CVEs from 2021
Total
6,232
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
4.4%
% with KEV
3.4%
% with exploit
3.4%
Top products
- office 13
- 365_apps 6
- office_long_term_servicing_channel 6
- library_automation_system 5
- single_connect 4
- http_server 3
- solidfire 2
- student_information_management_system 2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2021-29967 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… | |
| CVE-2021-21223 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21111 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37989 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-23972 | high | — | 8.0 | — | One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishingtarget.com@evil.com'. To mitigate this type of attack, Firefox will display a warning dialog; howe… | |
| CVE-2021-29982 | high | — | 8.0 | — | Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 an… | |
| CVE-2021-2264 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows low pr… | |
| CVE-2021-30531 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-32778 | high | — | 8.0 | — | multiple issues in istio | |
| CVE-2021-38496 | high | — | 8.0 | — | During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbir… | |
| CVE-2021-38500 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |
| CVE-2021-4129 | high | — | 8.0 | — | Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of t… | |
| CVE-2021-43534 | high | — | 8.0 | — | Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enoug… | |
| CVE-2021-43535 | high | — | 8.0 | — | A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firef… | |
| CVE-2021-37983 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-41259 | high | — | 8.0 | — | multiple issues in nim | |
| CVE-2021-21115 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37987 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-36377 | high | — | 8.0 | — | Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. | |
| CVE-2021-30581 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21106 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-32749 | high | — | 8.0 | — | fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to poss… | |
| CVE-2021-30526 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39904 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39882 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22166 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22167 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-37977 | high | — | 8.0 | — | Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30598 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |
| CVE-2021-30599 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |
| CVE-2021-30602 | high | — | 8.0 | — | Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30600 | high | — | 8.0 | — | Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30601 | high | — | 8.0 | — | Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted… | |
| CVE-2021-30604 | high | — | 8.0 | — | Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30603 | high | — | 8.0 | — | Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30607 | high | — | 8.0 | — | Chromium: CVE-2021-30607 Use after free in Permissions | |
| CVE-2021-30606 | high | — | 8.0 | — | Chromium: CVE-2021-30606 Use after free in Blink | |
| CVE-2021-30613 | high | — | 8.0 | — | Chromium: CVE-2021-30613 Use after free in Base internals | |
| CVE-2021-30612 | high | — | 8.0 | — | Chromium: CVE-2021-30612 Use after free in WebRTC | |
| CVE-2021-30614 | high | — | 8.0 | — | Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip | |
| CVE-2021-30616 | high | — | 8.0 | — | Chromium: CVE-2021-30616 Use after free in Media | |
| CVE-2021-30617 | high | — | 8.0 | — | Chromium: CVE-2021-30617 Policy bypass in Blink | |
| CVE-2021-30619 | high | — | 8.0 | — | Chromium: CVE-2021-30619 UI Spoofing in Autofill | |
| CVE-2021-30620 | high | — | 8.0 | — | Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink | |
| CVE-2021-30622 | high | — | 8.0 | — | Chromium: CVE-2021-30622 Use after free in WebApp Installs | |
| CVE-2021-30623 | high | — | 8.0 | — | Chromium: CVE-2021-30623 Use after free in Bookmarks | |
| CVE-2021-30624 | high | — | 8.0 | — | Chromium: CVE-2021-30624 Use after free in Autofill | |
| CVE-2021-39881 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39868 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39877 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39870 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30627 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-39889 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30628 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-30629 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-37957 | high | — | 8.0 | — | Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-37956 | high | — | 8.0 | — | Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted… | |
| CVE-2021-37958 | high | — | 8.0 | — | Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. | |
| CVE-2021-37959 | high | — | 8.0 | — | Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a craft… | |
| CVE-2021-37961 | high | — | 8.0 | — | Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-21213 | high | — | 8.0 | — | Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-21217 | high | — | 8.0 | — | Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |
| CVE-2021-30578 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-1055 | high | — | 8.0 | — | multiple issues in nvidia-utils | |
| CVE-2021-39884 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21227 | high | — | 8.0 | — | Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-21229 | high | — | 8.0 | — | Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |
| CVE-2021-21228 | high | — | 8.0 | — | Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a … | |
| CVE-2021-32765 | high | — | 8.0 | — | Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` proto… | |
| CVE-2021-21230 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30618 | high | — | 8.0 | — | Chromium: CVE-2021-30618 Inappropriate implementation in DevTools | |
| CVE-2021-21233 | high | — | 8.0 | — | Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-21232 | high | — | 8.0 | — | Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30521 | high | — | 8.0 | — | Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | |
| CVE-2021-30508 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37968 | high | — | 8.0 | — | Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2021-21150 | high | — | 8.0 | — | Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted… | |
| CVE-2021-37980 | high | — | 8.0 | — | Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. | |
| CVE-2021-39912 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39913 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39934 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39936 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39933 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39932 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39931 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39917 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21212 | high | — | 8.0 | — | Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP. | |
| CVE-2021-42322 | high | — | 8.0 | — | multiple issues in code | |
| CVE-2021-39941 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39915 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39945 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39906 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39897 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39909 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39898 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39905 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39895 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39907 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39903 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-20179 | high | — | 8.0 | — | Important: pki-core:10.6 security update |