VIR Vulnerability Intelligence Relay

CVEs from 2021

6,087 normalized CVEs published or assigned in this year.

Total
6,087
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
4.5%
% with KEV
3.5%
% with exploit
3.5%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-39915 high 8.0 multiple issues in gitlab arch
CVE-2021-4066 high 8.0 multiple issues in chromium archdebian
CVE-2021-39906 high 8.0 multiple issues in gitlab arch
CVE-2021-3557 high 8.0 information disclosure in argocd arch
CVE-2021-32305 high 8.0 arbitrary command execution in websvn arch
CVE-2021-30535 high 8.0 multiple issues in chromium archdebian
CVE-2021-39905 high 8.0 multiple issues in gitlab arch
CVE-2021-39895 high 8.0 multiple issues in gitlab arch
CVE-2021-39934 high 8.0 multiple issues in gitlab arch
CVE-2021-30575 high 8.0 multiple issues in chromium archdebian
CVE-2021-38300 high 8.0 arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel co… archdebian
CVE-2021-32765 high 8.0 Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` proto… archdebian
CVE-2021-4067 high 8.0 multiple issues in chromium archdebian
CVE-2021-30600 high 8.0 Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-39903 high 8.0 multiple issues in gitlab arch
CVE-2021-39902 high 8.0 multiple issues in gitlab arch
CVE-2021-20247 high 8.0 A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailb… archdebian
CVE-2021-30627 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30593 high 8.0 multiple issues in chromium archdebian
CVE-2021-4062 high 8.0 multiple issues in chromium archdebian
CVE-2021-30608 high 8.0 Chromium: CVE-2021-30608 Use after free in Web Share archdebian
CVE-2021-39868 high 8.0 multiple issues in gitlab arch
CVE-2021-30594 high 8.0 multiple issues in chromium archdebian
CVE-2021-30620 high 8.0 Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink archdebian
CVE-2021-30589 high 8.0 multiple issues in chromium archdebian
CVE-2021-30607 high 8.0 Chromium: CVE-2021-30607 Use after free in Permissions archdebian
CVE-2021-30609 high 8.0 Chromium: CVE-2021-30609 Use after free in Sign-In archdebian
CVE-2021-30628 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-22181 high 8.0 multiple issues in gitlab arch
CVE-2021-30578 high 8.0 multiple issues in chromium archdebian
CVE-2021-28457 high 8.0 arbitrary code execution in code arch
CVE-2021-22219 high 8.0 multiple issues in gitlab arch
CVE-2021-25215 high 8.0 Important: bind security update debianarchsuserockylinux
CVE-2021-30574 high 8.0 multiple issues in chromium archdebian
CVE-2021-30626 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-22213 high 8.0 multiple issues in gitlab arch
CVE-2021-41611 high 8.0 An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem all… archdebian
CVE-2021-3405 high 8.0 A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml. archdebian
CVE-2021-30596 high 8.0 multiple issues in chromium archdebian
CVE-2021-4052 high 8.0 multiple issues in chromium archdebian
CVE-2021-38371 high 8.0 The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. archdebian
CVE-2021-21227 high 8.0 Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-37968 high 8.0 Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-39884 high 8.0 multiple issues in gitlab arch
CVE-2021-20305 high 8.0 A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply fun… archsuserockylinuxdebian
CVE-2021-30597 high 8.0 multiple issues in chromium archdebian
CVE-2021-22230 high 8.0 multiple issues in gitlab arch
CVE-2021-30613 high 8.0 Chromium: CVE-2021-30613 Use after free in Base internals archdebian
CVE-2021-30630 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-39875 high 8.0 multiple issues in gitlab arch
CVE-2021-3570 high 8.0 A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or pote… suserockylinuxdebian
CVE-2021-30591 high 8.0 multiple issues in chromium archdebian
CVE-2021-29973 high 8.0 Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user's password would be ente… archdebian
CVE-2021-32778 high 8.0 multiple issues in istio arch
CVE-2021-4093 high 8.0 A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host ker… rockylinuxdebian
CVE-2021-4063 high 8.0 multiple issues in chromium archdebian
CVE-2021-21208 high 8.0 Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code. archdebian
CVE-2021-21233 high 8.0 Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-29477 high 8.0 Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using t… suserockylinuxdebian
CVE-2021-37982 high 8.0 multiple issues in chromium archdebian
CVE-2021-39912 high 8.0 multiple issues in gitlab arch
CVE-2021-4068 high 8.0 multiple issues in chromium archdebian
CVE-2021-22915 high 8.0 multiple issues in nextcloud arch
CVE-2021-38002 high 8.0 multiple issues in chromium archdebian
CVE-2021-38010 high 8.0 multiple issues in chromium archdebian
CVE-2021-30588 high 8.0 multiple issues in chromium archdebian
CVE-2021-21186 high 8.0 Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a craft… archdebian
CVE-2021-4058 high 8.0 multiple issues in chromium archdebian
CVE-2021-22225 high 8.0 multiple issues in gitlab arch
CVE-2021-37960 high 8.0 multiple issues in chromium arch
CVE-2021-30601 high 8.0 Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted… archdebian
CVE-2021-29967 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… archdebianrockylinux
CVE-2021-21156 high 8.0 Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script. archdebian
CVE-2021-26434 high 8.0 multiple issues in code arch
CVE-2021-30584 high 8.0 multiple issues in chromium archdebian
CVE-2021-29982 high 8.0 Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 an… archdebian
CVE-2021-2264 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows low pr… archdebian
CVE-2021-30531 high 8.0 multiple issues in chromium archdebian
CVE-2021-30528 high 8.0 Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their… archdebian
CVE-2021-41524 high 8.0 multiple issues in apache debianarch
CVE-2021-38500 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… archdebianrockylinux
CVE-2021-4129 high 8.0 Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of t… debianrockylinux
CVE-2021-43534 high 8.0 Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enoug… debianrockylinux
CVE-2021-43535 high 8.0 A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firef… debianrockylinux
CVE-2021-37985 high 8.0 multiple issues in chromium archdebian
CVE-2021-37983 high 8.0 multiple issues in chromium archdebian
CVE-2021-32741 high 8.0 multiple issues in nextcloud arch
CVE-2021-30619 high 8.0 Chromium: CVE-2021-30619 UI Spoofing in Autofill archdebian
CVE-2021-36377 high 8.0 Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. archdebian
CVE-2021-30581 high 8.0 multiple issues in chromium archdebian
CVE-2021-4065 high 8.0 multiple issues in chromium archdebian
CVE-2021-30624 high 8.0 Chromium: CVE-2021-30624 Use after free in Autofill archdebian
CVE-2021-39917 high 8.0 multiple issues in gitlab arch
CVE-2021-32749 high 8.0 fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to poss… archdebian
CVE-2021-39881 high 8.0 multiple issues in gitlab arch
CVE-2021-37986 high 8.0 multiple issues in chromium archdebian
CVE-2021-22214 high 8.0 multiple issues in gitlab arch
CVE-2021-39882 high 8.0 multiple issues in gitlab arch
CVE-2021-26910 high 8.0 Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation. archdebian
CVE-2021-21169 high 8.0 Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. archdebian