CVEs from 2021
Total
5,047
critical
critical 273
high
high 972
medium
medium 1,144
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%
Top products
- office 13
- 365_apps 6
- office_long_term_servicing_channel 6
- library_automation_system 5
- single_connect 4
- http_server 3
- solidfire 2
- student_information_management_system 2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2021-23986 | high | — | 8.0 | — | A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read… | |
| CVE-2021-21179 | high | — | 8.0 | — | Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-38001 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-2291 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows low … | |
| CVE-2021-22225 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-4054 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-32733 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-30511 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-29976 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort s… | |
| CVE-2021-41524 | high | — | 8.0 | — | multiple issues in apache | |
| CVE-2021-39873 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-32765 | high | — | 8.0 | — | Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` proto… | |
| CVE-2021-23983 | high | — | 8.0 | — | By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vul… | |
| CVE-2021-30617 | high | — | 8.0 | — | Chromium: CVE-2021-30617 Policy bypass in Blink | |
| CVE-2021-30628 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-37997 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39872 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-38011 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39883 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30561 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-30506 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21149 | high | — | 8.0 | — | Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | |
| CVE-2021-26434 | high | — | 8.0 | — | multiple issues in code | |
| CVE-2021-38004 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30559 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-23961 | high | — | 8.0 | — | Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine.… | |
| CVE-2021-30626 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-30597 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-22226 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21175 | high | — | 8.0 | — | Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2021-37966 | high | — | 8.0 | — | Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |
| CVE-2021-32678 | high | — | 8.0 | — | multiple issues in nextcloud | |
| CVE-2021-22232 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-37963 | high | — | 8.0 | — | Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. | |
| CVE-2021-30519 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-4052 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37995 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21114 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-38019 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30579 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30517 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21159 | high | — | 8.0 | — | Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-21178 | high | — | 8.0 | — | Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML pag… | |
| CVE-2021-30507 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21196 | high | — | 8.0 | — | Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-21180 | high | — | 8.0 | — | Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-29947 | high | — | 8.0 | — | Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… | |
| CVE-2021-21107 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-27803 | high | — | 8.0 | — | A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (poten… | |
| CVE-2021-23985 | high | — | 8.0 | — | If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unno… | |
| CVE-2021-37993 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21215 | high | — | 8.0 | — | Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. | |
| CVE-2021-21231 | high | — | 8.0 | — | Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-38505 | high | — | 8.0 | — | Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain… | |
| CVE-2021-21195 | high | — | 8.0 | — | Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-37985 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-29986 | high | — | 8.0 | — | A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are … | |
| CVE-2021-37986 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21192 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-2120 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |
| CVE-2021-39937 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-36952 | high | — | 8.0 | — | multiple issues in code | |
| CVE-2021-21202 | high | — | 8.0 | — | Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chr… | |
| CVE-2021-32749 | high | — | 8.0 | — | fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to poss… | |
| CVE-2021-30582 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21184 | high | — | 8.0 | — | Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2021-30565 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37996 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-23982 | high | — | 8.0 | — | Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRT… | |
| CVE-2021-23960 | high | — | 8.0 | — | Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, an… | |
| CVE-2021-2074 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |
| CVE-2021-39899 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-2123 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |
| CVE-2021-21158 | high | — | 8.0 | — | insufficient validation in chromium | |
| CVE-2021-42327 | high | — | 8.0 | — | dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to th… | |
| CVE-2021-21181 | high | — | 8.0 | — | Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |
| CVE-2021-21170 | high | — | 8.0 | — | Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted … | |
| CVE-2021-22224 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-24000 | high | — | 8.0 | — | A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements… | |
| CVE-2021-30541 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-38013 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-29948 | high | — | 8.0 | — | Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file. This vulnerability affects… | |
| CVE-2021-37990 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-29967 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… | |
| CVE-2021-38020 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30615 | high | — | 8.0 | — | Chromium: CVE-2021-30615 Cross-origin data leak in Navigation | |
| CVE-2021-37981 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37987 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-43534 | high | — | 8.0 | — | Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enoug… | |
| CVE-2021-4129 | high | — | 8.0 | — | Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of t… | |
| CVE-2021-21111 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30515 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-22209 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30623 | high | — | 8.0 | — | Chromium: CVE-2021-30623 Use after free in Bookmarks | |
| CVE-2021-30622 | high | — | 8.0 | — | Chromium: CVE-2021-30622 Use after free in WebApp Installs | |
| CVE-2021-21225 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30513 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30555 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-30512 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-26925 | high | — | 8.0 | — | Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering. |