VIR Vulnerability Intelligence Relay

CVEs from 2021

5,048 normalized CVEs published or assigned in this year.

Total
5,048
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-43908 high 8.0 multiple issues in code arch
CVE-2021-39893 high 8.0 multiple issues in gitlab arch
CVE-2021-39869 high 8.0 multiple issues in gitlab arch
CVE-2021-30481 high 8.0 arbitrary code execution in steam arch
CVE-2021-2284 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… archdebian
CVE-2021-30574 high 8.0 multiple issues in chromium archdebian
CVE-2021-2286 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… archdebian
CVE-2021-30527 high 8.0 multiple issues in chromium archdebian
CVE-2021-2309 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high… archdebian
CVE-2021-30510 high 8.0 multiple issues in chromium archdebian
CVE-2021-21174 high 8.0 Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. archdebian
CVE-2021-30538 high 8.0 multiple issues in chromium archdebian
CVE-2021-30567 high 8.0 multiple issues in chromium archdebian
CVE-2021-30585 high 8.0 multiple issues in chromium archdebian
CVE-2021-30518 high 8.0 multiple issues in chromium archdebian
CVE-2021-38008 high 8.0 multiple issues in chromium archdebian
CVE-2021-2111 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-30562 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-4052 high 8.0 multiple issues in chromium archdebian
CVE-2021-2119 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-1054 high 8.0 multiple issues in nvidia-utils arch
CVE-2021-30541 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-2321 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-30568 high 8.0 multiple issues in chromium archdebian
CVE-2021-2409 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-30569 high 8.0 multiple issues in chromium archdebian
CVE-2021-20305 high 8.0 A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply fun… archsuserockylinuxdebian
CVE-2021-4053 high 8.0 multiple issues in chromium archdebian
CVE-2021-21111 high 8.0 multiple issues in chromium archdebian
CVE-2021-21113 high 8.0 multiple issues in chromium archdebian
CVE-2021-21222 high 8.0 multiple issues in chromium archdebian
CVE-2021-2281 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… archdebian
CVE-2021-30572 high 8.0 multiple issues in chromium archdebian
CVE-2021-30519 high 8.0 multiple issues in chromium archdebian
CVE-2021-23954 high 8.0 Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability … archsusedebian
CVE-2021-30526 high 8.0 multiple issues in chromium archdebian
CVE-2021-38495 high 8.0 Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have … archsusedebian
CVE-2021-38007 high 8.0 multiple issues in chromium archdebian
CVE-2021-21149 high 8.0 Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. archdebian
CVE-2021-21169 high 8.0 Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. archdebian
CVE-2021-38015 high 8.0 multiple issues in chromium archdebian
CVE-2021-21221 high 8.0 Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HT… archdebian
CVE-2021-32734 high 8.0 multiple issues in nextcloud arch
CVE-2021-29991 high 8.0 Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affect… archsusedebian
CVE-2021-37988 high 8.0 multiple issues in chromium archdebian
CVE-2021-21151 high 8.0 Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. archdebian
CVE-2021-37989 high 8.0 multiple issues in chromium archdebian
CVE-2021-38021 high 8.0 multiple issues in chromium archdebian
CVE-2021-21196 high 8.0 Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-23958 high 8.0 The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85. archdebian
CVE-2021-23981 high 8.0 A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information lea… archsusedebian
CVE-2021-4055 high 8.0 multiple issues in chromium archdebian
CVE-2021-3998 high 8.0 A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. archsusedebian
CVE-2021-32919 high 8.0 An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not co… archdebian
CVE-2021-4056 high 8.0 multiple issues in chromium archdebian
CVE-2021-4062 high 8.0 multiple issues in chromium archdebian
CVE-2021-38575 high 8.0 Important: edk2 security update archdebiansuserockylinux
CVE-2021-4064 high 8.0 multiple issues in chromium archdebian
CVE-2021-32656 high 8.0 multiple issues in nextcloud arch
CVE-2021-21116 high 8.0 multiple issues in chromium archdebian
CVE-2021-30557 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-29462 high 8.0 The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because… archdebian
CVE-2021-2145 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high… archdebian
CVE-2021-43540 high 8.0 WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects … archsusedebian
CVE-2021-2296 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high… archdebian
CVE-2021-32921 high 8.0 An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a… archdebian
CVE-2021-37997 high 8.0 multiple issues in chromium archdebian
CVE-2021-4065 high 8.0 multiple issues in chromium archdebian
CVE-2021-43529 high 8.0 Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerabl… suserockylinuxdebian
CVE-2021-32920 high 8.0 Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests. archdebian
CVE-2021-30576 high 8.0 multiple issues in chromium archdebian
CVE-2021-32917 high 8.0 An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use … archdebian
CVE-2021-21163 high 8.0 Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server. archdebian
CVE-2021-4057 high 8.0 multiple issues in chromium archdebian
CVE-2021-39877 high 8.0 multiple issues in gitlab arch
CVE-2021-38011 high 8.0 multiple issues in chromium archdebian
CVE-2021-38017 high 8.0 multiple issues in chromium archdebian
CVE-2021-4067 high 8.0 multiple issues in chromium archdebian
CVE-2021-3446 high 8.0 A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain s… archsusedebian
CVE-2021-28373 high 8.0 The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch f… archdebian
CVE-2021-21219 high 8.0 Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. archdebian
CVE-2021-21155 high 8.0 Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a c… archdebian
CVE-2021-21154 high 8.0 Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML… archdebian
CVE-2021-38020 high 8.0 multiple issues in chromium archdebian
CVE-2021-21207 high 8.0 Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chro… archdebian
CVE-2021-21161 high 8.0 Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21172 high 8.0 Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. archdebian
CVE-2021-37987 high 8.0 multiple issues in chromium archdebian
CVE-2021-21191 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-21176 high 8.0 Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. archdebian
CVE-2021-2130 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-21192 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-23998 high 8.0 Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Fir… archsusedebian
CVE-2021-38014 high 8.0 multiple issues in chromium archdebian
CVE-2021-43891 high 8.0 multiple issues in code arch
CVE-2021-2279 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows unau… archdebian
CVE-2021-39910 high 8.0 multiple issues in gitlab arch
CVE-2021-37985 high 8.0 multiple issues in chromium archdebian
CVE-2021-30624 high 8.0 Chromium: CVE-2021-30624 Use after free in Autofill archdebian
CVE-2021-38009 high 8.0 multiple issues in chromium archdebian