CVEs from 2021
Total
5,210
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
5.2%
% with KEV
4.1%
% with exploit
4.1%
Top products
- office 13
- 365_apps 6
- office_long_term_servicing_channel 6
- library_automation_system 5
- single_connect 4
- http_server 3
- solidfire 2
- student_information_management_system 2
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2021-36740 | high | — | 8.0 | — | Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, a… | |
| CVE-2021-23982 | high | — | 8.0 | — | Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRT… | |
| CVE-2021-25746 | high | — | 8.0 | — | information disclosure in kubectl-ingress-nginx | |
| CVE-2021-23961 | high | — | 8.0 | — | Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine.… | |
| CVE-2021-23969 | high | — | 8.0 | — | As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s no… | |
| CVE-2021-41611 | high | — | 8.0 | — | An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem all… | |
| CVE-2021-23970 | high | — | 8.0 | — | Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86. | |
| CVE-2021-30609 | high | — | 8.0 | — | Chromium: CVE-2021-30609 Use after free in Sign-In | |
| CVE-2021-22890 | high | — | 8.0 | — | curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.… | |
| CVE-2021-23975 | high | — | 8.0 | — | The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof funct… | |
| CVE-2021-29157 | high | — | 8.0 | — | Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled locatio… | |
| CVE-2021-23971 | high | — | 8.0 | — | When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the… | |
| CVE-2021-3998 | high | — | 8.0 | — | A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. | |
| CVE-2021-43396 | high | — | 8.0 | — | In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an inter… | |
| CVE-2021-25217 | high | — | 8.0 | — | Important: dhcp security update | |
| CVE-2021-27803 | high | — | 8.0 | — | A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (poten… | |
| CVE-2021-23960 | high | — | 8.0 | — | Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, an… | |
| CVE-2021-21194 | high | — | 8.0 | — | Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-30567 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30559 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-30555 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-30569 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30564 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-30568 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30566 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30565 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30541 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-30561 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-30556 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-30562 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-30557 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-30537 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30523 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30520 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30518 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30543 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30539 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30516 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30538 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30536 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30526 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30530 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30517 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30510 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30513 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30527 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30519 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30506 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30515 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30509 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30507 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30514 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30512 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-30511 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21215 | high | — | 8.0 | — | Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. | |
| CVE-2021-21226 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21225 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21223 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21111 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21222 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21192 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-21116 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21191 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2021-21115 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21114 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21106 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21113 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-20247 | high | — | 8.0 | — | A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailb… | |
| CVE-2021-21214 | high | — | 8.0 | — | Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. | |
| CVE-2021-29956 | high | — | 8.0 | — | OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those k… | |
| CVE-2021-29974 | high | — | 8.0 | — | When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Stric… | |
| CVE-2021-3551 | high | — | 8.0 | — | Important: pki-core:10.6 security update | |
| CVE-2021-25215 | high | — | 8.0 | — | Important: bind security update | |
| CVE-2021-29975 | high | — | 8.0 | — | Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly… | |
| CVE-2021-23986 | high | — | 8.0 | — | A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read… | |
| CVE-2021-21190 | high | — | 8.0 | — | Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |
| CVE-2021-21112 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-1053 | high | — | 8.0 | — | multiple issues in nvidia-utils | |
| CVE-2021-1052 | high | — | 8.0 | — | multiple issues in nvidia-utils | |
| CVE-2021-23979 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |
| CVE-2021-21110 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21109 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21108 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-21107 | high | — | 8.0 | — | multiple issues in chromium | |
| CVE-2021-39899 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-39944 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2021-21216 | high | — | 8.0 | — | Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. | |
| CVE-2021-29990 | high | — | 8.0 | — | Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… | |
| CVE-2021-21231 | high | — | 8.0 | — | Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-38491 | high | — | 8.0 | — | Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox < 92. | |
| CVE-2021-21189 | high | — | 8.0 | — | Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |
| CVE-2021-3781 | high | — | 8.0 | — | A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document… | |
| CVE-2021-42327 | high | — | 8.0 | — | dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to th… | |
| CVE-2021-20305 | high | — | 8.0 | — | A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply fun… | |
| CVE-2021-21153 | high | — | 8.0 | — | Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |
| CVE-2021-21187 | high | — | 8.0 | — | Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |
| CVE-2021-21165 | high | — | 8.0 | — | Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-24000 | high | — | 8.0 | — | A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements… | |
| CVE-2021-29959 | high | — | 8.0 | — | When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only… | |
| CVE-2021-29960 | high | — | 8.0 | — | Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined … |