CVEs from 2021
Total
5,047
critical
critical 273
high
high 972
medium
medium 1,144
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%
Top products
- office 13
- 365_apps 6
- office_long_term_servicing_channel 6
- library_automation_system 5
- single_connect 4
- http_server 3
- solidfire 2
- student_information_management_system 2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2021-29265 | high | — | 8.0 | — | An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race… | |
| CVE-2021-20179 | high | — | 8.0 | — | Important: pki-core:10.6 security update | |
| CVE-2021-35560 | high | — | 8.0 | — | Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated att… | |
| CVE-2021-2283 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… | |
| CVE-2021-4076 | high | — | 8.0 | — | A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys. | |
| CVE-2021-37970 | high | — | 8.0 | — | Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-21204 | high | — | 8.0 | — | Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-37965 | high | — | 8.0 | — | Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2021-22208 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22211 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-29503 | high | — | 8.0 | — | cross-site scripting in hedgedoc | |
| CVE-2021-32305 | high | — | 8.0 | — | arbitrary command execution in websvn | |
| CVE-2021-22236 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-38494 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2021-22219 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-32778 | high | — | 8.0 | — | multiple issues in istio | |
| CVE-2021-22214 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22218 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22221 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22220 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-32654 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-22213 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-22216 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30631 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-32777 | high | — | 8.0 | — | multiple issues in istio | |
| CVE-2021-39175 | high | — | 8.0 | — | cross-site scripting in hedgedoc | |
| CVE-2021-41387 | high | — | 8.0 | — | seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root. | |
| CVE-2021-26434 | high | — | 8.0 | — | multiple issues in code | |
| CVE-2021-39883 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39866 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39874 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39945 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39915 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39941 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-42322 | high | — | 8.0 | — | multiple issues in code | |
| CVE-2021-39917 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39931 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39932 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39933 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39936 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39934 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30521 | high | — | 8.0 | — | Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | |
| CVE-2021-21230 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-32765 | high | — | 8.0 | — | Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` proto… | |
| CVE-2021-39882 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-36377 | high | — | 8.0 | — | Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. | |
| CVE-2021-38500 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |
| CVE-2021-23999 | high | — | 8.0 | — | If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vul… | |
| CVE-2021-29967 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… | |
| CVE-2021-29477 | high | — | 8.0 | — | Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using t… | |
| CVE-2021-21170 | high | — | 8.0 | — | Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted … | |
| CVE-2021-1053 | high | — | 8.0 | — | multiple issues in nvidia-utils | |
| CVE-2021-25215 | high | — | 8.0 | — | Important: bind security update | |
| CVE-2021-3551 | high | — | 8.0 | — | Important: pki-core:10.6 security update | |
| CVE-2021-25216 | high | — | 8.0 | — | In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of t… | |
| CVE-2021-28475 | high | — | 8.0 | — | arbitrary code execution in code | |
| CVE-2021-22239 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21207 | high | — | 8.0 | — | Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chro… | |
| CVE-2021-21202 | high | — | 8.0 | — | Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chr… | |
| CVE-2021-36740 | high | — | 8.0 | — | Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, a… | |
| CVE-2021-21196 | high | — | 8.0 | — | Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-39944 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39940 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-36952 | high | — | 8.0 | — | multiple issues in code | |
| CVE-2021-21187 | high | — | 8.0 | — | Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |
| CVE-2021-22945 | high | — | 8.0 | — | When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call t… | |
| CVE-2021-22890 | high | — | 8.0 | — | curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.… | |
| CVE-2021-23970 | high | — | 8.0 | — | Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86. | |
| CVE-2021-21205 | high | — | 8.0 | — | Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |
| CVE-2021-32751 | high | — | 8.0 | — | Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code e… | |
| CVE-2021-21172 | high | — | 8.0 | — | Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | |
| CVE-2021-21168 | high | — | 8.0 | — | Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |
| CVE-2021-21164 | high | — | 8.0 | — | Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2021-21212 | high | — | 8.0 | — | Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP. | |
| CVE-2021-21153 | high | — | 8.0 | — | Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |
| CVE-2021-21107 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21108 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21109 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21110 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21112 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21113 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21106 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21114 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-29976 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort s… | |
| CVE-2021-29981 | high | — | 8.0 | — | An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulner… | |
| CVE-2021-38497 | high | — | 8.0 | — | Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerabil… | |
| CVE-2021-38498 | high | — | 8.0 | — | During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Fire… | |
| CVE-2021-21115 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21191 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-21116 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21192 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-21222 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21111 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21223 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21225 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21226 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-23979 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2021-23986 | high | — | 8.0 | — | A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read… | |
| CVE-2021-24000 | high | — | 8.0 | — | A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements… | |
| CVE-2021-4064 | high | — | 8.0 | — | multiple issues in chromium |