VIR Vulnerability Intelligence Relay

CVEs from 2021

5,048 normalized CVEs published or assigned in this year.

Total
5,048
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-32688 high 8.0 multiple issues in nextcloud arch
CVE-2021-28473 high 8.0 arbitrary code execution in code arch
CVE-2021-28469 high 8.0 arbitrary code execution in code arch
CVE-2021-22230 high 8.0 multiple issues in gitlab arch
CVE-2021-22223 high 8.0 multiple issues in gitlab arch
CVE-2021-22225 high 8.0 multiple issues in gitlab arch
CVE-2021-22229 high 8.0 multiple issues in gitlab arch
CVE-2021-32741 high 8.0 multiple issues in nextcloud arch
CVE-2021-32733 high 8.0 multiple issues in nextcloud arch
CVE-2021-27064 high 8.0 privilege escalation in code arch
CVE-2021-21106 high 8.0 multiple issues in chromium archdebian
CVE-2021-23965 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2021-26910 high 8.0 Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation. archdebian
CVE-2021-30525 high 8.0 multiple issues in chromium archdebian
CVE-2021-30529 high 8.0 multiple issues in chromium archdebian
CVE-2021-37963 high 8.0 Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. archdebian
CVE-2021-21114 high 8.0 multiple issues in chromium archdebian
CVE-2021-21115 high 8.0 multiple issues in chromium archdebian
CVE-2021-21191 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-21116 high 8.0 multiple issues in chromium archdebian
CVE-2021-21192 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-37970 high 8.0 Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21222 high 8.0 multiple issues in chromium archdebian
CVE-2021-21111 high 8.0 multiple issues in chromium archdebian
CVE-2021-21223 high 8.0 multiple issues in chromium archdebian
CVE-2021-37972 high 8.0 Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21225 high 8.0 multiple issues in chromium archdebian
CVE-2021-37971 high 8.0 Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. archdebian
CVE-2021-21226 high 8.0 multiple issues in chromium archdebian
CVE-2021-30511 high 8.0 multiple issues in chromium archdebian
CVE-2021-30512 high 8.0 multiple issues in chromium archdebian
CVE-2021-30514 high 8.0 multiple issues in chromium archdebian
CVE-2021-30507 high 8.0 multiple issues in chromium archdebian
CVE-2021-30509 high 8.0 multiple issues in chromium archdebian
CVE-2021-30515 high 8.0 multiple issues in chromium archdebian
CVE-2021-30506 high 8.0 multiple issues in chromium archdebian
CVE-2021-30519 high 8.0 multiple issues in chromium archdebian
CVE-2021-30527 high 8.0 multiple issues in chromium archdebian
CVE-2021-30513 high 8.0 multiple issues in chromium archdebian
CVE-2021-30510 high 8.0 multiple issues in chromium archdebian
CVE-2021-30517 high 8.0 multiple issues in chromium archdebian
CVE-2021-30530 high 8.0 multiple issues in chromium archdebian
CVE-2021-30526 high 8.0 multiple issues in chromium archdebian
CVE-2021-30536 high 8.0 multiple issues in chromium archdebian
CVE-2021-30538 high 8.0 multiple issues in chromium archdebian
CVE-2021-32655 high 8.0 multiple issues in nextcloud arch
CVE-2021-28373 high 8.0 The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch f… archdebian
CVE-2021-30516 high 8.0 multiple issues in chromium archdebian
CVE-2021-30539 high 8.0 multiple issues in chromium archdebian
CVE-2021-30543 high 8.0 multiple issues in chromium archdebian
CVE-2021-21155 high 8.0 Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a c… archdebian
CVE-2021-30518 high 8.0 multiple issues in chromium archdebian
CVE-2021-30520 high 8.0 multiple issues in chromium archdebian
CVE-2021-30523 high 8.0 multiple issues in chromium archdebian
CVE-2021-30537 high 8.0 multiple issues in chromium archdebian
CVE-2021-30557 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30562 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30556 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-21211 high 8.0 Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-30561 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-28544 high 8.0 Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a… archsusedebian
CVE-2021-30541 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-23984 high 8.0 A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could ha… archsusedebian
CVE-2021-33910 high 8.0 basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker)… archsuserockylinuxdebian
CVE-2021-30565 high 8.0 multiple issues in chromium archdebian
CVE-2021-30566 high 8.0 multiple issues in chromium archdebian
CVE-2021-30568 high 8.0 multiple issues in chromium archdebian
CVE-2021-37962 high 8.0 Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HT… archdebian
CVE-2021-21218 high 8.0 Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. archdebian
CVE-2021-43891 high 8.0 multiple issues in code arch
CVE-2021-39910 high 8.0 multiple issues in gitlab arch
CVE-2021-43908 high 8.0 multiple issues in code arch
CVE-2021-0535 high 8.0 multiple issues in wpa_supplicant arch
CVE-2021-39938 high 8.0 multiple issues in gitlab arch
CVE-2021-39869 high 8.0 multiple issues in gitlab arch
CVE-2021-30481 high 8.0 arbitrary code execution in steam arch
CVE-2021-39893 high 8.0 multiple issues in gitlab arch
CVE-2021-25742 high 8.0 information disclosure in kubectl-ingress-nginx arch
CVE-2021-39894 high 8.0 multiple issues in gitlab arch
CVE-2021-39892 high 8.0 multiple issues in gitlab arch
CVE-2021-39871 high 8.0 multiple issues in gitlab arch
CVE-2021-32781 high 8.0 multiple issues in istio arch
CVE-2021-32780 high 8.0 multiple issues in istio arch
CVE-2021-32656 high 8.0 multiple issues in nextcloud arch
CVE-2021-32734 high 8.0 multiple issues in nextcloud arch
CVE-2021-22217 high 8.0 multiple issues in gitlab arch
CVE-2021-22206 high 8.0 multiple issues in gitlab arch
CVE-2021-1054 high 8.0 multiple issues in nvidia-utils arch
CVE-2021-30564 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-37967 high 8.0 Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted … archdebian
CVE-2021-30555 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-21167 high 8.0 Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-2126 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-30559 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30567 high 8.0 multiple issues in chromium archdebian
CVE-2021-30572 high 8.0 multiple issues in chromium archdebian
CVE-2021-30571 high 8.0 multiple issues in chromium archdebian
CVE-2021-30573 high 8.0 multiple issues in chromium archdebian
CVE-2021-30569 high 8.0 multiple issues in chromium archdebian
CVE-2021-20305 high 8.0 A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply fun… archsuserockylinuxdebian