VIR Vulnerability Intelligence Relay

CVEs from 2021

5,048 normalized CVEs published or assigned in this year.

Total
5,048
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-22167 high 8.0 multiple issues in gitlab arch
CVE-2021-29982 high 8.0 Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 an… archdebian
CVE-2021-37986 high 8.0 multiple issues in chromium archdebian
CVE-2021-30612 high 8.0 Chromium: CVE-2021-30612 Use after free in WebRTC archdebian
CVE-2021-30531 high 8.0 multiple issues in chromium archdebian
CVE-2021-38494 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2021-30591 high 8.0 multiple issues in chromium archdebian
CVE-2021-23998 high 8.0 Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Fir… archsusedebian
CVE-2021-36377 high 8.0 Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. archdebian
CVE-2021-30585 high 8.0 multiple issues in chromium archdebian
CVE-2021-4055 high 8.0 multiple issues in chromium archdebian
CVE-2021-32749 high 8.0 fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to poss… archdebian
CVE-2021-26925 high 8.0 Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering. archdebian
CVE-2021-37990 high 8.0 multiple issues in chromium archdebian
CVE-2021-30617 high 8.0 Chromium: CVE-2021-30617 Policy bypass in Blink archdebian
CVE-2021-21186 high 8.0 Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a craft… archdebian
CVE-2021-37956 high 8.0 Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted… archdebian
CVE-2021-38016 high 8.0 multiple issues in chromium archdebian
CVE-2021-21229 high 8.0 Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. archdebian
CVE-2021-39884 high 8.0 multiple issues in gitlab arch
CVE-2021-30522 high 8.0 multiple issues in chromium archdebian
CVE-2021-32765 high 8.0 Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` proto… archdebian
CVE-2021-37968 high 8.0 Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-39896 high 8.0 multiple issues in gitlab arch
CVE-2021-28473 high 8.0 arbitrary code execution in code arch
CVE-2021-30602 high 8.0 Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-39933 high 8.0 multiple issues in gitlab arch
CVE-2021-39932 high 8.0 multiple issues in gitlab arch
CVE-2021-38006 high 8.0 multiple issues in chromium archdebian
CVE-2021-38015 high 8.0 multiple issues in chromium archdebian
CVE-2021-38004 high 8.0 multiple issues in chromium archdebian
CVE-2021-38007 high 8.0 multiple issues in chromium archdebian
CVE-2021-28471 high 8.0 arbitrary code execution in code arch
CVE-2021-28457 high 8.0 arbitrary code execution in code arch
CVE-2021-30524 high 8.0 multiple issues in chromium archdebian
CVE-2021-21183 high 8.0 Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-43529 high 8.0 Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerabl… suserockylinuxdebian
CVE-2021-39874 high 8.0 multiple issues in gitlab arch
CVE-2021-21214 high 8.0 Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. archdebian
CVE-2021-38019 high 8.0 multiple issues in chromium archdebian
CVE-2021-36740 high 8.0 Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, a… suserockylinuxdebian
CVE-2021-41387 high 8.0 seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root. archdebian
CVE-2021-26434 high 8.0 multiple issues in code arch
CVE-2021-22236 high 8.0 multiple issues in gitlab arch
CVE-2021-21196 high 8.0 Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-32777 high 8.0 multiple issues in istio arch
CVE-2021-22213 high 8.0 multiple issues in gitlab arch
CVE-2021-22220 high 8.0 multiple issues in gitlab arch
CVE-2021-38014 high 8.0 multiple issues in chromium archdebian
CVE-2021-33833 high 8.0 ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA). archdebiansuse
CVE-2021-38018 high 8.0 multiple issues in chromium archdebian
CVE-2021-24002 high 8.0 When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. Th… archsusedebian
CVE-2021-30622 high 8.0 Chromium: CVE-2021-30622 Use after free in WebApp Installs archdebian
CVE-2021-30578 high 8.0 multiple issues in chromium archdebian
CVE-2021-22206 high 8.0 multiple issues in gitlab arch
CVE-2021-39871 high 8.0 multiple issues in gitlab arch
CVE-2021-38020 high 8.0 multiple issues in chromium archdebian
CVE-2021-37965 high 8.0 Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-0535 high 8.0 multiple issues in wpa_supplicant arch
CVE-2021-37993 high 8.0 multiple issues in chromium archdebian
CVE-2021-21199 high 8.0 Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pa… archdebian
CVE-2021-22219 high 8.0 multiple issues in gitlab arch
CVE-2021-39870 high 8.0 multiple issues in gitlab arch
CVE-2021-23978 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… archsusedebian
CVE-2021-38022 high 8.0 multiple issues in chromium archdebian
CVE-2021-29984 high 8.0 Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploi… archsusedebianrockylinux
CVE-2021-37981 high 8.0 multiple issues in chromium archdebian
CVE-2021-32688 high 8.0 multiple issues in nextcloud arch
CVE-2021-30593 high 8.0 multiple issues in chromium archdebian
CVE-2021-32655 high 8.0 multiple issues in nextcloud arch
CVE-2021-39893 high 8.0 multiple issues in gitlab arch
CVE-2021-38371 high 8.0 The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. archdebian
CVE-2021-38002 high 8.0 multiple issues in chromium archdebian
CVE-2021-37982 high 8.0 multiple issues in chromium archdebian
CVE-2021-28660 high 8.0 rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org rele… archsusedebian
CVE-2021-23965 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2021-21212 high 8.0 Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP. archdebian
CVE-2021-37996 high 8.0 multiple issues in chromium archdebian
CVE-2021-4061 high 8.0 multiple issues in chromium archdebian
CVE-2021-43535 high 8.0 A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firef… debianrockylinux
CVE-2021-22915 high 8.0 multiple issues in nextcloud arch
CVE-2021-30589 high 8.0 multiple issues in chromium archdebian
CVE-2021-30465 high 8.0 Important: container-tools:3.0 security update almalinuxarchsuserockylinux+2
CVE-2021-21202 high 8.0 Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chr… archdebian
CVE-2021-29956 high 8.0 OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those k… archsuserockylinuxdebian
CVE-2021-30597 high 8.0 multiple issues in chromium archdebian
CVE-2021-4053 high 8.0 multiple issues in chromium archdebian
CVE-2021-37984 high 8.0 multiple issues in chromium archdebian
CVE-2021-30574 high 8.0 multiple issues in chromium archdebian
CVE-2021-38008 high 8.0 multiple issues in chromium archdebian
CVE-2021-39877 high 8.0 multiple issues in gitlab arch
CVE-2021-4067 high 8.0 multiple issues in chromium archdebian
CVE-2021-29987 high 8.0 After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location,… archdebian
CVE-2021-38500 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… archdebianrockylinux
CVE-2021-30592 high 8.0 multiple issues in chromium archdebian
CVE-2021-38496 high 8.0 During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbir… archdebianrockylinux
CVE-2021-38013 high 8.0 multiple issues in chromium archdebian
CVE-2021-39904 high 8.0 multiple issues in gitlab arch
CVE-2021-37983 high 8.0 multiple issues in chromium archdebian
CVE-2021-41259 high 8.0 multiple issues in nim arch