VIR Vulnerability Intelligence Relay

CVEs from 2021

5,048 normalized CVEs published or assigned in this year.

Total
5,048
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-39900 high 8.0 multiple issues in gitlab arch
CVE-2021-29965 high 8.0 A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that… archdebian
CVE-2021-39915 high 8.0 multiple issues in gitlab arch
CVE-2021-22225 high 8.0 multiple issues in gitlab arch
CVE-2021-32917 high 8.0 An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use … archdebian
CVE-2021-1056 high 8.0 multiple issues in nvidia-utils archsusedebian
CVE-2021-37996 high 8.0 multiple issues in chromium archdebian
CVE-2021-2264 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows low pr… archdebian
CVE-2021-21228 high 8.0 Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a … archdebian
CVE-2021-30531 high 8.0 multiple issues in chromium archdebian
CVE-2021-29982 high 8.0 Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 an… archdebian
CVE-2021-30602 high 8.0 Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-39901 high 8.0 multiple issues in gitlab arch
CVE-2021-39896 high 8.0 multiple issues in gitlab arch
CVE-2021-39911 high 8.0 multiple issues in gitlab arch
CVE-2021-37998 high 8.0 multiple issues in chromium archdebian
CVE-2021-37990 high 8.0 multiple issues in chromium archdebian
CVE-2021-39867 high 8.0 multiple issues in gitlab arch
CVE-2021-39885 high 8.0 multiple issues in gitlab arch
CVE-2021-22259 high 8.0 multiple issues in gitlab arch
CVE-2021-4129 high 8.0 Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of t… debianrockylinux
CVE-2021-38500 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… archdebianrockylinux
CVE-2021-39888 high 8.0 multiple issues in gitlab arch
CVE-2021-37989 high 8.0 multiple issues in chromium archdebian
CVE-2021-4059 high 8.0 multiple issues in chromium archdebian
CVE-2021-43535 high 8.0 A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firef… debianrockylinux
CVE-2021-39890 high 8.0 multiple issues in gitlab arch
CVE-2021-22215 high 8.0 information disclosure in gitlab arch
CVE-2021-26925 high 8.0 Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering. archdebian
CVE-2021-28469 high 8.0 arbitrary code execution in code arch
CVE-2021-21233 high 8.0 Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-22239 high 8.0 multiple issues in gitlab arch
CVE-2021-29967 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… archdebianrockylinux
CVE-2021-37981 high 8.0 multiple issues in chromium archdebian
CVE-2021-37987 high 8.0 multiple issues in chromium archdebian
CVE-2021-32679 high 8.0 multiple issues in nextcloud arch
CVE-2021-32777 high 8.0 multiple issues in istio arch
CVE-2021-39904 high 8.0 multiple issues in gitlab arch
CVE-2021-21170 high 8.0 Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted … archdebian
CVE-2021-22219 high 8.0 multiple issues in gitlab arch
CVE-2021-38494 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2021-32657 high 8.0 multiple issues in nextcloud arch
CVE-2021-29987 high 8.0 After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location,… archdebian
CVE-2021-29963 high 8.0 Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnera… archdebian
CVE-2021-22209 high 8.0 multiple issues in gitlab arch
CVE-2021-22210 high 8.0 multiple issues in gitlab arch
CVE-2021-39873 high 8.0 multiple issues in gitlab arch
CVE-2021-39875 high 8.0 multiple issues in gitlab arch
CVE-2021-37966 high 8.0 Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. archdebian
CVE-2021-37999 high 8.0 multiple issues in chromium archdebian
CVE-2021-37985 high 8.0 multiple issues in chromium archdebian
CVE-2021-30600 high 8.0 Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30604 high 8.0 Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30601 high 8.0 Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted… archdebian
CVE-2021-37982 high 8.0 multiple issues in chromium archdebian
CVE-2021-30606 high 8.0 Chromium: CVE-2021-30606 Use after free in Blink archdebian
CVE-2021-29966 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2021-4093 high 8.0 A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host ker… rockylinuxdebian
CVE-2021-30630 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-3446 high 8.0 A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain s… archsusedebian
CVE-2021-39879 high 8.0 multiple issues in gitlab arch
CVE-2021-22171 high 8.0 multiple issues in gitlab arch
CVE-2021-30508 high 8.0 multiple issues in chromium archdebian
CVE-2021-22168 high 8.0 multiple issues in gitlab arch
CVE-2021-30594 high 8.0 multiple issues in chromium archdebian
CVE-2021-1051 high 8.0 multiple issues in nvidia-utils arch
CVE-2021-30575 high 8.0 multiple issues in chromium archdebian
CVE-2021-1052 high 8.0 multiple issues in nvidia-utils archsusedebian
CVE-2021-30619 high 8.0 Chromium: CVE-2021-30619 UI Spoofing in Autofill archdebian
CVE-2021-39868 high 8.0 multiple issues in gitlab arch
CVE-2021-30627 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-37994 high 8.0 multiple issues in chromium archdebian
CVE-2021-30608 high 8.0 Chromium: CVE-2021-30608 Use after free in Web Share archdebian
CVE-2021-41611 high 8.0 An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem all… archdebian
CVE-2021-30593 high 8.0 multiple issues in chromium archdebian
CVE-2021-42327 high 8.0 dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to th… archsusedebian
CVE-2021-39881 high 8.0 multiple issues in gitlab arch
CVE-2021-30623 high 8.0 Chromium: CVE-2021-30623 Use after free in Bookmarks archdebian
CVE-2021-30609 high 8.0 Chromium: CVE-2021-30609 Use after free in Sign-In archdebian
CVE-2021-38499 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2021-30589 high 8.0 multiple issues in chromium archdebian
CVE-2021-3405 high 8.0 A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml. archdebian
CVE-2021-30578 high 8.0 multiple issues in chromium archdebian
CVE-2021-22213 high 8.0 multiple issues in gitlab arch
CVE-2021-39870 high 8.0 multiple issues in gitlab arch
CVE-2021-39909 high 8.0 multiple issues in gitlab arch
CVE-2021-30574 high 8.0 multiple issues in chromium archdebian
CVE-2021-37957 high 8.0 Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-38021 high 8.0 multiple issues in chromium archdebian
CVE-2021-39889 high 8.0 multiple issues in gitlab arch
CVE-2021-30626 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-44879 high 8.0 In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference. archsusedebian
CVE-2021-32680 high 8.0 multiple issues in nextcloud arch
CVE-2021-22226 high 8.0 multiple issues in gitlab arch
CVE-2021-37971 high 8.0 Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. archdebian
CVE-2021-30596 high 8.0 multiple issues in chromium archdebian
CVE-2021-38371 high 8.0 The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. archdebian
CVE-2021-37958 high 8.0 Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. archdebian
CVE-2021-30618 high 8.0 Chromium: CVE-2021-30618 Inappropriate implementation in DevTools archdebian
CVE-2021-37979 high 8.0 heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a craf… archdebian