VIR Vulnerability Intelligence Relay

CVEs from 2021

6,087 normalized CVEs published or assigned in this year.

Total
6,087
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
4.5%
% with KEV
3.5%
% with exploit
3.5%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-22237 high 8.0 multiple issues in gitlab arch
CVE-2021-32921 high 8.0 An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a… archdebian
CVE-2021-38020 high 8.0 multiple issues in chromium archdebian
CVE-2021-22171 high 8.0 multiple issues in gitlab arch
CVE-2021-23981 high 8.0 A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information lea… archsusedebian
CVE-2021-37981 high 8.0 multiple issues in chromium archdebian
CVE-2021-32920 high 8.0 Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests. archdebian
CVE-2021-20179 high 8.0 Important: pki-core:10.6 security update debianrockylinux
CVE-2021-22213 high 8.0 multiple issues in gitlab arch
CVE-2021-37960 high 8.0 multiple issues in chromium arch
CVE-2021-23964 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… archsusedebian
CVE-2021-22232 high 8.0 multiple issues in gitlab arch
CVE-2021-32725 high 8.0 multiple issues in nextcloud arch
CVE-2021-21180 high 8.0 Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21181 high 8.0 Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. archdebian
CVE-2021-30539 high 8.0 multiple issues in chromium archdebian
CVE-2021-28473 high 8.0 arbitrary code execution in code arch
CVE-2021-37968 high 8.0 Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-21197 high 8.0 Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21210 high 8.0 Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page. archdebian
CVE-2021-30534 high 8.0 multiple issues in chromium archdebian
CVE-2021-32765 high 8.0 Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` proto… archdebian
CVE-2021-29265 high 8.0 An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race… archsusedebian
CVE-2021-4059 high 8.0 multiple issues in chromium archdebian
CVE-2021-22216 high 8.0 multiple issues in gitlab arch
CVE-2021-39866 high 8.0 multiple issues in gitlab arch
CVE-2021-37982 high 8.0 multiple issues in chromium archdebian
CVE-2021-30631 high 8.0 arbitrary code execution in chromium arch
CVE-2021-32777 high 8.0 multiple issues in istio arch
CVE-2021-26434 high 8.0 multiple issues in code arch
CVE-2021-39175 high 8.0 cross-site scripting in hedgedoc arch
CVE-2021-4064 high 8.0 multiple issues in chromium archdebian
CVE-2021-32653 high 8.0 multiple issues in nextcloud arch
CVE-2021-32654 high 8.0 multiple issues in nextcloud arch
CVE-2021-22220 high 8.0 multiple issues in gitlab arch
CVE-2021-22214 high 8.0 multiple issues in gitlab arch
CVE-2021-22218 high 8.0 multiple issues in gitlab arch
CVE-2021-32778 high 8.0 multiple issues in istio arch
CVE-2021-38494 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2021-28469 high 8.0 arbitrary code execution in code arch
CVE-2021-22224 high 8.0 multiple issues in gitlab arch
CVE-2021-22227 high 8.0 multiple issues in gitlab arch
CVE-2021-29964 high 8.0 A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operat… archdebian
CVE-2021-2409 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-24001 high 8.0 A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. … archdebian
CVE-2021-32726 high 8.0 multiple issues in nextcloud arch
CVE-2021-2321 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-32917 high 8.0 An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use … archdebian
CVE-2021-35538 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows low pr… archdebian
CVE-2021-22228 high 8.0 multiple issues in gitlab arch
CVE-2021-32703 high 8.0 multiple issues in nextcloud arch
CVE-2021-35542 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-37972 high 8.0 Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-37974 high 8.0 Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30610 high 8.0 Chromium: CVE-2021-30610 Use after free in Extensions API archdebian
CVE-2021-29974 high 8.0 When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Stric… archsusedebian
CVE-2021-30532 high 8.0 multiple issues in chromium archdebian
CVE-2021-37977 high 8.0 Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-39914 high 8.0 multiple issues in gitlab arch
CVE-2021-37984 high 8.0 multiple issues in chromium archdebian
CVE-2021-4065 high 8.0 multiple issues in chromium archdebian
CVE-2021-39915 high 8.0 multiple issues in gitlab arch
CVE-2021-39931 high 8.0 multiple issues in gitlab arch
CVE-2021-30565 high 8.0 multiple issues in chromium archdebian
CVE-2021-37986 high 8.0 multiple issues in chromium archdebian
CVE-2021-32733 high 8.0 multiple issues in nextcloud arch
CVE-2021-41524 high 8.0 multiple issues in apache debianarch
CVE-2021-39891 high 8.0 multiple issues in gitlab arch
CVE-2021-4067 high 8.0 multiple issues in chromium archdebian
CVE-2021-21168 high 8.0 Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. archdebian
CVE-2021-22225 high 8.0 multiple issues in gitlab arch
CVE-2021-21199 high 8.0 Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pa… archdebian
CVE-2021-30594 high 8.0 multiple issues in chromium archdebian
CVE-2021-30575 high 8.0 multiple issues in chromium archdebian
CVE-2021-39905 high 8.0 multiple issues in gitlab arch
CVE-2021-21171 high 8.0 Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. archdebian
CVE-2021-30627 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-29462 high 8.0 The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because… archdebian
CVE-2021-30593 high 8.0 multiple issues in chromium archdebian
CVE-2021-21201 high 8.0 Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. archdebian
CVE-2021-21187 high 8.0 Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. archdebian
CVE-2021-30578 high 8.0 multiple issues in chromium archdebian
CVE-2021-4057 high 8.0 multiple issues in chromium archdebian
CVE-2021-30574 high 8.0 multiple issues in chromium archdebian
CVE-2021-21231 high 8.0 Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30626 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-39936 high 8.0 multiple issues in gitlab arch
CVE-2021-21190 high 8.0 Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. archdebian
CVE-2021-30596 high 8.0 multiple issues in chromium archdebian
CVE-2021-30597 high 8.0 multiple issues in chromium archdebian
CVE-2021-39945 high 8.0 multiple issues in gitlab arch
CVE-2021-30592 high 8.0 multiple issues in chromium archdebian
CVE-2021-39875 high 8.0 multiple issues in gitlab arch
CVE-2021-4063 high 8.0 multiple issues in chromium archdebian
CVE-2021-42322 high 8.0 multiple issues in code arch
CVE-2021-30591 high 8.0 multiple issues in chromium archdebian
CVE-2021-4058 high 8.0 multiple issues in chromium archdebian
CVE-2021-30590 high 8.0 multiple issues in chromium archdebian
CVE-2021-39906 high 8.0 multiple issues in gitlab arch
CVE-2021-30588 high 8.0 multiple issues in chromium archdebian