VIR Vulnerability Intelligence Relay

CVEs from 2021

6,087 normalized CVEs published or assigned in this year.

Total
6,087
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
4.5%
% with KEV
3.5%
% with exploit
3.5%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-4067 high 8.0 multiple issues in chromium archdebian
CVE-2021-39870 high 8.0 multiple issues in gitlab arch
CVE-2021-39886 high 8.0 multiple issues in gitlab arch
CVE-2021-35560 high 8.0 Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated att… archsusedebian
CVE-2021-21179 high 8.0 Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-41387 high 8.0 seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root. archdebian
CVE-2021-30617 high 8.0 Chromium: CVE-2021-30617 Policy bypass in Blink archdebian
CVE-2021-30630 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-37963 high 8.0 Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. archdebian
CVE-2021-28373 high 8.0 The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch f… archdebian
CVE-2021-4129 high 8.0 Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of t… debianrockylinux
CVE-2021-4065 high 8.0 multiple issues in chromium archdebian
CVE-2021-21229 high 8.0 Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. archdebian
CVE-2021-39905 high 8.0 multiple issues in gitlab arch
CVE-2021-30623 high 8.0 Chromium: CVE-2021-30623 Use after free in Bookmarks archdebian
CVE-2021-39875 high 8.0 multiple issues in gitlab arch
CVE-2021-30594 high 8.0 multiple issues in chromium archdebian
CVE-2021-37982 high 8.0 multiple issues in chromium archdebian
CVE-2021-30575 high 8.0 multiple issues in chromium archdebian
CVE-2021-30508 high 8.0 multiple issues in chromium archdebian
CVE-2021-4068 high 8.0 multiple issues in chromium archdebian
CVE-2021-21230 high 8.0 Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30529 high 8.0 multiple issues in chromium archdebian
CVE-2021-38010 high 8.0 multiple issues in chromium archdebian
CVE-2021-30627 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-37977 high 8.0 Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30593 high 8.0 multiple issues in chromium archdebian
CVE-2021-30615 high 8.0 Chromium: CVE-2021-30615 Cross-origin data leak in Navigation archdebian
CVE-2021-30598 high 8.0 Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. archdebian
CVE-2021-21233 high 8.0 Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-39941 high 8.0 multiple issues in gitlab arch
CVE-2021-37985 high 8.0 multiple issues in chromium archdebian
CVE-2021-30608 high 8.0 Chromium: CVE-2021-30608 Use after free in Web Share archdebian
CVE-2021-37960 high 8.0 multiple issues in chromium arch
CVE-2021-30578 high 8.0 multiple issues in chromium archdebian
CVE-2021-4062 high 8.0 multiple issues in chromium archdebian
CVE-2021-20247 high 8.0 A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailb… archdebian
CVE-2021-30609 high 8.0 Chromium: CVE-2021-30609 Use after free in Sign-In archdebian
CVE-2021-30574 high 8.0 multiple issues in chromium archdebian
CVE-2021-30628 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-4066 high 8.0 multiple issues in chromium archdebian
CVE-2021-39882 high 8.0 multiple issues in gitlab arch
CVE-2021-32777 high 8.0 multiple issues in istio arch
CVE-2021-28473 high 8.0 arbitrary code execution in code arch
CVE-2021-30581 high 8.0 multiple issues in chromium archdebian
CVE-2021-30602 high 8.0 Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-37986 high 8.0 multiple issues in chromium archdebian
CVE-2021-39877 high 8.0 multiple issues in gitlab arch
CVE-2021-29961 high 8.0 When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89. archdebian
CVE-2021-30601 high 8.0 Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted… archdebian
CVE-2021-38371 high 8.0 The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. archdebian
CVE-2021-3551 high 8.0 Important: pki-core:10.6 security update debianrockylinux
CVE-2021-25215 high 8.0 Important: bind security update debianarchsuserockylinux
CVE-2021-30618 high 8.0 Chromium: CVE-2021-30618 Inappropriate implementation in DevTools archdebian
CVE-2021-22225 high 8.0 multiple issues in gitlab arch
CVE-2021-37965 high 8.0 Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-30592 high 8.0 multiple issues in chromium archdebian
CVE-2021-41611 high 8.0 An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem all… archdebian
CVE-2021-21160 high 8.0 Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-3405 high 8.0 A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml. archdebian
CVE-2021-30591 high 8.0 multiple issues in chromium archdebian
CVE-2021-39909 high 8.0 multiple issues in gitlab arch
CVE-2021-22227 high 8.0 multiple issues in gitlab arch
CVE-2021-22211 high 8.0 multiple issues in gitlab arch
CVE-2021-22216 high 8.0 multiple issues in gitlab arch
CVE-2021-20305 high 8.0 A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply fun… archsuserockylinuxdebian
CVE-2021-30590 high 8.0 multiple issues in chromium archdebian
CVE-2021-37997 high 8.0 multiple issues in chromium archdebian
CVE-2021-27064 high 8.0 privilege escalation in code arch
CVE-2021-30613 high 8.0 Chromium: CVE-2021-30613 Use after free in Base internals archdebian
CVE-2021-41259 high 8.0 multiple issues in nim arch
CVE-2021-26925 high 8.0 Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering. archdebian
CVE-2021-21150 high 8.0 Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted… archdebian
CVE-2021-30588 high 8.0 multiple issues in chromium archdebian
CVE-2021-21216 high 8.0 Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. archdebian
CVE-2021-4093 high 8.0 A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host ker… rockylinuxdebian
CVE-2021-30585 high 8.0 multiple issues in chromium archdebian
CVE-2021-32653 high 8.0 multiple issues in nextcloud arch
CVE-2021-39904 high 8.0 multiple issues in gitlab arch
CVE-2021-38021 high 8.0 multiple issues in chromium archdebian
CVE-2021-37984 high 8.0 multiple issues in chromium archdebian
CVE-2021-32749 high 8.0 fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to poss… archdebian
CVE-2021-22214 high 8.0 multiple issues in gitlab arch
CVE-2021-30525 high 8.0 multiple issues in chromium archdebian
CVE-2021-30622 high 8.0 Chromium: CVE-2021-30622 Use after free in WebApp Installs archdebian
CVE-2021-29971 high 8.0 If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects … archdebian
CVE-2021-37957 high 8.0 Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-4061 high 8.0 multiple issues in chromium archdebian
CVE-2021-21156 high 8.0 Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script. archdebian
CVE-2021-38300 high 8.0 arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel co… archdebian
CVE-2021-39912 high 8.0 multiple issues in gitlab arch
CVE-2021-28469 high 8.0 arbitrary code execution in code arch
CVE-2021-39913 high 8.0 multiple issues in gitlab arch
CVE-2021-29967 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… archdebianrockylinux
CVE-2021-37987 high 8.0 multiple issues in chromium archdebian
CVE-2021-30573 high 8.0 multiple issues in chromium archdebian
CVE-2021-21212 high 8.0 Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP. archdebian
CVE-2021-21213 high 8.0 Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-29982 high 8.0 Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 an… archdebian
CVE-2021-32678 high 8.0 multiple issues in nextcloud arch