VIR Vulnerability Intelligence Relay

CVEs from 2021

5,047 normalized CVEs published or assigned in this year.

Total
5,047
critical
critical 273
high
high 972
medium
medium 1,144
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-21205 high 8.0 Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. archdebian
CVE-2021-4055 high 8.0 multiple issues in chromium archdebian
CVE-2021-30623 high 8.0 Chromium: CVE-2021-30623 Use after free in Bookmarks archdebian
CVE-2021-30620 high 8.0 Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink archdebian
CVE-2021-30585 high 8.0 multiple issues in chromium archdebian
CVE-2021-4054 high 8.0 multiple issues in chromium archdebian
CVE-2021-21154 high 8.0 Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML… archdebian
CVE-2021-21157 high 8.0 Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30619 high 8.0 Chromium: CVE-2021-30619 UI Spoofing in Autofill archdebian
CVE-2021-30617 high 8.0 Chromium: CVE-2021-30617 Policy bypass in Blink archdebian
CVE-2021-21174 high 8.0 Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. archdebian
CVE-2021-30616 high 8.0 Chromium: CVE-2021-30616 Use after free in Media archdebian
CVE-2021-30614 high 8.0 Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip archdebian
CVE-2021-21173 high 8.0 Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-30588 high 8.0 multiple issues in chromium archdebian
CVE-2021-30622 high 8.0 Chromium: CVE-2021-30622 Use after free in WebApp Installs archdebian
CVE-2021-30612 high 8.0 Chromium: CVE-2021-30612 Use after free in WebRTC archdebian
CVE-2021-30624 high 8.0 Chromium: CVE-2021-30624 Use after free in Autofill archdebian
CVE-2021-39881 high 8.0 multiple issues in gitlab arch
CVE-2021-39868 high 8.0 multiple issues in gitlab arch
CVE-2021-39877 high 8.0 multiple issues in gitlab arch
CVE-2021-39870 high 8.0 multiple issues in gitlab arch
CVE-2021-30613 high 8.0 Chromium: CVE-2021-30613 Use after free in Base internals archdebian
CVE-2021-30606 high 8.0 Chromium: CVE-2021-30606 Use after free in Blink archdebian
CVE-2021-30628 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30629 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-37957 high 8.0 Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-37956 high 8.0 Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted… archdebian
CVE-2021-37958 high 8.0 Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. archdebian
CVE-2021-37959 high 8.0 Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a craft… archdebian
CVE-2021-30607 high 8.0 Chromium: CVE-2021-30607 Use after free in Permissions archdebian
CVE-2021-21213 high 8.0 Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21217 high 8.0 Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. archdebian
CVE-2021-1055 high 8.0 multiple issues in nvidia-utils arch
CVE-2021-39884 high 8.0 multiple issues in gitlab arch
CVE-2021-21227 high 8.0 Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21229 high 8.0 Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. archdebian
CVE-2021-30573 high 8.0 multiple issues in chromium archdebian
CVE-2021-30590 high 8.0 multiple issues in chromium archdebian
CVE-2021-32765 high 8.0 Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` proto… archdebian
CVE-2021-4056 high 8.0 multiple issues in chromium archdebian
CVE-2021-21233 high 8.0 Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21232 high 8.0 Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30521 high 8.0 Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. archdebian
CVE-2021-30508 high 8.0 multiple issues in chromium archdebian
CVE-2021-37968 high 8.0 Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-28375 high 8.0 An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85… archsusedebian
CVE-2021-37980 high 8.0 Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. archdebian
CVE-2021-39912 high 8.0 multiple issues in gitlab arch
CVE-2021-39913 high 8.0 multiple issues in gitlab arch
CVE-2021-39934 high 8.0 multiple issues in gitlab arch
CVE-2021-39936 high 8.0 multiple issues in gitlab arch
CVE-2021-30603 high 8.0 Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-39932 high 8.0 multiple issues in gitlab arch
CVE-2021-39931 high 8.0 multiple issues in gitlab arch
CVE-2021-39917 high 8.0 multiple issues in gitlab arch
CVE-2021-42322 high 8.0 multiple issues in code arch
CVE-2021-21214 high 8.0 Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. archdebian
CVE-2021-39941 high 8.0 multiple issues in gitlab arch
CVE-2021-39915 high 8.0 multiple issues in gitlab arch
CVE-2021-39945 high 8.0 multiple issues in gitlab arch
CVE-2021-39906 high 8.0 multiple issues in gitlab arch
CVE-2021-30604 high 8.0 Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-39909 high 8.0 multiple issues in gitlab arch
CVE-2021-21172 high 8.0 Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. archdebian
CVE-2021-39905 high 8.0 multiple issues in gitlab arch
CVE-2021-30601 high 8.0 Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted… archdebian
CVE-2021-39907 high 8.0 multiple issues in gitlab arch
CVE-2021-30600 high 8.0 Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-39902 high 8.0 multiple issues in gitlab arch
CVE-2021-30591 high 8.0 multiple issues in chromium archdebian
CVE-2021-41524 high 8.0 multiple issues in apache debianarch
CVE-2021-38008 high 8.0 multiple issues in chromium archdebian
CVE-2021-39873 high 8.0 multiple issues in gitlab arch
CVE-2021-30602 high 8.0 Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-39891 high 8.0 multiple issues in gitlab arch
CVE-2021-30599 high 8.0 Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. archdebian
CVE-2021-39886 high 8.0 multiple issues in gitlab arch
CVE-2021-29462 high 8.0 The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because… archdebian
CVE-2021-30598 high 8.0 Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. archdebian
CVE-2021-30592 high 8.0 multiple issues in chromium archdebian
CVE-2021-39878 high 8.0 multiple issues in gitlab arch
CVE-2021-42327 high 8.0 dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to th… archsusedebian
CVE-2021-39866 high 8.0 multiple issues in gitlab arch
CVE-2021-38010 high 8.0 multiple issues in chromium archdebian
CVE-2021-26434 high 8.0 multiple issues in code arch
CVE-2021-41387 high 8.0 seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root. archdebian
CVE-2021-39175 high 8.0 cross-site scripting in hedgedoc arch
CVE-2021-32777 high 8.0 multiple issues in istio arch
CVE-2021-30631 high 8.0 arbitrary code execution in chromium arch
CVE-2021-22216 high 8.0 multiple issues in gitlab arch
CVE-2021-22213 high 8.0 multiple issues in gitlab arch
CVE-2021-32654 high 8.0 multiple issues in nextcloud arch
CVE-2021-22220 high 8.0 multiple issues in gitlab arch
CVE-2021-22221 high 8.0 multiple issues in gitlab arch
CVE-2021-22218 high 8.0 multiple issues in gitlab arch
CVE-2021-22214 high 8.0 multiple issues in gitlab arch
CVE-2021-32778 high 8.0 multiple issues in istio arch
CVE-2021-37977 high 8.0 Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-22167 high 8.0 multiple issues in gitlab arch