VIR Vulnerability Intelligence Relay

CVEs from 2021

5,048 normalized CVEs published or assigned in this year.

Total
5,048
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-39890 high 8.0 multiple issues in gitlab arch
CVE-2021-39899 high 8.0 multiple issues in gitlab arch
CVE-2021-39941 high 8.0 multiple issues in gitlab arch
CVE-2021-28477 high 8.0 arbitrary code execution in code arch
CVE-2021-39912 high 8.0 multiple issues in gitlab arch
CVE-2021-22229 high 8.0 multiple issues in gitlab arch
CVE-2021-32741 high 8.0 multiple issues in nextcloud arch
CVE-2021-32705 high 8.0 multiple issues in nextcloud arch
CVE-2021-22231 high 8.0 multiple issues in gitlab arch
CVE-2021-22232 high 8.0 multiple issues in gitlab arch
CVE-2021-32678 high 8.0 multiple issues in nextcloud arch
CVE-2021-26910 high 8.0 Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation. archdebian
CVE-2021-23965 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2021-30524 high 8.0 multiple issues in chromium archdebian
CVE-2021-30529 high 8.0 multiple issues in chromium archdebian
CVE-2021-39915 high 8.0 multiple issues in gitlab arch
CVE-2021-22239 high 8.0 multiple issues in gitlab arch
CVE-2021-3557 high 8.0 information disclosure in argocd arch
CVE-2021-21228 high 8.0 Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a … archdebian
CVE-2021-21227 high 8.0 Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21158 high 8.0 insufficient validation in chromium arch
CVE-2021-39937 high 8.0 multiple issues in gitlab arch
CVE-2021-20179 high 8.0 Important: pki-core:10.6 security update debianrockylinux
CVE-2021-39934 high 8.0 multiple issues in gitlab arch
CVE-2021-37983 high 8.0 multiple issues in chromium archdebian
CVE-2021-28475 high 8.0 arbitrary code execution in code arch
CVE-2021-38575 high 8.0 Important: edk2 security update archdebiansuserockylinux
CVE-2021-29990 high 8.0 Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… archsusedebian
CVE-2021-32921 high 8.0 An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a… archdebian
CVE-2021-39936 high 8.0 multiple issues in gitlab arch
CVE-2021-39931 high 8.0 multiple issues in gitlab arch
CVE-2021-22209 high 8.0 multiple issues in gitlab arch
CVE-2021-37980 high 8.0 Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. archdebian
CVE-2021-22210 high 8.0 multiple issues in gitlab arch
CVE-2021-21182 high 8.0 Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafte… archdebian
CVE-2021-21202 high 8.0 Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chr… archdebian
CVE-2021-43534 high 8.0 Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enoug… debianrockylinux
CVE-2021-38500 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… archdebianrockylinux
CVE-2021-29265 high 8.0 An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race… archsusedebian
CVE-2021-21229 high 8.0 Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. archdebian
CVE-2021-2306 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-2086 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-2074 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-21189 high 8.0 Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. archdebian
CVE-2021-2309 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high… archdebian
CVE-2021-21226 high 8.0 multiple issues in chromium archdebian
CVE-2021-37982 high 8.0 multiple issues in chromium archdebian
CVE-2021-30511 high 8.0 multiple issues in chromium archdebian
CVE-2021-30512 high 8.0 multiple issues in chromium archdebian
CVE-2021-37985 high 8.0 multiple issues in chromium archdebian
CVE-2021-38020 high 8.0 multiple issues in chromium archdebian
CVE-2021-30514 high 8.0 multiple issues in chromium archdebian
CVE-2021-30507 high 8.0 multiple issues in chromium archdebian
CVE-2021-37986 high 8.0 multiple issues in chromium archdebian
CVE-2021-30509 high 8.0 multiple issues in chromium archdebian
CVE-2021-4062 high 8.0 multiple issues in chromium archdebian
CVE-2021-30515 high 8.0 multiple issues in chromium archdebian
CVE-2021-30506 high 8.0 multiple issues in chromium archdebian
CVE-2021-38019 high 8.0 multiple issues in chromium archdebian
CVE-2021-30519 high 8.0 multiple issues in chromium archdebian
CVE-2021-1051 high 8.0 multiple issues in nvidia-utils arch
CVE-2021-37984 high 8.0 multiple issues in chromium archdebian
CVE-2021-30527 high 8.0 multiple issues in chromium archdebian
CVE-2021-22168 high 8.0 multiple issues in gitlab arch
CVE-2021-30513 high 8.0 multiple issues in chromium archdebian
CVE-2021-22171 high 8.0 multiple issues in gitlab arch
CVE-2021-37987 high 8.0 multiple issues in chromium archdebian
CVE-2021-4053 high 8.0 multiple issues in chromium archdebian
CVE-2021-30510 high 8.0 multiple issues in chromium archdebian
CVE-2021-24000 high 8.0 A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements… archsusedebian
CVE-2021-30517 high 8.0 multiple issues in chromium archdebian
CVE-2021-30530 high 8.0 multiple issues in chromium archdebian
CVE-2021-37981 high 8.0 multiple issues in chromium archdebian
CVE-2021-21187 high 8.0 Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. archdebian
CVE-2021-23969 high 8.0 As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s no… archsusedebian
CVE-2021-4055 high 8.0 multiple issues in chromium archdebian
CVE-2021-4067 high 8.0 multiple issues in chromium archdebian
CVE-2021-30526 high 8.0 multiple issues in chromium archdebian
CVE-2021-21185 high 8.0 Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a cr… archdebian
CVE-2021-37988 high 8.0 multiple issues in chromium archdebian
CVE-2021-4064 high 8.0 multiple issues in chromium archdebian
CVE-2021-32751 high 8.0 Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code e… archsusedebian
CVE-2021-25746 high 8.0 information disclosure in kubectl-ingress-nginx archsuse
CVE-2021-23960 high 8.0 Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, an… archsusedebian
CVE-2021-38510 high 8.0 The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating s… archsusedebian
CVE-2021-30536 high 8.0 multiple issues in chromium archdebian
CVE-2021-21201 high 8.0 Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. archdebian
CVE-2021-37989 high 8.0 multiple issues in chromium archdebian
CVE-2021-30538 high 8.0 multiple issues in chromium archdebian
CVE-2021-23974 high 8.0 The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86. archsusedebian
CVE-2021-21205 high 8.0 Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. archdebian
CVE-2021-4054 high 8.0 multiple issues in chromium archdebian
CVE-2021-30516 high 8.0 multiple issues in chromium archdebian
CVE-2021-37991 high 8.0 multiple issues in chromium archdebian
CVE-2021-30539 high 8.0 multiple issues in chromium archdebian
CVE-2021-23998 high 8.0 Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Fir… archsusedebian
CVE-2021-30543 high 8.0 multiple issues in chromium archdebian
CVE-2021-37990 high 8.0 multiple issues in chromium archdebian
CVE-2021-21174 high 8.0 Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. archdebian
CVE-2021-2121 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian