CVEs from 2021
Total
5,048
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%
Top products
- office 13
- 365_apps 6
- office_long_term_servicing_channel 6
- library_automation_system 5
- single_connect 4
- http_server 3
- solidfire 2
- student_information_management_system 2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2021-21173 | high | — | 8.0 | — | Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2021-37962 | high | — | 8.0 | — | Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HT… | |
| CVE-2021-21172 | high | — | 8.0 | — | Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | |
| CVE-2021-30581 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21163 | high | — | 8.0 | — | Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server. | |
| CVE-2021-32921 | high | — | 8.0 | — | An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a… | |
| CVE-2021-30540 | high | — | 8.0 | — | Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |
| CVE-2021-33582 | high | — | 8.0 | — | Important: cyrus-imapd security update | |
| CVE-2021-30521 | high | — | 8.0 | — | Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | |
| CVE-2021-21228 | high | — | 8.0 | — | Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a … | |
| CVE-2021-21208 | high | — | 8.0 | — | Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code. | |
| CVE-2021-21176 | high | — | 8.0 | — | Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |
| CVE-2021-29964 | high | — | 8.0 | — | A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operat… | |
| CVE-2021-41387 | high | — | 8.0 | — | seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root. | |
| CVE-2021-29982 | high | — | 8.0 | — | Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 an… | |
| CVE-2021-42322 | high | — | 8.0 | — | multiple issues in code | |
| CVE-2021-30610 | high | — | 8.0 | — | Chromium: CVE-2021-30610 Use after free in Extensions API | |
| CVE-2021-21165 | high | — | 8.0 | — | Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-2264 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows low pr… | |
| CVE-2021-21219 | high | — | 8.0 | — | Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |
| CVE-2021-37971 | high | — | 8.0 | — | Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |
| CVE-2021-30627 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-22227 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-3570 | high | — | 8.0 | — | A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or pote… | |
| CVE-2021-21151 | high | — | 8.0 | — | Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |
| CVE-2021-23999 | high | — | 8.0 | — | If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vul… | |
| CVE-2021-30516 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-43540 | high | — | 8.0 | — | WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects … | |
| CVE-2021-32679 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-30593 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-38009 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37974 | high | — | 8.0 | — | Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30532 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-38017 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21221 | high | — | 8.0 | — | Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HT… | |
| CVE-2021-22901 | high | — | 8.0 | — | curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use… | |
| CVE-2021-39909 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22226 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-32680 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-39897 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30592 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-29265 | high | — | 8.0 | — | An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race… | |
| CVE-2021-28477 | high | — | 8.0 | — | arbitrary code execution in code | |
| CVE-2021-22231 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-32725 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-30527 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-20179 | high | — | 8.0 | — | Important: pki-core:10.6 security update | |
| CVE-2021-32655 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-37972 | high | — | 8.0 | — | Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-29946 | high | — | 8.0 | — | Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox … | |
| CVE-2021-30509 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30535 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-28473 | high | — | 8.0 | — | arbitrary code execution in code | |
| CVE-2021-22237 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30507 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-28457 | high | — | 8.0 | — | arbitrary code execution in code | |
| CVE-2021-32726 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-39873 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-38002 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-29428 | high | — | 8.0 | — | In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds c… | |
| CVE-2021-26910 | high | — | 8.0 | — | Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation. | |
| CVE-2021-21215 | high | — | 8.0 | — | Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. | |
| CVE-2021-37959 | high | — | 8.0 | — | Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a craft… | |
| CVE-2021-30528 | high | — | 8.0 | — | Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their… | |
| CVE-2021-30573 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-29947 | high | — | 8.0 | — | Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… | |
| CVE-2021-22215 | high | — | 8.0 | — | information disclosure in gitlab | |
| CVE-2021-32765 | high | — | 8.0 | — | Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` proto… | |
| CVE-2021-32741 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-22224 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39902 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21232 | high | — | 8.0 | — | Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-22259 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-2306 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high p… | |
| CVE-2021-30508 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-22210 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21230 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30597 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30614 | high | — | 8.0 | — | Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip | |
| CVE-2021-38502 | high | — | 8.0 | — | Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the auth… | |
| CVE-2021-38015 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-4062 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30513 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39906 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-37968 | high | — | 8.0 | — | Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2021-21218 | high | — | 8.0 | — | Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |
| CVE-2021-37989 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39882 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-44879 | high | — | 8.0 | — | In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference. | |
| CVE-2021-32705 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-39914 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-37988 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30510 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30626 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-37990 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39905 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22915 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-30506 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-4055 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30555 | high | — | 8.0 | — | arbitrary code execution in chromium |