VIR Vulnerability Intelligence Relay

CVEs from 2021

5,047 normalized CVEs published or assigned in this year.

Total
5,047
critical
critical 273
high
high 972
medium
medium 1,144
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-30620 high 8.0 Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink archdebian
CVE-2021-30622 high 8.0 Chromium: CVE-2021-30622 Use after free in WebApp Installs archdebian
CVE-2021-30623 high 8.0 Chromium: CVE-2021-30623 Use after free in Bookmarks archdebian
CVE-2021-30629 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-37956 high 8.0 Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted… archdebian
CVE-2021-37958 high 8.0 Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. archdebian
CVE-2021-37959 high 8.0 Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a craft… archdebian
CVE-2021-21217 high 8.0 Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. archdebian
CVE-2021-1055 high 8.0 multiple issues in nvidia-utils arch
CVE-2021-32765 high 8.0 Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` proto… archdebian
CVE-2021-21230 high 8.0 Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21232 high 8.0 Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-37968 high 8.0 Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-39906 high 8.0 multiple issues in gitlab arch
CVE-2021-39897 high 8.0 multiple issues in gitlab arch
CVE-2021-39909 high 8.0 multiple issues in gitlab arch
CVE-2021-39898 high 8.0 multiple issues in gitlab arch
CVE-2021-39905 high 8.0 multiple issues in gitlab arch
CVE-2021-39895 high 8.0 multiple issues in gitlab arch
CVE-2021-39907 high 8.0 multiple issues in gitlab arch
CVE-2021-39903 high 8.0 multiple issues in gitlab arch
CVE-2021-39902 high 8.0 multiple issues in gitlab arch
CVE-2021-39914 high 8.0 multiple issues in gitlab arch
CVE-2021-41524 high 8.0 multiple issues in apache debianarch
CVE-2021-39875 high 8.0 multiple issues in gitlab arch
CVE-2021-39873 high 8.0 multiple issues in gitlab arch
CVE-2021-39872 high 8.0 multiple issues in gitlab arch
CVE-2021-39891 high 8.0 multiple issues in gitlab arch
CVE-2021-39887 high 8.0 multiple issues in gitlab arch
CVE-2021-39886 high 8.0 multiple issues in gitlab arch
CVE-2021-39879 high 8.0 multiple issues in gitlab arch
CVE-2021-37960 high 8.0 multiple issues in chromium arch
CVE-2021-39890 high 8.0 multiple issues in gitlab arch
CVE-2021-39878 high 8.0 multiple issues in gitlab arch
CVE-2021-39874 high 8.0 multiple issues in gitlab arch
CVE-2021-39866 high 8.0 multiple issues in gitlab arch
CVE-2021-39883 high 8.0 multiple issues in gitlab arch
CVE-2021-26434 high 8.0 multiple issues in code arch
CVE-2021-41387 high 8.0 seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root. archdebian
CVE-2021-39175 high 8.0 cross-site scripting in hedgedoc arch
CVE-2021-32777 high 8.0 multiple issues in istio arch
CVE-2021-22216 high 8.0 multiple issues in gitlab arch
CVE-2021-1056 high 8.0 multiple issues in nvidia-utils archsusedebian
CVE-2021-1052 high 8.0 multiple issues in nvidia-utils archsusedebian
CVE-2021-3405 high 8.0 A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml. archdebian
CVE-2021-3570 high 8.0 A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or pote… suserockylinuxdebian
CVE-2021-39871 high 8.0 multiple issues in gitlab arch
CVE-2021-39892 high 8.0 multiple issues in gitlab arch
CVE-2021-39894 high 8.0 multiple issues in gitlab arch
CVE-2021-25742 high 8.0 information disclosure in kubectl-ingress-nginx arch
CVE-2021-39893 high 8.0 multiple issues in gitlab arch
CVE-2021-30481 high 8.0 arbitrary code execution in steam arch
CVE-2021-39869 high 8.0 multiple issues in gitlab arch
CVE-2021-39938 high 8.0 multiple issues in gitlab arch
CVE-2021-0535 high 8.0 multiple issues in wpa_supplicant arch
CVE-2021-43908 high 8.0 multiple issues in code arch
CVE-2021-39910 high 8.0 multiple issues in gitlab arch
CVE-2021-21218 high 8.0 Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. archdebian
CVE-2021-30625 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30621 high 8.0 Chromium: CVE-2021-30621 UI Spoofing in Autofill archdebian
CVE-2021-37978 high 8.0 Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30534 high 8.0 multiple issues in chromium archdebian
CVE-2021-38502 high 8.0 Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the auth… archrockylinuxdebian
CVE-2021-30532 high 8.0 multiple issues in chromium archdebian
CVE-2021-2475 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-2454 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Difficult to exploit vulnerability allows low … archdebian
CVE-2021-2443 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-24001 high 8.0 A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. … archdebian
CVE-2021-2321 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-2310 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high… archdebian
CVE-2021-23996 high 8.0 By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's viewport, resulting in a spoofing attack that could have been used for phishing or other att… archdebian
CVE-2021-20247 high 8.0 A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailb… archdebian
CVE-2021-2282 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… archdebian
CVE-2021-2279 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows unau… archdebian
CVE-2021-23963 high 8.0 When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This… archdebian
CVE-2021-23958 high 8.0 The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85. archdebian
CVE-2021-2120 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-2129 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-2125 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-2119 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-2111 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-2073 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-21211 high 8.0 Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-31618 high 8.0 denial of service in apache debianarchsuse
CVE-2021-22901 high 8.0 curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use… archdebian
CVE-2021-21183 high 8.0 Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-21182 high 8.0 Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafte… archdebian
CVE-2021-21160 high 8.0 Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21152 high 8.0 Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-1053 high 8.0 multiple issues in nvidia-utils archsusedebian
CVE-2021-21155 high 8.0 Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a c… archdebian
CVE-2021-28373 high 8.0 The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch f… archdebian
CVE-2021-37999 high 8.0 multiple issues in chromium archdebian
CVE-2021-37997 high 8.0 multiple issues in chromium archdebian
CVE-2021-32655 high 8.0 multiple issues in nextcloud arch
CVE-2021-20179 high 8.0 Important: pki-core:10.6 security update debianrockylinux
CVE-2021-35560 high 8.0 Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated att… archsusedebian
CVE-2021-39945 high 8.0 multiple issues in gitlab arch
CVE-2021-39915 high 8.0 multiple issues in gitlab arch
CVE-2021-41611 high 8.0 An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem all… archdebian