VIR Vulnerability Intelligence Relay

CVEs from 2021

5,210 normalized CVEs published or assigned in this year.

Total
5,210
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
5.2%
% with KEV
4.1%
% with exploit
4.1%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-21203 high 8.0 Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-39911 high 8.0 multiple issues in gitlab arch
CVE-2021-21227 high 8.0 Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21229 high 8.0 Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. archdebian
CVE-2021-39884 high 8.0 multiple issues in gitlab arch
CVE-2021-21232 high 8.0 Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-23954 high 8.0 Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability … archsusedebian
CVE-2021-4059 high 8.0 multiple issues in chromium archdebian
CVE-2021-4064 high 8.0 multiple issues in chromium archdebian
CVE-2021-21228 high 8.0 Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a … archdebian
CVE-2021-22239 high 8.0 multiple issues in gitlab arch
CVE-2021-38007 high 8.0 multiple issues in chromium archdebian
CVE-2021-38006 high 8.0 multiple issues in chromium archdebian
CVE-2021-38004 high 8.0 multiple issues in chromium archdebian
CVE-2021-38001 high 8.0 multiple issues in chromium archdebian
CVE-2021-38005 high 8.0 multiple issues in chromium archdebian
CVE-2021-37995 high 8.0 multiple issues in chromium archdebian
CVE-2021-37993 high 8.0 multiple issues in chromium archdebian
CVE-2021-30511 high 8.0 multiple issues in chromium archdebian
CVE-2021-30512 high 8.0 multiple issues in chromium archdebian
CVE-2021-37994 high 8.0 multiple issues in chromium archdebian
CVE-2021-30571 high 8.0 multiple issues in chromium archdebian
CVE-2021-30596 high 8.0 multiple issues in chromium archdebian
CVE-2021-37998 high 8.0 multiple issues in chromium archdebian
CVE-2021-37996 high 8.0 multiple issues in chromium archdebian
CVE-2021-37990 high 8.0 multiple issues in chromium archdebian
CVE-2021-37991 high 8.0 multiple issues in chromium archdebian
CVE-2021-37989 high 8.0 multiple issues in chromium archdebian
CVE-2021-37988 high 8.0 multiple issues in chromium archdebian
CVE-2021-37981 high 8.0 multiple issues in chromium archdebian
CVE-2021-37987 high 8.0 multiple issues in chromium archdebian
CVE-2021-37984 high 8.0 multiple issues in chromium archdebian
CVE-2021-30593 high 8.0 multiple issues in chromium archdebian
CVE-2021-37986 high 8.0 multiple issues in chromium archdebian
CVE-2021-37985 high 8.0 multiple issues in chromium archdebian
CVE-2021-37982 high 8.0 multiple issues in chromium archdebian
CVE-2021-30630 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30594 high 8.0 multiple issues in chromium archdebian
CVE-2021-30575 high 8.0 multiple issues in chromium archdebian
CVE-2021-30622 high 8.0 Chromium: CVE-2021-30622 Use after free in WebApp Installs archdebian
CVE-2021-21156 high 8.0 Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script. archdebian
CVE-2021-21207 high 8.0 Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chro… archdebian
CVE-2021-21116 high 8.0 multiple issues in chromium archdebian
CVE-2021-30614 high 8.0 Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip archdebian
CVE-2021-38499 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2021-37977 high 8.0 Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-20247 high 8.0 A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailb… archdebian
CVE-2021-38013 high 8.0 multiple issues in chromium archdebian
CVE-2021-38371 high 8.0 The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. archdebian
CVE-2021-4066 high 8.0 multiple issues in chromium archdebian
CVE-2021-4063 high 8.0 multiple issues in chromium archdebian
CVE-2021-22206 high 8.0 multiple issues in gitlab arch
CVE-2021-2266 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-29959 high 8.0 When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only… archdebian
CVE-2021-4055 high 8.0 multiple issues in chromium archdebian
CVE-2021-30619 high 8.0 Chromium: CVE-2021-30619 UI Spoofing in Autofill archdebian
CVE-2021-38019 high 8.0 multiple issues in chromium archdebian
CVE-2021-4062 high 8.0 multiple issues in chromium archdebian
CVE-2021-30542 high 8.0 multiple issues in chromium archdebian
CVE-2021-21212 high 8.0 Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP. archdebian
CVE-2021-23961 high 8.0 Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine.… archsusedebian
CVE-2021-30617 high 8.0 Chromium: CVE-2021-30617 Policy bypass in Blink archdebian
CVE-2021-29971 high 8.0 If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects … archdebian
CVE-2021-23982 high 8.0 Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRT… archsusedebian
CVE-2021-29960 high 8.0 Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined … archdebian
CVE-2021-1054 high 8.0 multiple issues in nvidia-utils arch
CVE-2021-38017 high 8.0 multiple issues in chromium archdebian
CVE-2021-4057 high 8.0 multiple issues in chromium archdebian
CVE-2021-4052 high 8.0 multiple issues in chromium archdebian
CVE-2021-29957 high 8.0 If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are … archsuserockylinuxdebian
CVE-2021-38012 high 8.0 multiple issues in chromium archdebian
CVE-2021-30607 high 8.0 Chromium: CVE-2021-30607 Use after free in Permissions archdebian
CVE-2021-30604 high 8.0 Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-22232 high 8.0 multiple issues in gitlab arch
CVE-2021-2126 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-21191 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-22227 high 8.0 multiple issues in gitlab arch
CVE-2021-22208 high 8.0 multiple issues in gitlab arch
CVE-2021-22223 high 8.0 multiple issues in gitlab arch
CVE-2021-2074 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-22225 high 8.0 multiple issues in gitlab arch
CVE-2021-38502 high 8.0 Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the auth… archrockylinuxdebian
CVE-2021-21110 high 8.0 multiple issues in chromium archdebian
CVE-2021-28544 high 8.0 Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a… archsusedebian
CVE-2021-38020 high 8.0 multiple issues in chromium archdebian
CVE-2021-4054 high 8.0 multiple issues in chromium archdebian
CVE-2021-4058 high 8.0 multiple issues in chromium archdebian
CVE-2021-35540 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows low pr… archdebian
CVE-2021-32741 high 8.0 multiple issues in nextcloud arch
CVE-2021-38008 high 8.0 multiple issues in chromium archdebian
CVE-2021-32751 high 8.0 Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code e… archsusedebian
CVE-2021-21162 high 8.0 Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-4068 high 8.0 multiple issues in chromium archdebian
CVE-2021-38015 high 8.0 multiple issues in chromium archdebian
CVE-2021-29973 high 8.0 Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user's password would be ente… archdebian
CVE-2021-4065 high 8.0 multiple issues in chromium archdebian
CVE-2021-4067 high 8.0 multiple issues in chromium archdebian
CVE-2021-21106 high 8.0 multiple issues in chromium archdebian
CVE-2021-21107 high 8.0 multiple issues in chromium archdebian
CVE-2021-30528 high 8.0 Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their… archdebian