VIR Vulnerability Intelligence Relay

CVEs from 2021

5,047 normalized CVEs published or assigned in this year.

Total
5,047
critical
critical 273
high
high 972
medium
medium 1,144
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-39884 high 8.0 multiple issues in gitlab arch
CVE-2021-39875 high 8.0 multiple issues in gitlab arch
CVE-2021-39932 high 8.0 multiple issues in gitlab arch
CVE-2021-30622 high 8.0 Chromium: CVE-2021-30622 Use after free in WebApp Installs archdebian
CVE-2021-23963 high 8.0 When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This… archdebian
CVE-2021-39874 high 8.0 multiple issues in gitlab arch
CVE-2021-32655 high 8.0 multiple issues in nextcloud arch
CVE-2021-39890 high 8.0 multiple issues in gitlab arch
CVE-2021-2128 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows low pr… archdebian
CVE-2021-30524 high 8.0 multiple issues in chromium archdebian
CVE-2021-32678 high 8.0 multiple issues in nextcloud arch
CVE-2021-28457 high 8.0 arbitrary code execution in code arch
CVE-2021-39933 high 8.0 multiple issues in gitlab arch
CVE-2021-30525 high 8.0 multiple issues in chromium archdebian
CVE-2021-29157 high 8.0 Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled locatio… archdebiansuse
CVE-2021-39873 high 8.0 multiple issues in gitlab arch
CVE-2021-22232 high 8.0 multiple issues in gitlab arch
CVE-2021-37961 high 8.0 Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-32688 high 8.0 multiple issues in nextcloud arch
CVE-2021-30528 high 8.0 Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their… archdebian
CVE-2021-39903 high 8.0 multiple issues in gitlab arch
CVE-2021-28477 high 8.0 arbitrary code execution in code arch
CVE-2021-2145 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high… archdebian
CVE-2021-37956 high 8.0 Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted… archdebian
CVE-2021-28473 high 8.0 arbitrary code execution in code arch
CVE-2021-32741 high 8.0 multiple issues in nextcloud arch
CVE-2021-37963 high 8.0 Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. archdebian
CVE-2021-39870 high 8.0 multiple issues in gitlab arch
CVE-2021-37960 high 8.0 multiple issues in chromium arch
CVE-2021-21228 high 8.0 Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a … archdebian
CVE-2021-39877 high 8.0 multiple issues in gitlab arch
CVE-2021-20247 high 8.0 A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailb… archdebian
CVE-2021-42322 high 8.0 multiple issues in code arch
CVE-2021-37957 high 8.0 Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-37999 high 8.0 multiple issues in chromium archdebian
CVE-2021-24000 high 8.0 A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements… archsusedebian
CVE-2021-37978 high 8.0 Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-22226 high 8.0 multiple issues in gitlab arch
CVE-2021-30599 high 8.0 Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. archdebian
CVE-2021-22231 high 8.0 multiple issues in gitlab arch
CVE-2021-1051 high 8.0 multiple issues in nvidia-utils arch
CVE-2021-39881 high 8.0 multiple issues in gitlab arch
CVE-2021-39915 high 8.0 multiple issues in gitlab arch
CVE-2021-22167 high 8.0 multiple issues in gitlab arch
CVE-2021-22211 high 8.0 multiple issues in gitlab arch
CVE-2021-39945 high 8.0 multiple issues in gitlab arch
CVE-2021-29503 high 8.0 cross-site scripting in hedgedoc arch
CVE-2021-36740 high 8.0 Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, a… suserockylinuxdebian
CVE-2021-39940 high 8.0 multiple issues in gitlab arch
CVE-2021-29946 high 8.0 Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox … archsusedebian
CVE-2021-39937 high 8.0 multiple issues in gitlab arch
CVE-2021-30522 high 8.0 multiple issues in chromium archdebian
CVE-2021-38502 high 8.0 Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the auth… archrockylinuxdebian
CVE-2021-23983 high 8.0 By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vul… archsusedebian
CVE-2021-36952 high 8.0 multiple issues in code arch
CVE-2021-2475 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-2443 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-2409 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-21158 high 8.0 insufficient validation in chromium arch
CVE-2021-22229 high 8.0 multiple issues in gitlab arch
CVE-2021-30627 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-21213 high 8.0 Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30597 high 8.0 multiple issues in chromium archdebian
CVE-2021-37981 high 8.0 multiple issues in chromium archdebian
CVE-2021-23981 high 8.0 A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information lea… archsusedebian
CVE-2021-2297 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high… archdebian
CVE-2021-21173 high 8.0 Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-38009 high 8.0 multiple issues in chromium archdebian
CVE-2021-21174 high 8.0 Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. archdebian
CVE-2021-38011 high 8.0 multiple issues in chromium archdebian
CVE-2021-2129 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-37987 high 8.0 multiple issues in chromium archdebian
CVE-2021-37984 high 8.0 multiple issues in chromium archdebian
CVE-2021-2281 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… archdebian
CVE-2021-37988 high 8.0 multiple issues in chromium archdebian
CVE-2021-38018 high 8.0 multiple issues in chromium archdebian
CVE-2021-29973 high 8.0 Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user's password would be ente… archdebian
CVE-2021-2442 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-4064 high 8.0 multiple issues in chromium archdebian
CVE-2021-21181 high 8.0 Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. archdebian
CVE-2021-29967 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… archdebianrockylinux
CVE-2021-30589 high 8.0 multiple issues in chromium archdebian
CVE-2021-2306 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-33582 high 8.0 Important: cyrus-imapd security update debiansuserockylinux
CVE-2021-21189 high 8.0 Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. archdebian
CVE-2021-38004 high 8.0 multiple issues in chromium archdebian
CVE-2021-30606 high 8.0 Chromium: CVE-2021-30606 Use after free in Blink archdebian
CVE-2021-30615 high 8.0 Chromium: CVE-2021-30615 Cross-origin data leak in Navigation archdebian
CVE-2021-3570 high 8.0 A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or pote… suserockylinuxdebian
CVE-2021-27803 high 8.0 A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (poten… archsusedebian
CVE-2021-37997 high 8.0 multiple issues in chromium archdebian
CVE-2021-37994 high 8.0 multiple issues in chromium archdebian
CVE-2021-23955 high 8.0 The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85. archdebian
CVE-2021-2125 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-29947 high 8.0 Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… archsusedebian
CVE-2021-4061 high 8.0 multiple issues in chromium archdebian
CVE-2021-43529 high 8.0 Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerabl… suserockylinuxdebian
CVE-2021-21176 high 8.0 Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. archdebian
CVE-2021-4053 high 8.0 multiple issues in chromium archdebian
CVE-2021-30594 high 8.0 multiple issues in chromium archdebian