VIR Vulnerability Intelligence Relay

CVEs from 2021

5,048 normalized CVEs published or assigned in this year.

Total
5,048
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-29462 high 8.0 The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because… archdebian
CVE-2021-21171 high 8.0 Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. archdebian
CVE-2021-21199 high 8.0 Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pa… archdebian
CVE-2021-21168 high 8.0 Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. archdebian
CVE-2021-21164 high 8.0 Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-21165 high 8.0 Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21162 high 8.0 Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-26925 high 8.0 Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering. archdebian
CVE-2021-30581 high 8.0 multiple issues in chromium archdebian
CVE-2021-1055 high 8.0 multiple issues in nvidia-utils arch
CVE-2021-39884 high 8.0 multiple issues in gitlab arch
CVE-2021-21227 high 8.0 Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21229 high 8.0 Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. archdebian
CVE-2021-21228 high 8.0 Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a … archdebian
CVE-2021-32765 high 8.0 Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` proto… archdebian
CVE-2021-21230 high 8.0 Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21233 high 8.0 Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21232 high 8.0 Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30521 high 8.0 Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. archdebian
CVE-2021-30508 high 8.0 multiple issues in chromium archdebian
CVE-2021-37968 high 8.0 Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-29973 high 8.0 Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user's password would be ente… archdebian
CVE-2021-39912 high 8.0 multiple issues in gitlab arch
CVE-2021-39913 high 8.0 multiple issues in gitlab arch
CVE-2021-39941 high 8.0 multiple issues in gitlab arch
CVE-2021-23961 high 8.0 Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine.… archsusedebian
CVE-2021-29982 high 8.0 Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 an… archdebian
CVE-2021-30567 high 8.0 multiple issues in chromium archdebian
CVE-2021-4068 high 8.0 multiple issues in chromium archdebian
CVE-2021-30578 high 8.0 multiple issues in chromium archdebian
CVE-2021-3405 high 8.0 A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml. archdebian
CVE-2021-30561 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-2264 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows low pr… archdebian
CVE-2021-30531 high 8.0 multiple issues in chromium archdebian
CVE-2021-38015 high 8.0 multiple issues in chromium archdebian
CVE-2021-23982 high 8.0 Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRT… archsusedebian
CVE-2021-30593 high 8.0 multiple issues in chromium archdebian
CVE-2021-30562 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-37988 high 8.0 multiple issues in chromium archdebian
CVE-2021-37985 high 8.0 multiple issues in chromium archdebian
CVE-2021-22166 high 8.0 multiple issues in gitlab arch
CVE-2021-4067 high 8.0 multiple issues in chromium archdebian
CVE-2021-37992 high 8.0 multiple issues in chromium archdebian
CVE-2021-21226 high 8.0 multiple issues in chromium archdebian
CVE-2021-30537 high 8.0 multiple issues in chromium archdebian
CVE-2021-30523 high 8.0 multiple issues in chromium archdebian
CVE-2021-37998 high 8.0 multiple issues in chromium archdebian
CVE-2021-41611 high 8.0 An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem all… archdebian
CVE-2021-30559 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30566 high 8.0 multiple issues in chromium archdebian
CVE-2021-39877 high 8.0 multiple issues in gitlab arch
CVE-2021-30585 high 8.0 multiple issues in chromium archdebian
CVE-2021-36740 high 8.0 Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, a… suserockylinuxdebian
CVE-2021-38006 high 8.0 multiple issues in chromium archdebian
CVE-2021-30568 high 8.0 multiple issues in chromium archdebian
CVE-2021-37987 high 8.0 multiple issues in chromium archdebian
CVE-2021-38011 high 8.0 multiple issues in chromium archdebian
CVE-2021-38016 high 8.0 multiple issues in chromium archdebian
CVE-2021-37982 high 8.0 multiple issues in chromium archdebian
CVE-2021-37989 high 8.0 multiple issues in chromium archdebian
CVE-2021-30582 high 8.0 multiple issues in chromium archdebian
CVE-2021-37977 high 8.0 Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-39868 high 8.0 multiple issues in gitlab arch
CVE-2021-4062 high 8.0 multiple issues in chromium archdebian
CVE-2021-30530 high 8.0 multiple issues in chromium archdebian
CVE-2021-2475 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-2454 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Difficult to exploit vulnerability allows low … archdebian
CVE-2021-4056 high 8.0 multiple issues in chromium archdebian
CVE-2021-38001 high 8.0 multiple issues in chromium archdebian
CVE-2021-38008 high 8.0 multiple issues in chromium archdebian
CVE-2021-30610 high 8.0 Chromium: CVE-2021-30610 Use after free in Extensions API archdebian
CVE-2021-30626 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-21163 high 8.0 Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server. archdebian
CVE-2021-21170 high 8.0 Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted … archdebian
CVE-2021-37984 high 8.0 multiple issues in chromium archdebian
CVE-2021-30520 high 8.0 multiple issues in chromium archdebian
CVE-2021-22167 high 8.0 multiple issues in gitlab arch
CVE-2021-2409 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-2321 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-2310 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high… archdebian
CVE-2021-4063 high 8.0 multiple issues in chromium archdebian
CVE-2021-32749 high 8.0 fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to poss… archdebian
CVE-2021-38009 high 8.0 multiple issues in chromium archdebian
CVE-2021-37990 high 8.0 multiple issues in chromium archdebian
CVE-2021-30509 high 8.0 multiple issues in chromium archdebian
CVE-2021-2124 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-2125 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-30597 high 8.0 multiple issues in chromium archdebian
CVE-2021-2284 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… archdebian
CVE-2021-30556 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-43529 high 8.0 Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerabl… suserockylinuxdebian
CVE-2021-35542 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-2129 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-2120 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-2128 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows low pr… archdebian
CVE-2021-2127 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-23958 high 8.0 The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85. archdebian
CVE-2021-30602 high 8.0 Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-29265 high 8.0 An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race… archsusedebian
CVE-2021-4057 high 8.0 multiple issues in chromium archdebian