VIR Vulnerability Intelligence Relay

CVEs from 2021

5,048 normalized CVEs published or assigned in this year.

Total
5,048
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-21180 high 8.0 Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-22945 high 8.0 When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call t… archdebiansuse
CVE-2021-22890 high 8.0 curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.… archdebiansuse
CVE-2021-23970 high 8.0 Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86. archsusedebian
CVE-2021-23969 high 8.0 As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s no… archsusedebian
CVE-2021-21178 high 8.0 Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML pag… archdebian
CVE-2021-2145 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high… archdebian
CVE-2021-32705 high 8.0 multiple issues in nextcloud arch
CVE-2021-32733 high 8.0 multiple issues in nextcloud arch
CVE-2021-32741 high 8.0 multiple issues in nextcloud arch
CVE-2021-22229 high 8.0 multiple issues in gitlab arch
CVE-2021-22225 high 8.0 multiple issues in gitlab arch
CVE-2021-22223 high 8.0 multiple issues in gitlab arch
CVE-2021-26434 high 8.0 multiple issues in code arch
CVE-2021-39883 high 8.0 multiple issues in gitlab arch
CVE-2021-39866 high 8.0 multiple issues in gitlab arch
CVE-2021-39874 high 8.0 multiple issues in gitlab arch
CVE-2021-39878 high 8.0 multiple issues in gitlab arch
CVE-2021-30515 high 8.0 multiple issues in chromium archdebian
CVE-2021-30509 high 8.0 multiple issues in chromium archdebian
CVE-2021-30507 high 8.0 multiple issues in chromium archdebian
CVE-2021-30514 high 8.0 multiple issues in chromium archdebian
CVE-2021-39890 high 8.0 multiple issues in gitlab arch
CVE-2021-30512 high 8.0 multiple issues in chromium archdebian
CVE-2021-30511 high 8.0 multiple issues in chromium archdebian
CVE-2021-37960 high 8.0 multiple issues in chromium arch
CVE-2021-21226 high 8.0 multiple issues in chromium archdebian
CVE-2021-39914 high 8.0 multiple issues in gitlab arch
CVE-2021-21225 high 8.0 multiple issues in chromium archdebian
CVE-2021-21223 high 8.0 multiple issues in chromium archdebian
CVE-2021-21111 high 8.0 multiple issues in chromium archdebian
CVE-2021-21222 high 8.0 multiple issues in chromium archdebian
CVE-2021-2074 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-22228 high 8.0 multiple issues in gitlab arch
CVE-2021-23974 high 8.0 The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86. archsusedebian
CVE-2021-21149 high 8.0 Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. archdebian
CVE-2021-21194 high 8.0 Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30465 high 8.0 Important: container-tools:3.0 security update almalinuxarchsuserockylinux+2
CVE-2021-22901 high 8.0 curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use… archdebian
CVE-2021-22224 high 8.0 multiple issues in gitlab arch
CVE-2021-43396 high 8.0 In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an inter… archsusedebian
CVE-2021-22227 high 8.0 multiple issues in gitlab arch
CVE-2021-28544 high 8.0 Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a… archsusedebian
CVE-2021-23979 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archsusedebian
CVE-2021-23986 high 8.0 A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read… archsusedebian
CVE-2021-22232 high 8.0 multiple issues in gitlab arch
CVE-2021-32678 high 8.0 multiple issues in nextcloud arch
CVE-2021-27803 high 8.0 A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (poten… archsusedebian
CVE-2021-23960 high 8.0 Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, an… archsusedebian
CVE-2021-21183 high 8.0 Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-30542 high 8.0 multiple issues in chromium archdebian
CVE-2021-32726 high 8.0 multiple issues in nextcloud arch
CVE-2021-4059 high 8.0 multiple issues in chromium archdebian
CVE-2021-38021 high 8.0 multiple issues in chromium archdebian
CVE-2021-4065 high 8.0 multiple issues in chromium archdebian
CVE-2021-4068 high 8.0 multiple issues in chromium archdebian
CVE-2021-30584 high 8.0 multiple issues in chromium archdebian
CVE-2021-30579 high 8.0 multiple issues in chromium archdebian
CVE-2021-30582 high 8.0 multiple issues in chromium archdebian
CVE-2021-30573 high 8.0 multiple issues in chromium archdebian
CVE-2021-30571 high 8.0 multiple issues in chromium archdebian
CVE-2021-30572 high 8.0 multiple issues in chromium archdebian
CVE-2021-30567 high 8.0 multiple issues in chromium archdebian
CVE-2021-30559 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30555 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30569 high 8.0 multiple issues in chromium archdebian
CVE-2021-30564 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30568 high 8.0 multiple issues in chromium archdebian
CVE-2021-30566 high 8.0 multiple issues in chromium archdebian
CVE-2021-30565 high 8.0 multiple issues in chromium archdebian
CVE-2021-30541 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30561 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-32725 high 8.0 multiple issues in nextcloud arch
CVE-2021-30556 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30562 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30557 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-32680 high 8.0 multiple issues in nextcloud arch
CVE-2021-30537 high 8.0 multiple issues in chromium archdebian
CVE-2021-30523 high 8.0 multiple issues in chromium archdebian
CVE-2021-30520 high 8.0 multiple issues in chromium archdebian
CVE-2021-30518 high 8.0 multiple issues in chromium archdebian
CVE-2021-30543 high 8.0 multiple issues in chromium archdebian
CVE-2021-30539 high 8.0 multiple issues in chromium archdebian
CVE-2021-30516 high 8.0 multiple issues in chromium archdebian
CVE-2021-30538 high 8.0 multiple issues in chromium archdebian
CVE-2021-30536 high 8.0 multiple issues in chromium archdebian
CVE-2021-30526 high 8.0 multiple issues in chromium archdebian
CVE-2021-30530 high 8.0 multiple issues in chromium archdebian
CVE-2021-30517 high 8.0 multiple issues in chromium archdebian
CVE-2021-30510 high 8.0 multiple issues in chromium archdebian
CVE-2021-30513 high 8.0 multiple issues in chromium archdebian
CVE-2021-30527 high 8.0 multiple issues in chromium archdebian
CVE-2021-30519 high 8.0 multiple issues in chromium archdebian
CVE-2021-30506 high 8.0 multiple issues in chromium archdebian
CVE-2021-22226 high 8.0 multiple issues in gitlab arch
CVE-2021-20247 high 8.0 A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailb… archdebian
CVE-2021-22231 high 8.0 multiple issues in gitlab arch
CVE-2021-32703 high 8.0 multiple issues in nextcloud arch
CVE-2021-39902 high 8.0 multiple issues in gitlab arch
CVE-2021-39903 high 8.0 multiple issues in gitlab arch