VIR Vulnerability Intelligence Relay

CVEs from 2021

5,048 normalized CVEs published or assigned in this year.

Total
5,048
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-21180 high 8.0 Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-39869 high 8.0 multiple issues in gitlab arch
CVE-2021-39912 high 8.0 multiple issues in gitlab arch
CVE-2021-21196 high 8.0 Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-0535 high 8.0 multiple issues in wpa_supplicant arch
CVE-2021-33833 high 8.0 ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA). archdebiansuse
CVE-2021-39892 high 8.0 multiple issues in gitlab arch
CVE-2021-39933 high 8.0 multiple issues in gitlab arch
CVE-2021-39936 high 8.0 multiple issues in gitlab arch
CVE-2021-21230 high 8.0 Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-42322 high 8.0 multiple issues in code arch
CVE-2021-2128 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows low pr… archdebian
CVE-2021-30576 high 8.0 multiple issues in chromium archdebian
CVE-2021-21202 high 8.0 Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chr… archdebian
CVE-2021-39915 high 8.0 multiple issues in gitlab arch
CVE-2021-30590 high 8.0 multiple issues in chromium archdebian
CVE-2021-39945 high 8.0 multiple issues in gitlab arch
CVE-2021-39897 high 8.0 multiple issues in gitlab arch
CVE-2021-2119 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-30591 high 8.0 multiple issues in chromium archdebian
CVE-2021-21227 high 8.0 Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-39872 high 8.0 multiple issues in gitlab arch
CVE-2021-39907 high 8.0 multiple issues in gitlab arch
CVE-2021-22901 high 8.0 curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use… archdebian
CVE-2021-39873 high 8.0 multiple issues in gitlab arch
CVE-2021-39931 high 8.0 multiple issues in gitlab arch
CVE-2021-4056 high 8.0 multiple issues in chromium archdebian
CVE-2021-4064 high 8.0 multiple issues in chromium archdebian
CVE-2021-21157 high 8.0 Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-4062 high 8.0 multiple issues in chromium archdebian
CVE-2021-22216 high 8.0 multiple issues in gitlab arch
CVE-2021-4057 high 8.0 multiple issues in chromium archdebian
CVE-2021-30626 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-37968 high 8.0 Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-3557 high 8.0 information disclosure in argocd arch
CVE-2021-43396 high 8.0 In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an inter… archsusedebian
CVE-2021-21211 high 8.0 Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-2112 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-22214 high 8.0 multiple issues in gitlab arch
CVE-2021-22236 high 8.0 multiple issues in gitlab arch
CVE-2021-38494 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2021-29973 high 8.0 Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user's password would be ente… archdebian
CVE-2021-28477 high 8.0 arbitrary code execution in code arch
CVE-2021-22237 high 8.0 multiple issues in gitlab arch
CVE-2021-28471 high 8.0 arbitrary code execution in code arch
CVE-2021-28473 high 8.0 arbitrary code execution in code arch
CVE-2021-32688 high 8.0 multiple issues in nextcloud arch
CVE-2021-30611 high 8.0 Chromium: CVE-2021-30611 Use after free in WebRTC archdebian
CVE-2021-22230 high 8.0 multiple issues in gitlab arch
CVE-2021-25742 high 8.0 information disclosure in kubectl-ingress-nginx arch
CVE-2021-2074 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-38499 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2021-30630 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-29971 high 8.0 If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects … archdebian
CVE-2021-37985 high 8.0 multiple issues in chromium archdebian
CVE-2021-38004 high 8.0 multiple issues in chromium archdebian
CVE-2021-38001 high 8.0 multiple issues in chromium archdebian
CVE-2021-38012 high 8.0 multiple issues in chromium archdebian
CVE-2021-37984 high 8.0 multiple issues in chromium archdebian
CVE-2021-32655 high 8.0 multiple issues in nextcloud arch
CVE-2021-2145 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high… archdebian
CVE-2021-30610 high 8.0 Chromium: CVE-2021-30610 Use after free in Extensions API archdebian
CVE-2021-37962 high 8.0 Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HT… archdebian
CVE-2021-2086 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-29977 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archsusedebian
CVE-2021-23962 high 8.0 Incorrect use of the '<RowCountChanged>' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox < 85. archdebian
CVE-2021-2291 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows low … archdebian
CVE-2021-43891 high 8.0 multiple issues in code arch
CVE-2021-23964 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… archsusedebian
CVE-2021-37989 high 8.0 multiple issues in chromium archdebian
CVE-2021-39871 high 8.0 multiple issues in gitlab arch
CVE-2021-23981 high 8.0 A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information lea… archsusedebian
CVE-2021-37991 high 8.0 multiple issues in chromium archdebian
CVE-2021-37996 high 8.0 multiple issues in chromium archdebian
CVE-2021-29967 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… archdebianrockylinux
CVE-2021-30540 high 8.0 Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page. archdebian
CVE-2021-2130 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-38006 high 8.0 multiple issues in chromium archdebian
CVE-2021-30508 high 8.0 multiple issues in chromium archdebian
CVE-2021-29966 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2021-38010 high 8.0 multiple issues in chromium archdebian
CVE-2021-41524 high 8.0 multiple issues in apache debianarch
CVE-2021-29965 high 8.0 A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that… archdebian
CVE-2021-43540 high 8.0 WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects … archsusedebian
CVE-2021-35545 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-30574 high 8.0 multiple issues in chromium archdebian
CVE-2021-2297 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high… archdebian
CVE-2021-2111 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-30535 high 8.0 multiple issues in chromium archdebian
CVE-2021-29961 high 8.0 When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89. archdebian
CVE-2021-21188 high 8.0 Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21179 high 8.0 Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21176 high 8.0 Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. archdebian
CVE-2021-30585 high 8.0 multiple issues in chromium archdebian
CVE-2021-21181 high 8.0 Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. archdebian
CVE-2021-29962 high 8.0 Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnera… archdebian
CVE-2021-37993 high 8.0 multiple issues in chromium archdebian
CVE-2021-21182 high 8.0 Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafte… archdebian
CVE-2021-39905 high 8.0 multiple issues in gitlab arch
CVE-2021-39870 high 8.0 multiple issues in gitlab arch