VIR Vulnerability Intelligence Relay

CVEs from 2021

5,210 normalized CVEs published or assigned in this year.

Total
5,210
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
5.2%
% with KEV
4.1%
% with exploit
4.1%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-21115 high 8.0 multiple issues in chromium archdebian
CVE-2021-21162 high 8.0 Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-29972 high 8.0 A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilit… archsusedebian
CVE-2021-21107 high 8.0 multiple issues in chromium archdebian
CVE-2021-30520 high 8.0 multiple issues in chromium archdebian
CVE-2021-28660 high 8.0 rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org rele… archsusedebian
CVE-2021-29265 high 8.0 An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race… archsusedebian
CVE-2021-21231 high 8.0 Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30526 high 8.0 multiple issues in chromium archdebian
CVE-2021-22221 high 8.0 multiple issues in gitlab arch
CVE-2021-21150 high 8.0 Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted… archdebian
CVE-2021-25215 high 8.0 Important: bind security update debianarchsuserockylinux
CVE-2021-30537 high 8.0 multiple issues in chromium archdebian
CVE-2021-21168 high 8.0 Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. archdebian
CVE-2021-22223 high 8.0 multiple issues in gitlab arch
CVE-2021-42327 high 8.0 dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to th… archsusedebian
CVE-2021-21111 high 8.0 multiple issues in chromium archdebian
CVE-2021-38005 high 8.0 multiple issues in chromium archdebian
CVE-2021-30538 high 8.0 multiple issues in chromium archdebian
CVE-2021-1056 high 8.0 multiple issues in nvidia-utils archsusedebian
CVE-2021-21205 high 8.0 Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. archdebian
CVE-2021-27803 high 8.0 A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (poten… archsusedebian
CVE-2021-23960 high 8.0 Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, an… archsusedebian
CVE-2021-23982 high 8.0 Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRT… archsusedebian
CVE-2021-21110 high 8.0 multiple issues in chromium archdebian
CVE-2021-30598 high 8.0 Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. archdebian
CVE-2021-21165 high 8.0 Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-22167 high 8.0 multiple issues in gitlab arch
CVE-2021-37977 high 8.0 Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-4064 high 8.0 multiple issues in chromium archdebian
CVE-2021-29948 high 8.0 Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file. This vulnerability affects… archsusedebian
CVE-2021-29946 high 8.0 Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox … archsusedebian
CVE-2021-38300 high 8.0 arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel co… archdebian
CVE-2021-31618 high 8.0 denial of service in apache debianarchsuse
CVE-2021-30601 high 8.0 Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted… archdebian
CVE-2021-38021 high 8.0 multiple issues in chromium archdebian
CVE-2021-23997 high 8.0 Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enough effort this could have been exploited to run arbitrary … archsusedebian
CVE-2021-4065 high 8.0 multiple issues in chromium archdebian
CVE-2021-4068 high 8.0 multiple issues in chromium archdebian
CVE-2021-4067 high 8.0 multiple issues in chromium archdebian
CVE-2021-4062 high 8.0 multiple issues in chromium archdebian
CVE-2021-4066 high 8.0 multiple issues in chromium archdebian
CVE-2021-4057 high 8.0 multiple issues in chromium archdebian
CVE-2021-4052 high 8.0 multiple issues in chromium archdebian
CVE-2021-38017 high 8.0 multiple issues in chromium archdebian
CVE-2021-4063 high 8.0 multiple issues in chromium archdebian
CVE-2021-4058 high 8.0 multiple issues in chromium archdebian
CVE-2021-4061 high 8.0 multiple issues in chromium archdebian
CVE-2021-38022 high 8.0 multiple issues in chromium archdebian
CVE-2021-38013 high 8.0 multiple issues in chromium archdebian
CVE-2021-38008 high 8.0 multiple issues in chromium archdebian
CVE-2021-4056 high 8.0 multiple issues in chromium archdebian
CVE-2021-4054 high 8.0 multiple issues in chromium archdebian
CVE-2021-4055 high 8.0 multiple issues in chromium archdebian
CVE-2021-4053 high 8.0 multiple issues in chromium archdebian
CVE-2021-38019 high 8.0 multiple issues in chromium archdebian
CVE-2021-38020 high 8.0 multiple issues in chromium archdebian
CVE-2021-38018 high 8.0 multiple issues in chromium archdebian
CVE-2021-38014 high 8.0 multiple issues in chromium archdebian
CVE-2021-38012 high 8.0 multiple issues in chromium archdebian
CVE-2021-38011 high 8.0 multiple issues in chromium archdebian
CVE-2021-38016 high 8.0 multiple issues in chromium archdebian
CVE-2021-38009 high 8.0 multiple issues in chromium archdebian
CVE-2021-38015 high 8.0 multiple issues in chromium archdebian
CVE-2021-38007 high 8.0 multiple issues in chromium archdebian
CVE-2021-38006 high 8.0 multiple issues in chromium archdebian
CVE-2021-38004 high 8.0 multiple issues in chromium archdebian
CVE-2021-39885 high 8.0 multiple issues in gitlab arch
CVE-2021-23975 high 8.0 The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof funct… archsusedebian
CVE-2021-29157 high 8.0 Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled locatio… archdebiansuse
CVE-2021-37971 high 8.0 Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. archdebian
CVE-2021-37972 high 8.0 Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-23998 high 8.0 Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Fir… archsusedebian
CVE-2021-22209 high 8.0 multiple issues in gitlab arch
CVE-2021-32657 high 8.0 multiple issues in nextcloud arch
CVE-2021-32679 high 8.0 multiple issues in nextcloud arch
CVE-2021-22215 high 8.0 information disclosure in gitlab arch
CVE-2021-39888 high 8.0 multiple issues in gitlab arch
CVE-2021-43540 high 8.0 WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects … archsusedebian
CVE-2021-3570 high 8.0 A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or pote… suserockylinuxdebian
CVE-2021-20179 high 8.0 Important: pki-core:10.6 security update debianrockylinux
CVE-2021-35560 high 8.0 Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated att… archsusedebian
CVE-2021-30465 high 8.0 Important: container-tools:3.0 security update almalinuxarchsuserockylinux+2
CVE-2021-29427 high 8.0 In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gra… archsusedebian
CVE-2021-25746 high 8.0 information disclosure in kubectl-ingress-nginx archsuse
CVE-2021-22259 high 8.0 multiple issues in gitlab arch
CVE-2021-25217 high 8.0 Important: dhcp security update archsusedebianrockylinux
CVE-2021-37979 high 8.0 heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a craf… archdebian
CVE-2021-28544 high 8.0 Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a… archsusedebian
CVE-2021-21207 high 8.0 Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chro… archdebian
CVE-2021-37966 high 8.0 Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. archdebian
CVE-2021-21202 high 8.0 Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chr… archdebian
CVE-2021-23994 high 8.0 A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. archsusedebian
CVE-2021-21196 high 8.0 Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-37965 high 8.0 Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-37980 high 8.0 Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. archdebian
CVE-2021-29957 high 8.0 If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are … archsuserockylinuxdebian
CVE-2021-29966 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2021-32918 high 8.0 An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.… archdebian
CVE-2021-29965 high 8.0 A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that… archdebian