CVEs from 2021
Total
6,087
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
4.5%
% with KEV
3.5%
% with exploit
3.5%
Top products
- office 13
- 365_apps 6
- office_long_term_servicing_channel 6
- library_automation_system 5
- single_connect 4
- http_server 3
- solidfire 2
- student_information_management_system 2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2021-21222 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39945 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22915 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-37981 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39911 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39901 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21116 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37987 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39896 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39900 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21115 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39867 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22259 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39885 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-23965 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2021-22215 | high | — | 8.0 | — | information disclosure in gitlab | |
| CVE-2021-21113 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-22239 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30510 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-28475 | high | — | 8.0 | — | arbitrary code execution in code | |
| CVE-2021-32679 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-32657 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-22209 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22210 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21108 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37985 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21107 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-4061 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37982 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-22171 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22168 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-1051 | high | — | 8.0 | — | multiple issues in nvidia-utils | |
| CVE-2021-29971 | high | — | 8.0 | — | If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects … | |
| CVE-2021-39868 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30594 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-29961 | high | — | 8.0 | — | When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89. | |
| CVE-2021-38022 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-2264 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows low pr… | |
| CVE-2021-30575 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21227 | high | — | 8.0 | — | Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-1055 | high | — | 8.0 | — | multiple issues in nvidia-utils | |
| CVE-2021-39904 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30627 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-38013 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-26925 | high | — | 8.0 | — | Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering. | |
| CVE-2021-21170 | high | — | 8.0 | — | Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted … | |
| CVE-2021-30593 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37956 | high | — | 8.0 | — | Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted… | |
| CVE-2021-21228 | high | — | 8.0 | — | Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a … | |
| CVE-2021-28471 | high | — | 8.0 | — | arbitrary code execution in code | |
| CVE-2021-30589 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-29973 | high | — | 8.0 | — | Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user's password would be ente… | |
| CVE-2021-38008 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-38500 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |
| CVE-2021-30578 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-32765 | high | — | 8.0 | — | Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` proto… | |
| CVE-2021-39889 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39905 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30574 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-3557 | high | — | 8.0 | — | information disclosure in argocd | |
| CVE-2021-4056 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30613 | high | — | 8.0 | — | Chromium: CVE-2021-30613 Use after free in Base internals | |
| CVE-2021-30626 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-43534 | high | — | 8.0 | — | Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enoug… | |
| CVE-2021-30600 | high | — | 8.0 | — | Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-37968 | high | — | 8.0 | — | Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2021-30596 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21217 | high | — | 8.0 | — | Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |
| CVE-2021-4054 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37958 | high | — | 8.0 | — | Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. | |
| CVE-2021-30597 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-4093 | high | — | 8.0 | — | A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host ker… | |
| CVE-2021-30628 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-30581 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30592 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37959 | high | — | 8.0 | — | Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a craft… | |
| CVE-2021-4055 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-20247 | high | — | 8.0 | — | A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailb… | |
| CVE-2021-30591 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30623 | high | — | 8.0 | — | Chromium: CVE-2021-30623 Use after free in Bookmarks | |
| CVE-2021-30608 | high | — | 8.0 | — | Chromium: CVE-2021-30608 Use after free in Web Share | |
| CVE-2021-30598 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |
| CVE-2021-21190 | high | — | 8.0 | — | Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |
| CVE-2021-32777 | high | — | 8.0 | — | multiple issues in istio | |
| CVE-2021-29963 | high | — | 8.0 | — | Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnera… | |
| CVE-2021-30604 | high | — | 8.0 | — | Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30609 | high | — | 8.0 | — | Chromium: CVE-2021-30609 Use after free in Sign-In | |
| CVE-2021-30531 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30590 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30631 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-21230 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-3551 | high | — | 8.0 | — | Important: pki-core:10.6 security update | |
| CVE-2021-25215 | high | — | 8.0 | — | Important: bind security update | |
| CVE-2021-38019 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30585 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39917 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-41611 | high | — | 8.0 | — | An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem all… | |
| CVE-2021-3405 | high | — | 8.0 | — | A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml. | |
| CVE-2021-30576 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37994 | high | — | 8.0 | — | multiple issues in chromium |