220 high 8.0 multiple issues in gitlab arch
CVE-2021-30613 high 8.0 Chromium: CVE-2021-30613 Use after free in Base internals archdebian
CVE-2021-30617 high 8.0 Chromium: CVE-2021-30617 Policy bypass in Blink archdebian
CVE-2021-32654 high 8.0 multiple issues in nextcloud arch
CVE-2021-30543 high 8.0 multiple issues in chromium archdebian
CVE-2021-29990 high 8.0 Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… archsusedebian
CVE-2021-29975 high 8.0 Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly… archsusedebian
CVE-2021-30517 high 8.0 multiple issues in chromium archdebian
CVE-2021-38491 high 8.0 Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox < 92. archsusedebian
CVE-2021-30521 high 8.0 Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. archdebian
CVE-2021-29948 high 8.0 Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file. This vulnerability affects… archsusedebian
CVE-2021-39934 high 8.0 multiple issues in gitlab arch
CVE-2021-39875 high 8.0 multiple issues in gitlab arch
CVE-2021-23985 high 8.0 If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unno… archsusedebian
CVE-2021-33833 high 8.0 ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA). archdebiansuse
CVE-2021-22213 high 8.0 multiple issues in gitlab arch
CVE-2021-23978 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… archsusedebian
CVE-2021-41524 high 8.0 multiple issues in apache debianarch
CVE-2021-39917 high 8.0 multiple issues in gitlab arch
CVE-2021-43891 high 8.0 multiple issues in code arch
CVE-2021-22221 high 8.0 multiple issues in gitlab arch
CVE-2021-23982 high 8.0 Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRT… archsusedebian
CVE-2021-21211 high 8.0 Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-30465 high 8.0 Important: container-tools:3.0 security update almalinuxarchsuserockylinux+2
CVE-2021-28473 high 8.0 arbitrary code execution in code arch
CVE-2021-22223 high 8.0 multiple issues in gitlab arch
CVE-2021-22225 high 8.0 multiple issues in gitlab arch
CVE-2021-30512 high 8.0 multiple issues in chromium archdebian
CVE-2021-39893 high 8.0 multiple issues in gitlab arch
CVE-2021-21107 high 8.0 multiple issues in chromium archdebian
CVE-2021-22230 high 8.0 multiple issues in gitlab arch
CVE-2021-21226 high 8.0 multiple issues in chromium archdebian
CVE-2021-32733 high 8.0 multiple issues in nextcloud arch
CVE-2021-22231 high 8.0 multiple issues in gitlab arch
CVE-2021-22226 high 8.0 multiple issues in gitlab arch
CVE-2021-1056 high 8.0 multiple issues in nvidia-utils archsusedebian