VIR Vulnerability Intelligence Relay

CVEs from 2021

5,048 normalized CVEs published or assigned in this year.

Total
5,048
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-30604 high 8.0 Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30603 high 8.0 Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30607 high 8.0 Chromium: CVE-2021-30607 Use after free in Permissions archdebian
CVE-2021-30606 high 8.0 Chromium: CVE-2021-30606 Use after free in Blink archdebian
CVE-2021-30613 high 8.0 Chromium: CVE-2021-30613 Use after free in Base internals archdebian
CVE-2021-30612 high 8.0 Chromium: CVE-2021-30612 Use after free in WebRTC archdebian
CVE-2021-30614 high 8.0 Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip archdebian
CVE-2021-30616 high 8.0 Chromium: CVE-2021-30616 Use after free in Media archdebian
CVE-2021-30617 high 8.0 Chromium: CVE-2021-30617 Policy bypass in Blink archdebian
CVE-2021-30619 high 8.0 Chromium: CVE-2021-30619 UI Spoofing in Autofill archdebian
CVE-2021-2282 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… archdebian
CVE-2021-2286 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… archdebian
CVE-2021-21218 high 8.0 Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. archdebian
CVE-2021-39938 high 8.0 multiple issues in gitlab arch
CVE-2021-32680 high 8.0 multiple issues in nextcloud arch
CVE-2021-21153 high 8.0 Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. archdebian
CVE-2021-32726 high 8.0 multiple issues in nextcloud arch
CVE-2021-30593 high 8.0 multiple issues in chromium archdebian
CVE-2021-22226 high 8.0 multiple issues in gitlab arch
CVE-2021-2125 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-21183 high 8.0 Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-30627 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-22901 high 8.0 curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use… archdebian
CVE-2021-4063 high 8.0 multiple issues in chromium archdebian
CVE-2021-21216 high 8.0 Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. archdebian
CVE-2021-26910 high 8.0 Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation. archdebian
CVE-2021-21198 high 8.0 Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. archdebian
CVE-2021-2309 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high… archdebian
CVE-2021-21150 high 8.0 Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted… archdebian
CVE-2021-44879 high 8.0 In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference. archsusedebian
CVE-2021-31618 high 8.0 denial of service in apache debianarchsuse
CVE-2021-30575 high 8.0 multiple issues in chromium archdebian
CVE-2021-21208 high 8.0 Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code. archdebian
CVE-2021-21182 high 8.0 Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafte… archdebian
CVE-2021-38501 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… archsusedebianrockylinux
CVE-2021-30594 high 8.0 multiple issues in chromium archdebian
CVE-2021-3405 high 8.0 A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml. archdebian
CVE-2021-22231 high 8.0 multiple issues in gitlab arch
CVE-2021-38017 high 8.0 multiple issues in chromium archdebian
CVE-2021-21152 high 8.0 Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-23994 high 8.0 A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. archsusedebian
CVE-2021-2111 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-23996 high 8.0 By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's viewport, resulting in a spoofing attack that could have been used for phishing or other att… archdebian
CVE-2021-30618 high 8.0 Chromium: CVE-2021-30618 Inappropriate implementation in DevTools archdebian
CVE-2021-30630 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-21210 high 8.0 Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page. archdebian
CVE-2021-38371 high 8.0 The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. archdebian
CVE-2021-42327 high 8.0 dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to th… archsusedebian
CVE-2021-4052 high 8.0 multiple issues in chromium archdebian
CVE-2021-30609 high 8.0 Chromium: CVE-2021-30609 Use after free in Sign-In archdebian
CVE-2021-41611 high 8.0 An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem all… archdebian
CVE-2021-37982 high 8.0 multiple issues in chromium archdebian
CVE-2021-37963 high 8.0 Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. archdebian
CVE-2021-21188 high 8.0 Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21159 high 8.0 Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30608 high 8.0 Chromium: CVE-2021-30608 Use after free in Web Share archdebian
CVE-2021-30535 high 8.0 multiple issues in chromium archdebian
CVE-2021-4057 high 8.0 multiple issues in chromium archdebian
CVE-2021-37985 high 8.0 multiple issues in chromium archdebian
CVE-2021-32725 high 8.0 multiple issues in nextcloud arch
CVE-2021-21169 high 8.0 Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. archdebian
CVE-2021-29971 high 8.0 If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects … archdebian
CVE-2021-26925 high 8.0 Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering. archdebian
CVE-2021-22915 high 8.0 multiple issues in nextcloud arch
CVE-2021-4093 high 8.0 A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host ker… rockylinuxdebian
CVE-2021-37986 high 8.0 multiple issues in chromium archdebian
CVE-2021-37965 high 8.0 Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-21209 high 8.0 Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-2310 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high… archdebian
CVE-2021-28477 high 8.0 arbitrary code execution in code arch
CVE-2021-32918 high 8.0 An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.… archdebian
CVE-2021-4066 high 8.0 multiple issues in chromium archdebian
CVE-2021-32703 high 8.0 multiple issues in nextcloud arch
CVE-2021-32705 high 8.0 multiple issues in nextcloud arch
CVE-2021-37984 high 8.0 multiple issues in chromium archdebian
CVE-2021-21107 high 8.0 multiple issues in chromium archdebian
CVE-2021-4062 high 8.0 multiple issues in chromium archdebian
CVE-2021-38300 high 8.0 arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel co… archdebian
CVE-2021-21108 high 8.0 multiple issues in chromium archdebian
CVE-2021-32678 high 8.0 multiple issues in nextcloud arch
CVE-2021-21109 high 8.0 multiple issues in chromium archdebian
CVE-2021-1052 high 8.0 multiple issues in nvidia-utils archsusedebian
CVE-2021-37987 high 8.0 multiple issues in chromium archdebian
CVE-2021-29977 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archsusedebian
CVE-2021-1056 high 8.0 multiple issues in nvidia-utils archsusedebian
CVE-2021-21110 high 8.0 multiple issues in chromium archdebian
CVE-2021-37981 high 8.0 multiple issues in chromium archdebian
CVE-2021-1053 high 8.0 multiple issues in nvidia-utils archsusedebian
CVE-2021-21112 high 8.0 multiple issues in chromium archdebian
CVE-2021-4068 high 8.0 multiple issues in chromium archdebian
CVE-2021-43529 high 8.0 Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerabl… suserockylinuxdebian
CVE-2021-21113 high 8.0 multiple issues in chromium archdebian
CVE-2021-37988 high 8.0 multiple issues in chromium archdebian
CVE-2021-21106 high 8.0 multiple issues in chromium archdebian
CVE-2021-21197 high 8.0 Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21114 high 8.0 multiple issues in chromium archdebian
CVE-2021-21184 high 8.0 Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-21115 high 8.0 multiple issues in chromium archdebian
CVE-2021-37989 high 8.0 multiple issues in chromium archdebian
CVE-2021-21195 high 8.0 Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian