VIR Vulnerability Intelligence Relay

CVEs from 2021

5,048 normalized CVEs published or assigned in this year.

Total
5,048
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-37956 high 8.0 Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted… archdebian
CVE-2021-30581 high 8.0 multiple issues in chromium archdebian
CVE-2021-30631 high 8.0 arbitrary code execution in chromium arch
CVE-2021-22219 high 8.0 multiple issues in gitlab arch
CVE-2021-32688 high 8.0 multiple issues in nextcloud arch
CVE-2021-32705 high 8.0 multiple issues in nextcloud arch
CVE-2021-29960 high 8.0 Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined … archdebian
CVE-2021-39911 high 8.0 multiple issues in gitlab arch
CVE-2021-21214 high 8.0 Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. archdebian
CVE-2021-29959 high 8.0 When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only… archdebian
CVE-2021-39895 high 8.0 multiple issues in gitlab arch
CVE-2021-22223 high 8.0 multiple issues in gitlab arch
CVE-2021-39901 high 8.0 multiple issues in gitlab arch
CVE-2021-21190 high 8.0 Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. archdebian
CVE-2021-29962 high 8.0 Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnera… archdebian
CVE-2021-39944 high 8.0 multiple issues in gitlab arch
CVE-2021-29961 high 8.0 When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89. archdebian
CVE-2021-39904 high 8.0 multiple issues in gitlab arch
CVE-2021-38499 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2021-29963 high 8.0 Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnera… archdebian
CVE-2021-30616 high 8.0 Chromium: CVE-2021-30616 Use after free in Media archdebian
CVE-2021-30609 high 8.0 Chromium: CVE-2021-30609 Use after free in Sign-In archdebian
CVE-2021-29966 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2021-39940 high 8.0 multiple issues in gitlab arch
CVE-2021-23986 high 8.0 A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read… archsusedebian
CVE-2021-39907 high 8.0 multiple issues in gitlab arch
CVE-2021-24000 high 8.0 A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements… archsusedebian
CVE-2021-22216 high 8.0 multiple issues in gitlab arch
CVE-2021-22225 high 8.0 multiple issues in gitlab arch
CVE-2021-30618 high 8.0 Chromium: CVE-2021-30618 Inappropriate implementation in DevTools archdebian
CVE-2021-29971 high 8.0 If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects … archdebian
CVE-2021-39937 high 8.0 multiple issues in gitlab arch
CVE-2021-21170 high 8.0 Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted … archdebian
CVE-2021-21215 high 8.0 Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. archdebian
CVE-2021-29973 high 8.0 Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user's password would be ente… archdebian
CVE-2021-25216 high 8.0 In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of t… debianarchsuse
CVE-2021-37960 high 8.0 multiple issues in chromium arch
CVE-2021-22167 high 8.0 multiple issues in gitlab arch
CVE-2021-37961 high 8.0 Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21150 high 8.0 Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted… archdebian
CVE-2021-39875 high 8.0 multiple issues in gitlab arch
CVE-2021-21216 high 8.0 Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. archdebian
CVE-2021-41387 high 8.0 seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root. archdebian
CVE-2021-29982 high 8.0 Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 an… archdebian
CVE-2021-42327 high 8.0 dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to th… archsusedebian
CVE-2021-30628 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-26925 high 8.0 Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering. archdebian
CVE-2021-21156 high 8.0 Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script. archdebian
CVE-2021-30629 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-22239 high 8.0 multiple issues in gitlab arch
CVE-2021-22213 high 8.0 multiple issues in gitlab arch
CVE-2021-21212 high 8.0 Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP. archdebian
CVE-2021-28457 high 8.0 arbitrary code execution in code arch
CVE-2021-32741 high 8.0 multiple issues in nextcloud arch
CVE-2021-39879 high 8.0 multiple issues in gitlab arch
CVE-2021-3405 high 8.0 A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml. archdebian
CVE-2021-37979 high 8.0 heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a craf… archdebian
CVE-2021-21162 high 8.0 Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-22181 high 8.0 multiple issues in gitlab arch
CVE-2021-21231 high 8.0 Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-1052 high 8.0 multiple issues in nvidia-utils archsusedebian
CVE-2021-22236 high 8.0 multiple issues in gitlab arch
CVE-2021-28471 high 8.0 arbitrary code execution in code arch
CVE-2021-21164 high 8.0 Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-1053 high 8.0 multiple issues in nvidia-utils archsusedebian
CVE-2021-22168 high 8.0 multiple issues in gitlab arch
CVE-2021-39866 high 8.0 multiple issues in gitlab arch
CVE-2021-28473 high 8.0 arbitrary code execution in code arch
CVE-2021-28660 high 8.0 rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org rele… archsusedebian
CVE-2021-39883 high 8.0 multiple issues in gitlab arch
CVE-2021-43534 high 8.0 Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enoug… debianrockylinux
CVE-2021-39934 high 8.0 multiple issues in gitlab arch
CVE-2021-39175 high 8.0 cross-site scripting in hedgedoc arch
CVE-2021-29462 high 8.0 The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because… archdebian
CVE-2021-21107 high 8.0 multiple issues in chromium archdebian
CVE-2021-21108 high 8.0 multiple issues in chromium archdebian
CVE-2021-21189 high 8.0 Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. archdebian
CVE-2021-21172 high 8.0 Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. archdebian
CVE-2021-38385 high 8.0 Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-00… archdebian
CVE-2021-22215 high 8.0 information disclosure in gitlab arch
CVE-2021-21109 high 8.0 multiple issues in chromium archdebian
CVE-2021-21173 high 8.0 Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-21174 high 8.0 Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. archdebian
CVE-2021-39896 high 8.0 multiple issues in gitlab arch
CVE-2021-21110 high 8.0 multiple issues in chromium archdebian
CVE-2021-29947 high 8.0 Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… archsusedebian
CVE-2021-39891 high 8.0 multiple issues in gitlab arch
CVE-2021-21205 high 8.0 Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. archdebian
CVE-2021-22214 high 8.0 multiple issues in gitlab arch
CVE-2021-39885 high 8.0 multiple issues in gitlab arch
CVE-2021-21201 high 8.0 Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. archdebian
CVE-2021-22230 high 8.0 multiple issues in gitlab arch
CVE-2021-32733 high 8.0 multiple issues in nextcloud arch
CVE-2021-21185 high 8.0 Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a cr… archdebian
CVE-2021-32703 high 8.0 multiple issues in nextcloud arch
CVE-2021-28475 high 8.0 arbitrary code execution in code arch
CVE-2021-21187 high 8.0 Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. archdebian
CVE-2021-4064 high 8.0 multiple issues in chromium archdebian
CVE-2021-29972 high 8.0 A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilit… archsusedebian
CVE-2021-22231 high 8.0 multiple issues in gitlab arch