VIR Vulnerability Intelligence Relay

CVEs from 2021

5,047 normalized CVEs published or assigned in this year.

Total
5,047
critical
critical 273
high
high 972
medium
medium 1,144
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-4093 high 8.0 A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host ker… rockylinuxdebian
CVE-2021-30514 high 8.0 multiple issues in chromium archdebian
CVE-2021-30515 high 8.0 multiple issues in chromium archdebian
CVE-2021-30509 high 8.0 multiple issues in chromium archdebian
CVE-2021-30527 high 8.0 multiple issues in chromium archdebian
CVE-2021-21152 high 8.0 Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30609 high 8.0 Chromium: CVE-2021-30609 Use after free in Sign-In archdebian
CVE-2021-20305 high 8.0 A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply fun… archsuserockylinuxdebian
CVE-2021-3405 high 8.0 A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml. archdebian
CVE-2021-1053 high 8.0 multiple issues in nvidia-utils archsusedebian
CVE-2021-25215 high 8.0 Important: bind security update debianarchsuserockylinux
CVE-2021-3551 high 8.0 Important: pki-core:10.6 security update debianrockylinux
CVE-2021-20247 high 8.0 A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailb… archdebian
CVE-2021-32679 high 8.0 multiple issues in nextcloud arch
CVE-2021-28475 high 8.0 arbitrary code execution in code arch
CVE-2021-39896 high 8.0 multiple issues in gitlab arch
CVE-2021-29991 high 8.0 Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affect… archsusedebian
CVE-2021-23972 high 8.0 One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishingtarget.com@evil.com'. To mitigate this type of attack, Firefox will display a warning dialog; howe… archsusedebian
CVE-2021-38575 high 8.0 Important: edk2 security update archdebiansuserockylinux
CVE-2021-2442 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-22901 high 8.0 curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use… archdebian
CVE-2021-2074 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-38002 high 8.0 multiple issues in chromium archdebian
CVE-2021-33833 high 8.0 ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA). archdebiansuse
CVE-2021-23978 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… archsusedebian
CVE-2021-2130 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-2145 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high… archdebian
CVE-2021-32655 high 8.0 multiple issues in nextcloud arch
CVE-2021-2131 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-23955 high 8.0 The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85. archdebian
CVE-2021-33582 high 8.0 Important: cyrus-imapd security update debiansuserockylinux
CVE-2021-44879 high 8.0 In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference. archsusedebian
CVE-2021-38300 high 8.0 arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel co… archdebian
CVE-2021-30625 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-35560 high 8.0 Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated att… archsusedebian
CVE-2021-21183 high 8.0 Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-21218 high 8.0 Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. archdebian
CVE-2021-37966 high 8.0 Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. archdebian
CVE-2021-25216 high 8.0 In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of t… debianarchsuse
CVE-2021-43396 high 8.0 In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an inter… archsusedebian
CVE-2021-22208 high 8.0 multiple issues in gitlab arch
CVE-2021-22211 high 8.0 multiple issues in gitlab arch
CVE-2021-29503 high 8.0 cross-site scripting in hedgedoc arch
CVE-2021-32305 high 8.0 arbitrary command execution in websvn arch
CVE-2021-22228 high 8.0 multiple issues in gitlab arch
CVE-2021-39940 high 8.0 multiple issues in gitlab arch
CVE-2021-39937 high 8.0 multiple issues in gitlab arch
CVE-2021-1054 high 8.0 multiple issues in nvidia-utils arch
CVE-2021-22224 high 8.0 multiple issues in gitlab arch
CVE-2021-22227 high 8.0 multiple issues in gitlab arch
CVE-2021-32751 high 8.0 Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code e… archsusedebian
CVE-2021-22232 high 8.0 multiple issues in gitlab arch
CVE-2021-32678 high 8.0 multiple issues in nextcloud arch
CVE-2021-32726 high 8.0 multiple issues in nextcloud arch
CVE-2021-32725 high 8.0 multiple issues in nextcloud arch
CVE-2021-32680 high 8.0 multiple issues in nextcloud arch
CVE-2021-22226 high 8.0 multiple issues in gitlab arch
CVE-2021-22231 high 8.0 multiple issues in gitlab arch
CVE-2021-2279 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows unau… archdebian
CVE-2021-32703 high 8.0 multiple issues in nextcloud arch
CVE-2021-32705 high 8.0 multiple issues in nextcloud arch
CVE-2021-32733 high 8.0 multiple issues in nextcloud arch
CVE-2021-32741 high 8.0 multiple issues in nextcloud arch
CVE-2021-22229 high 8.0 multiple issues in gitlab arch
CVE-2021-22225 high 8.0 multiple issues in gitlab arch
CVE-2021-22223 high 8.0 multiple issues in gitlab arch
CVE-2021-39879 high 8.0 multiple issues in gitlab arch
CVE-2021-39886 high 8.0 multiple issues in gitlab arch
CVE-2021-39887 high 8.0 multiple issues in gitlab arch
CVE-2021-43529 high 8.0 Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerabl… suserockylinuxdebian
CVE-2021-39891 high 8.0 multiple issues in gitlab arch
CVE-2021-37967 high 8.0 Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted … archdebian
CVE-2021-29972 high 8.0 A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilit… archsusedebian
CVE-2021-39872 high 8.0 multiple issues in gitlab arch
CVE-2021-39873 high 8.0 multiple issues in gitlab arch
CVE-2021-23975 high 8.0 The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof funct… archsusedebian
CVE-2021-29157 high 8.0 Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled locatio… archdebiansuse
CVE-2021-39875 high 8.0 multiple issues in gitlab arch
CVE-2021-41524 high 8.0 multiple issues in apache debianarch
CVE-2021-39913 high 8.0 multiple issues in gitlab arch
CVE-2021-2282 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… archdebian
CVE-2021-39912 high 8.0 multiple issues in gitlab arch
CVE-2021-21167 high 8.0 Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-37980 high 8.0 Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. archdebian
CVE-2021-21182 high 8.0 Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafte… archdebian
CVE-2021-21228 high 8.0 Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a … archdebian
CVE-2021-21217 high 8.0 Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. archdebian
CVE-2021-21213 high 8.0 Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-2296 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high… archdebian
CVE-2021-37956 high 8.0 Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted… archdebian
CVE-2021-37957 high 8.0 Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-38499 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2021-30620 high 8.0 Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink archdebian
CVE-2021-30619 high 8.0 Chromium: CVE-2021-30619 UI Spoofing in Autofill archdebian
CVE-2021-30614 high 8.0 Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip archdebian
CVE-2021-2283 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… archdebian
CVE-2021-30612 high 8.0 Chromium: CVE-2021-30612 Use after free in WebRTC archdebian
CVE-2021-21188 high 8.0 Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-2306 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-30603 high 8.0 Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian