VIR Vulnerability Intelligence Relay

CVEs from 2021

6,087 normalized CVEs published or assigned in this year.

Total
6,087
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
4.5%
% with KEV
3.5%
% with exploit
3.5%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-22213 high 8.0 multiple issues in gitlab arch
CVE-2021-32654 high 8.0 multiple issues in nextcloud arch
CVE-2021-22220 high 8.0 multiple issues in gitlab arch
CVE-2021-22221 high 8.0 multiple issues in gitlab arch
CVE-2021-22218 high 8.0 multiple issues in gitlab arch
CVE-2021-22214 high 8.0 multiple issues in gitlab arch
CVE-2021-32778 high 8.0 multiple issues in istio arch
CVE-2021-22219 high 8.0 multiple issues in gitlab arch
CVE-2021-38494 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2021-22236 high 8.0 multiple issues in gitlab arch
CVE-2021-22181 high 8.0 multiple issues in gitlab arch
CVE-2021-32653 high 8.0 multiple issues in nextcloud arch
CVE-2021-22915 high 8.0 multiple issues in nextcloud arch
CVE-2021-22237 high 8.0 multiple issues in gitlab arch
CVE-2021-28457 high 8.0 arbitrary code execution in code arch
CVE-2021-28471 high 8.0 arbitrary code execution in code arch
CVE-2021-28477 high 8.0 arbitrary code execution in code arch
CVE-2021-3557 high 8.0 information disclosure in argocd arch
CVE-2021-32688 high 8.0 multiple issues in nextcloud arch
CVE-2021-28473 high 8.0 arbitrary code execution in code arch
CVE-2021-28469 high 8.0 arbitrary code execution in code arch
CVE-2021-22230 high 8.0 multiple issues in gitlab arch
CVE-2021-22223 high 8.0 multiple issues in gitlab arch
CVE-2021-22225 high 8.0 multiple issues in gitlab arch
CVE-2021-22229 high 8.0 multiple issues in gitlab arch
CVE-2021-32741 high 8.0 multiple issues in nextcloud arch
CVE-2021-32733 high 8.0 multiple issues in nextcloud arch
CVE-2021-32705 high 8.0 multiple issues in nextcloud arch
CVE-2021-32703 high 8.0 multiple issues in nextcloud arch
CVE-2021-22231 high 8.0 multiple issues in gitlab arch
CVE-2021-37987 high 8.0 multiple issues in chromium archdebian
CVE-2021-32680 high 8.0 multiple issues in nextcloud arch
CVE-2021-32725 high 8.0 multiple issues in nextcloud arch
CVE-2021-32726 high 8.0 multiple issues in nextcloud arch
CVE-2021-32678 high 8.0 multiple issues in nextcloud arch
CVE-2021-22232 high 8.0 multiple issues in gitlab arch
CVE-2021-22227 high 8.0 multiple issues in gitlab arch
CVE-2021-22224 high 8.0 multiple issues in gitlab arch
CVE-2021-22228 high 8.0 multiple issues in gitlab arch
CVE-2021-32305 high 8.0 arbitrary command execution in websvn arch
CVE-2021-29503 high 8.0 cross-site scripting in hedgedoc arch
CVE-2021-22211 high 8.0 multiple issues in gitlab arch
CVE-2021-22208 high 8.0 multiple issues in gitlab arch
CVE-2021-27064 high 8.0 privilege escalation in code arch
CVE-2021-23965 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2021-26910 high 8.0 Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation. archdebian
CVE-2021-2086 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-30524 high 8.0 multiple issues in chromium archdebian
CVE-2021-30525 high 8.0 multiple issues in chromium archdebian
CVE-2021-30528 high 8.0 Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their… archdebian
CVE-2021-30529 high 8.0 multiple issues in chromium archdebian
CVE-2021-37963 high 8.0 Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. archdebian
CVE-2021-37965 high 8.0 Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-37966 high 8.0 Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. archdebian
CVE-2021-2296 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high… archdebian
CVE-2021-32919 high 8.0 An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not co… archdebian
CVE-2021-30537 high 8.0 multiple issues in chromium archdebian
CVE-2021-32917 high 8.0 An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use … archdebian
CVE-2021-30523 high 8.0 multiple issues in chromium archdebian
CVE-2021-21157 high 8.0 Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21160 high 8.0 Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21159 high 8.0 Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-37970 high 8.0 Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-37972 high 8.0 Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-37971 high 8.0 Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. archdebian
CVE-2021-37994 high 8.0 multiple issues in chromium archdebian
CVE-2021-30518 high 8.0 multiple issues in chromium archdebian
CVE-2021-35560 high 8.0 Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated att… archsusedebian
CVE-2021-38300 high 8.0 arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel co… archdebian
CVE-2021-20179 high 8.0 Important: pki-core:10.6 security update debianrockylinux
CVE-2021-35538 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows low pr… archdebian
CVE-2021-3570 high 8.0 A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or pote… suserockylinuxdebian
CVE-2021-28373 high 8.0 The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch f… archdebian
CVE-2021-30514 high 8.0 multiple issues in chromium archdebian
CVE-2021-43540 high 8.0 WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects … archsusedebian
CVE-2021-30539 high 8.0 multiple issues in chromium archdebian
CVE-2021-32655 high 8.0 multiple issues in nextcloud arch
CVE-2021-21176 high 8.0 Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. archdebian
CVE-2021-21198 high 8.0 Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. archdebian
CVE-2021-37997 high 8.0 multiple issues in chromium archdebian
CVE-2021-30516 high 8.0 multiple issues in chromium archdebian
CVE-2021-37999 high 8.0 multiple issues in chromium archdebian
CVE-2021-38002 high 8.0 multiple issues in chromium archdebian
CVE-2021-4093 high 8.0 A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host ker… rockylinuxdebian
CVE-2021-30538 high 8.0 multiple issues in chromium archdebian
CVE-2021-29977 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archsusedebian
CVE-2021-38010 high 8.0 multiple issues in chromium archdebian
CVE-2021-30536 high 8.0 multiple issues in chromium archdebian
CVE-2021-37998 high 8.0 multiple issues in chromium archdebian
CVE-2021-21186 high 8.0 Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a craft… archdebian
CVE-2021-30507 high 8.0 multiple issues in chromium archdebian
CVE-2021-3551 high 8.0 Important: pki-core:10.6 security update debianrockylinux
CVE-2021-2442 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-25215 high 8.0 Important: bind security update debianarchsuserockylinux
CVE-2021-38575 high 8.0 Important: edk2 security update archdebiansuserockylinux
CVE-2021-30526 high 8.0 multiple issues in chromium archdebian
CVE-2021-37996 high 8.0 multiple issues in chromium archdebian
CVE-2021-21195 high 8.0 Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-23972 high 8.0 One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishingtarget.com@evil.com'. To mitigate this type of attack, Firefox will display a warning dialog; howe… archsusedebian
CVE-2021-37981 high 8.0 multiple issues in chromium archdebian