VIR Vulnerability Intelligence Relay

CVEs from 2021

5,047 normalized CVEs published or assigned in this year.

Total
5,047
critical
critical 273
high
high 972
medium
medium 1,144
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-2297 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high… archdebian
CVE-2021-2306 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-39945 high 8.0 multiple issues in gitlab arch
CVE-2021-22231 high 8.0 multiple issues in gitlab arch
CVE-2021-38502 high 8.0 Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the auth… archrockylinuxdebian
CVE-2021-37974 high 8.0 Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30513 high 8.0 multiple issues in chromium archdebian
CVE-2021-2145 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high… archdebian
CVE-2021-30519 high 8.0 multiple issues in chromium archdebian
CVE-2021-30506 high 8.0 multiple issues in chromium archdebian
CVE-2021-30622 high 8.0 Chromium: CVE-2021-30622 Use after free in WebApp Installs archdebian
CVE-2021-28375 high 8.0 An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85… archsusedebian
CVE-2021-30568 high 8.0 multiple issues in chromium archdebian
CVE-2021-30514 high 8.0 multiple issues in chromium archdebian
CVE-2021-39869 high 8.0 multiple issues in gitlab arch
CVE-2021-30524 high 8.0 multiple issues in chromium archdebian
CVE-2021-32305 high 8.0 arbitrary command execution in websvn arch
CVE-2021-0535 high 8.0 multiple issues in wpa_supplicant arch
CVE-2021-43908 high 8.0 multiple issues in code arch
CVE-2021-23960 high 8.0 Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, an… archsusedebian
CVE-2021-22224 high 8.0 multiple issues in gitlab arch
CVE-2021-39894 high 8.0 multiple issues in gitlab arch
CVE-2021-25742 high 8.0 information disclosure in kubectl-ingress-nginx arch
CVE-2021-21192 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-21230 high 8.0 Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-2126 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-21115 high 8.0 multiple issues in chromium archdebian
CVE-2021-21194 high 8.0 Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30569 high 8.0 multiple issues in chromium archdebian
CVE-2021-39905 high 8.0 multiple issues in gitlab arch
CVE-2021-39919 high 8.0 multiple issues in gitlab arch
CVE-2021-29477 high 8.0 Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using t… suserockylinuxdebian
CVE-2021-21109 high 8.0 multiple issues in chromium archdebian
CVE-2021-39890 high 8.0 multiple issues in gitlab arch
CVE-2021-2266 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-30522 high 8.0 multiple issues in chromium archdebian
CVE-2021-35545 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-29975 high 8.0 Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly… archsusedebian
CVE-2021-21107 high 8.0 multiple issues in chromium archdebian
CVE-2021-21191 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-39883 high 8.0 multiple issues in gitlab arch
CVE-2021-38371 high 8.0 The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. archdebian
CVE-2021-29956 high 8.0 OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those k… archsuserockylinuxdebian
CVE-2021-39874 high 8.0 multiple issues in gitlab arch
CVE-2021-23970 high 8.0 Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86. archsusedebian
CVE-2021-21216 high 8.0 Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. archdebian
CVE-2021-38500 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… archdebianrockylinux
CVE-2021-21195 high 8.0 Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21210 high 8.0 Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page. archdebian
CVE-2021-21156 high 8.0 Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script. archdebian
CVE-2021-22945 high 8.0 When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call t… archdebiansuse
CVE-2021-22225 high 8.0 multiple issues in gitlab arch
CVE-2021-37977 high 8.0 Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30607 high 8.0 Chromium: CVE-2021-30607 Use after free in Permissions archdebian
CVE-2021-21108 high 8.0 multiple issues in chromium archdebian
CVE-2021-3781 high 8.0 A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document… archsusedebian
CVE-2021-26434 high 8.0 multiple issues in code arch
CVE-2021-30572 high 8.0 multiple issues in chromium archdebian
CVE-2021-30571 high 8.0 multiple issues in chromium archdebian
CVE-2021-30573 high 8.0 multiple issues in chromium archdebian
CVE-2021-21188 high 8.0 Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21261 high 8.0 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to exec… archsusedebian
CVE-2021-22226 high 8.0 multiple issues in gitlab arch
CVE-2021-30579 high 8.0 multiple issues in chromium archdebian
CVE-2021-30581 high 8.0 multiple issues in chromium archdebian
CVE-2021-30606 high 8.0 Chromium: CVE-2021-30606 Use after free in Blink archdebian
CVE-2021-21151 high 8.0 Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. archdebian
CVE-2021-21154 high 8.0 Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML… archdebian
CVE-2021-23999 high 8.0 If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vul… archsusedebian
CVE-2021-21161 high 8.0 Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-29991 high 8.0 Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affect… archsusedebian
CVE-2021-39868 high 8.0 multiple issues in gitlab arch
CVE-2021-21223 high 8.0 multiple issues in chromium archdebian
CVE-2021-3446 high 8.0 A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain s… archsusedebian
CVE-2021-38498 high 8.0 During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Fire… archsusedebianrockylinux
CVE-2021-23964 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… archsusedebian
CVE-2021-30542 high 8.0 multiple issues in chromium archdebian
CVE-2021-32679 high 8.0 multiple issues in nextcloud arch
CVE-2021-21175 high 8.0 Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-38497 high 8.0 Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerabil… archsusedebianrockylinux
CVE-2021-30616 high 8.0 Chromium: CVE-2021-30616 Use after free in Media archdebian
CVE-2021-39897 high 8.0 multiple issues in gitlab arch
CVE-2021-32917 high 8.0 An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use … archdebian
CVE-2021-38575 high 8.0 Important: edk2 security update archdebiansuserockylinux
CVE-2021-29990 high 8.0 Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… archsusedebian
CVE-2021-39888 high 8.0 multiple issues in gitlab arch
CVE-2021-29981 high 8.0 An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulner… archsusedebian
CVE-2021-32918 high 8.0 An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.… archdebian
CVE-2021-29976 high 8.0 Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort s… archsusedebianrockylinux
CVE-2021-39867 high 8.0 multiple issues in gitlab arch
CVE-2021-2442 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-37960 high 8.0 multiple issues in chromium arch
CVE-2021-32678 high 8.0 multiple issues in nextcloud arch
CVE-2021-32919 high 8.0 An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not co… archdebian
CVE-2021-33833 high 8.0 ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA). archdebiansuse
CVE-2021-21225 high 8.0 multiple issues in chromium archdebian
CVE-2021-22223 high 8.0 multiple issues in gitlab arch
CVE-2021-39911 high 8.0 multiple issues in gitlab arch
CVE-2021-29966 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2021-21226 high 8.0 multiple issues in chromium archdebian