CVEs from 2021
Total
5,048
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%
Top products
- office 13
- 365_apps 6
- office_long_term_servicing_channel 6
- library_automation_system 5
- single_connect 4
- http_server 3
- solidfire 2
- student_information_management_system 2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2021-21226 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-2111 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |
| CVE-2021-30516 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21223 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30539 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-4058 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-2119 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |
| CVE-2021-2121 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |
| CVE-2021-21214 | high | — | 8.0 | — | Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. | |
| CVE-2021-4053 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21149 | high | — | 8.0 | — | Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | |
| CVE-2021-38014 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-38011 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-38015 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-2129 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |
| CVE-2021-38004 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21112 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37992 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-2120 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |
| CVE-2021-30584 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30513 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30514 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-2123 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |
| CVE-2021-37987 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37984 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37985 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-2131 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |
| CVE-2021-30594 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30627 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-30578 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30574 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30596 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-32918 | high | — | 8.0 | — | An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.… | |
| CVE-2021-30581 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-4067 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21108 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21192 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-21109 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-4061 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-4068 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-20247 | high | — | 8.0 | — | A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailb… | |
| CVE-2021-23960 | high | — | 8.0 | — | Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, an… | |
| CVE-2021-30537 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-25217 | high | — | 8.0 | — | Important: dhcp security update | |
| CVE-2021-29462 | high | — | 8.0 | — | The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because… | |
| CVE-2021-36377 | high | — | 8.0 | — | Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. | |
| CVE-2021-38022 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-4065 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30556 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-23975 | high | — | 8.0 | — | The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof funct… | |
| CVE-2021-30562 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-30602 | high | — | 8.0 | — | Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30528 | high | — | 8.0 | — | Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their… | |
| CVE-2021-30510 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21222 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21114 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21173 | high | — | 8.0 | — | Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2021-35542 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows high p… | |
| CVE-2021-24002 | high | — | 8.0 | — | When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. Th… | |
| CVE-2021-29966 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2021-30541 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-30597 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30592 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30527 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30543 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37988 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30591 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30530 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21113 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21212 | high | — | 8.0 | — | Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP. | |
| CVE-2021-22945 | high | — | 8.0 | — | When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call t… | |
| CVE-2021-22890 | high | — | 8.0 | — | curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.… | |
| CVE-2021-2443 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high p… | |
| CVE-2021-30606 | high | — | 8.0 | — | Chromium: CVE-2021-30606 Use after free in Blink | |
| CVE-2021-21215 | high | — | 8.0 | — | Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. | |
| CVE-2021-24001 | high | — | 8.0 | — | A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. … | |
| CVE-2021-30630 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-23964 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |
| CVE-2021-21158 | high | — | 8.0 | — | insufficient validation in chromium | |
| CVE-2021-2409 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high p… | |
| CVE-2021-30561 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-2321 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high p… | |
| CVE-2021-21189 | high | — | 8.0 | — | Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |
| CVE-2021-38575 | high | — | 8.0 | — | Important: edk2 security update | |
| CVE-2021-2310 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high… | |
| CVE-2021-4056 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-29982 | high | — | 8.0 | — | Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 an… | |
| CVE-2021-30564 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-23996 | high | — | 8.0 | — | By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's viewport, resulting in a spoofing attack that could have been used for phishing or other att… | |
| CVE-2021-30588 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21231 | high | — | 8.0 | — | Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30590 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-2306 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high p… | |
| CVE-2021-30568 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-29963 | high | — | 8.0 | — | Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnera… | |
| CVE-2021-37995 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-33582 | high | — | 8.0 | — | Important: cyrus-imapd security update | |
| CVE-2021-2296 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high… | |
| CVE-2021-2297 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high… | |
| CVE-2021-21190 | high | — | 8.0 | — | Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. |