CVEs from 2021
Total
5,048
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%
Top products
- office 13
- 365_apps 6
- office_long_term_servicing_channel 6
- library_automation_system 5
- single_connect 4
- http_server 3
- solidfire 2
- student_information_management_system 2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2021-38019 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37983 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30584 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37956 | high | — | 8.0 | — | Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted… | |
| CVE-2021-38371 | high | — | 8.0 | — | The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. | |
| CVE-2021-29967 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… | |
| CVE-2021-30618 | high | — | 8.0 | — | Chromium: CVE-2021-30618 Inappropriate implementation in DevTools | |
| CVE-2021-38020 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30579 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-2264 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows low pr… | |
| CVE-2021-30582 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-38496 | high | — | 8.0 | — | During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbir… | |
| CVE-2021-38500 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |
| CVE-2021-4129 | high | — | 8.0 | — | Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of t… | |
| CVE-2021-30573 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-4059 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-38018 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39882 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21208 | high | — | 8.0 | — | Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code. | |
| CVE-2021-30571 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21150 | high | — | 8.0 | — | Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted… | |
| CVE-2021-32749 | high | — | 8.0 | — | fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to poss… | |
| CVE-2021-21216 | high | — | 8.0 | — | Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. | |
| CVE-2021-38014 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30572 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-22167 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21153 | high | — | 8.0 | — | Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |
| CVE-2021-30599 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |
| CVE-2021-30567 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30602 | high | — | 8.0 | — | Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30559 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-38012 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21156 | high | — | 8.0 | — | Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script. | |
| CVE-2021-30607 | high | — | 8.0 | — | Chromium: CVE-2021-30607 Use after free in Permissions | |
| CVE-2021-30555 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-30612 | high | — | 8.0 | — | Chromium: CVE-2021-30612 Use after free in WebRTC | |
| CVE-2021-29961 | high | — | 8.0 | — | When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89. | |
| CVE-2021-30616 | high | — | 8.0 | — | Chromium: CVE-2021-30616 Use after free in Media | |
| CVE-2021-21212 | high | — | 8.0 | — | Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP. | |
| CVE-2021-38011 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30569 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30623 | high | — | 8.0 | — | Chromium: CVE-2021-30623 Use after free in Bookmarks | |
| CVE-2021-30564 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-39868 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39889 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39870 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30568 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-4064 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-38016 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37958 | high | — | 8.0 | — | Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. | |
| CVE-2021-30566 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-37961 | high | — | 8.0 | — | Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-21217 | high | — | 8.0 | — | Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |
| CVE-2021-21213 | high | — | 8.0 | — | Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-21162 | high | — | 8.0 | — | Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-38009 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30565 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21229 | high | — | 8.0 | — | Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |
| CVE-2021-21165 | high | — | 8.0 | — | Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-21230 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30541 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-21232 | high | — | 8.0 | — | Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-21231 | high | — | 8.0 | — | Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-38015 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21164 | high | — | 8.0 | — | Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2021-37980 | high | — | 8.0 | — | Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. | |
| CVE-2021-30561 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-39936 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-29963 | high | — | 8.0 | — | Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnera… | |
| CVE-2021-39934 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21168 | high | — | 8.0 | — | Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |
| CVE-2021-38007 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30556 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-39931 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21199 | high | — | 8.0 | — | Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pa… | |
| CVE-2021-42322 | high | — | 8.0 | — | multiple issues in code | |
| CVE-2021-30562 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-39941 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30517 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39909 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-38006 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39890 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21171 | high | — | 8.0 | — | Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |
| CVE-2021-30557 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-29462 | high | — | 8.0 | — | The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because… | |
| CVE-2021-39905 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30537 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39902 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-38004 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-41524 | high | — | 8.0 | — | multiple issues in apache | |
| CVE-2021-30523 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39872 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21172 | high | — | 8.0 | — | Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | |
| CVE-2021-39887 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-30520 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-38021 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-38001 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39874 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21173 | high | — | 8.0 | — | Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2021-21184 | high | — | 8.0 | — | Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |