VIR Vulnerability Intelligence Relay

CVEs from 2021

5,048 normalized CVEs published or assigned in this year.

Total
5,048
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-4068 high 8.0 multiple issues in chromium archdebian
CVE-2021-37979 high 8.0 heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a craf… archdebian
CVE-2021-2279 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows unau… archdebian
CVE-2021-38575 high 8.0 Important: edk2 security update archdebiansuserockylinux
CVE-2021-38021 high 8.0 multiple issues in chromium archdebian
CVE-2021-39919 high 8.0 multiple issues in gitlab arch
CVE-2021-21261 high 8.0 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to exec… archsusedebian
CVE-2021-30542 high 8.0 multiple issues in chromium archdebian
CVE-2021-32751 high 8.0 Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code e… archsusedebian
CVE-2021-39874 high 8.0 multiple issues in gitlab arch
CVE-2021-26434 high 8.0 multiple issues in code arch
CVE-2021-39175 high 8.0 cross-site scripting in hedgedoc arch
CVE-2021-22219 high 8.0 multiple issues in gitlab arch
CVE-2021-39915 high 8.0 multiple issues in gitlab arch
CVE-2021-29973 high 8.0 Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user's password would be ente… archdebian
CVE-2021-22945 high 8.0 When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call t… archdebiansuse
CVE-2021-29960 high 8.0 Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined … archdebian
CVE-2021-4059 high 8.0 multiple issues in chromium archdebian
CVE-2021-29959 high 8.0 When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only… archdebian
CVE-2021-38499 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2021-21178 high 8.0 Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML pag… archdebian
CVE-2021-30631 high 8.0 arbitrary code execution in chromium arch
CVE-2021-4067 high 8.0 multiple issues in chromium archdebian
CVE-2021-4062 high 8.0 multiple issues in chromium archdebian
CVE-2021-4057 high 8.0 multiple issues in chromium archdebian
CVE-2021-29265 high 8.0 An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race… archsusedebian
CVE-2021-41387 high 8.0 seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root. archdebian
CVE-2021-21225 high 8.0 multiple issues in chromium archdebian
CVE-2021-38008 high 8.0 multiple issues in chromium archdebian
CVE-2021-4054 high 8.0 multiple issues in chromium archdebian
CVE-2021-38019 high 8.0 multiple issues in chromium archdebian
CVE-2021-38020 high 8.0 multiple issues in chromium archdebian
CVE-2021-38012 high 8.0 multiple issues in chromium archdebian
CVE-2021-38011 high 8.0 multiple issues in chromium archdebian
CVE-2021-4052 high 8.0 multiple issues in chromium archdebian
CVE-2021-27803 high 8.0 A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (poten… archsusedebian
CVE-2021-21223 high 8.0 multiple issues in chromium archdebian
CVE-2021-29989 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… archsusedebianrockylinux
CVE-2021-21192 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-21116 high 8.0 multiple issues in chromium archdebian
CVE-2021-21115 high 8.0 multiple issues in chromium archdebian
CVE-2021-29947 high 8.0 Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… archsusedebian
CVE-2021-39896 high 8.0 multiple issues in gitlab arch
CVE-2021-21109 high 8.0 multiple issues in chromium archdebian
CVE-2021-29987 high 8.0 After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location,… archdebian
CVE-2021-39945 high 8.0 multiple issues in gitlab arch
CVE-2021-32654 high 8.0 multiple issues in nextcloud arch
CVE-2021-21162 high 8.0 Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-39883 high 8.0 multiple issues in gitlab arch
CVE-2021-30611 high 8.0 Chromium: CVE-2021-30611 Use after free in WebRTC archdebian
CVE-2021-28375 high 8.0 An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85… archsusedebian
CVE-2021-38496 high 8.0 During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbir… archdebianrockylinux
CVE-2021-39901 high 8.0 multiple issues in gitlab arch
CVE-2021-22221 high 8.0 multiple issues in gitlab arch
CVE-2021-22218 high 8.0 multiple issues in gitlab arch
CVE-2021-39911 high 8.0 multiple issues in gitlab arch
CVE-2021-4056 high 8.0 multiple issues in chromium archdebian
CVE-2021-21172 high 8.0 Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. archdebian
CVE-2021-22166 high 8.0 multiple issues in gitlab arch
CVE-2021-20247 high 8.0 A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailb… archdebian
CVE-2021-30581 high 8.0 multiple issues in chromium archdebian
CVE-2021-21108 high 8.0 multiple issues in chromium archdebian
CVE-2021-4063 high 8.0 multiple issues in chromium archdebian
CVE-2021-37978 high 8.0 Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-39866 high 8.0 multiple issues in gitlab arch
CVE-2021-23972 high 8.0 One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishingtarget.com@evil.com'. To mitigate this type of attack, Firefox will display a warning dialog; howe… archsusedebian
CVE-2021-39910 high 8.0 multiple issues in gitlab arch
CVE-2021-4061 high 8.0 multiple issues in chromium archdebian
CVE-2021-39938 high 8.0 multiple issues in gitlab arch
CVE-2021-29429 high 8.0 In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable t… archsusedebian
CVE-2021-39867 high 8.0 multiple issues in gitlab arch
CVE-2021-2283 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… archdebian
CVE-2021-21169 high 8.0 Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. archdebian
CVE-2021-22214 high 8.0 multiple issues in gitlab arch
CVE-2021-22236 high 8.0 multiple issues in gitlab arch
CVE-2021-2266 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-39869 high 8.0 multiple issues in gitlab arch
CVE-2021-29967 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… archdebianrockylinux
CVE-2021-2285 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… archdebian
CVE-2021-21177 high 8.0 Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. archdebian
CVE-2021-26910 high 8.0 Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation. archdebian
CVE-2021-21167 high 8.0 Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-37997 high 8.0 multiple issues in chromium archdebian
CVE-2021-39934 high 8.0 multiple issues in gitlab arch
CVE-2021-32777 high 8.0 multiple issues in istio arch
CVE-2021-21157 high 8.0 Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21194 high 8.0 Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-32778 high 8.0 multiple issues in istio arch
CVE-2021-27064 high 8.0 privilege escalation in code arch
CVE-2021-39936 high 8.0 multiple issues in gitlab arch
CVE-2021-21195 high 8.0 Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-39941 high 8.0 multiple issues in gitlab arch
CVE-2021-23986 high 8.0 A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read… archsusedebian
CVE-2021-23979 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archsusedebian
CVE-2021-37963 high 8.0 Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. archdebian
CVE-2021-2250 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-21233 high 8.0 Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-23994 high 8.0 A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. archsusedebian
CVE-2021-29971 high 8.0 If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects … archdebian
CVE-2021-42322 high 8.0 multiple issues in code arch