CVEs from 2021
Total
5,048
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%
Top products
- office 13
- 365_apps 6
- office_long_term_servicing_channel 6
- library_automation_system 5
- single_connect 4
- http_server 3
- solidfire 2
- student_information_management_system 2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2021-30541 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-21165 | high | — | 8.0 | — | Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-21180 | high | — | 8.0 | — | Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-38007 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21174 | high | — | 8.0 | — | Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |
| CVE-2021-4063 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21210 | high | — | 8.0 | — | Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page. | |
| CVE-2021-37998 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30562 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-39889 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-37956 | high | — | 8.0 | — | Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted… | |
| CVE-2021-21181 | high | — | 8.0 | — | Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |
| CVE-2021-21205 | high | — | 8.0 | — | Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |
| CVE-2021-21190 | high | — | 8.0 | — | Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |
| CVE-2021-21157 | high | — | 8.0 | — | Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30573 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39903 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39907 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39895 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-4058 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-4066 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30582 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39868 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-32749 | high | — | 8.0 | — | fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to poss… | |
| CVE-2021-39872 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30539 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-22218 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30579 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-28373 | high | — | 8.0 | — | The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch f… | |
| CVE-2021-39866 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-29975 | high | — | 8.0 | — | Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly… | |
| CVE-2021-21197 | high | — | 8.0 | — | Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-41387 | high | — | 8.0 | — | seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root. | |
| CVE-2021-30631 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-3781 | high | — | 8.0 | — | A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document… | |
| CVE-2021-38015 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21162 | high | — | 8.0 | — | Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-21215 | high | — | 8.0 | — | Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. | |
| CVE-2021-23985 | high | — | 8.0 | — | If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unno… | |
| CVE-2021-23964 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |
| CVE-2021-22214 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30510 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-23983 | high | — | 8.0 | — | By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vul… | |
| CVE-2021-21195 | high | — | 8.0 | — | Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30584 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30527 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37968 | high | — | 8.0 | — | Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2021-30519 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37981 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30506 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-38009 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30521 | high | — | 8.0 | — | Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | |
| CVE-2021-30576 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-23975 | high | — | 8.0 | — | The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof funct… | |
| CVE-2021-21228 | high | — | 8.0 | — | Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a … | |
| CVE-2021-21233 | high | — | 8.0 | — | Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-29948 | high | — | 8.0 | — | Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file. This vulnerability affects… | |
| CVE-2021-39870 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21212 | high | — | 8.0 | — | Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP. | |
| CVE-2021-38016 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30588 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-1051 | high | — | 8.0 | — | multiple issues in nvidia-utils | |
| CVE-2021-30590 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-22168 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39884 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21156 | high | — | 8.0 | — | Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script. | |
| CVE-2021-39906 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39874 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-38012 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30592 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-29977 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2021-21153 | high | — | 8.0 | — | Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |
| CVE-2021-21175 | high | — | 8.0 | — | Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2021-30597 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-29959 | high | — | 8.0 | — | When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only… | |
| CVE-2021-37993 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21172 | high | — | 8.0 | — | Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | |
| CVE-2021-30596 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30609 | high | — | 8.0 | — | Chromium: CVE-2021-30609 Use after free in Sign-In | |
| CVE-2021-38014 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21213 | high | — | 8.0 | — | Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30626 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-30517 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30608 | high | — | 8.0 | — | Chromium: CVE-2021-30608 Use after free in Web Share | |
| CVE-2021-30574 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21160 | high | — | 8.0 | — | Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30578 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-4068 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21161 | high | — | 8.0 | — | Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-38494 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2021-28475 | high | — | 8.0 | — | arbitrary code execution in code | |
| CVE-2021-30589 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-22239 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39902 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39897 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-38020 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-22215 | high | — | 8.0 | — | information disclosure in gitlab | |
| CVE-2021-30593 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39914 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-43529 | high | — | 8.0 | — | Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerabl… |