VIR Vulnerability Intelligence Relay

CVEs from 2021

5,047 normalized CVEs published or assigned in this year.

Total
5,047
critical
critical 273
high
high 972
medium
medium 1,144
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-23958 high 8.0 The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85. archdebian
CVE-2021-30615 high 8.0 Chromium: CVE-2021-30615 Cross-origin data leak in Navigation archdebian
CVE-2021-2283 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… archdebian
CVE-2021-38510 high 8.0 The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating s… archsusedebian
CVE-2021-21181 high 8.0 Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. archdebian
CVE-2021-21177 high 8.0 Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. archdebian
CVE-2021-36377 high 8.0 Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. archdebian
CVE-2021-38500 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… archdebianrockylinux
CVE-2021-38496 high 8.0 During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbir… archdebianrockylinux
CVE-2021-21204 high 8.0 Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-29966 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2021-29971 high 8.0 If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects … archdebian
CVE-2021-29973 high 8.0 Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user's password would be ente… archdebian
CVE-2021-20305 high 8.0 A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply fun… archsuserockylinuxdebian
CVE-2021-23956 high 8.0 An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerabili… archdebian
CVE-2021-2266 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-4064 high 8.0 multiple issues in chromium archdebian
CVE-2021-30584 high 8.0 multiple issues in chromium archdebian
CVE-2021-30579 high 8.0 multiple issues in chromium archdebian
CVE-2021-30582 high 8.0 multiple issues in chromium archdebian
CVE-2021-30573 high 8.0 multiple issues in chromium archdebian
CVE-2021-30571 high 8.0 multiple issues in chromium archdebian
CVE-2021-30572 high 8.0 multiple issues in chromium archdebian
CVE-2021-30567 high 8.0 multiple issues in chromium archdebian
CVE-2021-30559 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30555 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30569 high 8.0 multiple issues in chromium archdebian
CVE-2021-30564 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30568 high 8.0 multiple issues in chromium archdebian
CVE-2021-30566 high 8.0 multiple issues in chromium archdebian
CVE-2021-30565 high 8.0 multiple issues in chromium archdebian
CVE-2021-30541 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30561 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30556 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30562 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30557 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-30537 high 8.0 multiple issues in chromium archdebian
CVE-2021-30523 high 8.0 multiple issues in chromium archdebian
CVE-2021-30520 high 8.0 multiple issues in chromium archdebian
CVE-2021-30518 high 8.0 multiple issues in chromium archdebian
CVE-2021-30543 high 8.0 multiple issues in chromium archdebian
CVE-2021-21169 high 8.0 Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. archdebian
CVE-2021-30539 high 8.0 multiple issues in chromium archdebian
CVE-2021-30516 high 8.0 multiple issues in chromium archdebian
CVE-2021-30538 high 8.0 multiple issues in chromium archdebian
CVE-2021-30536 high 8.0 multiple issues in chromium archdebian
CVE-2021-30526 high 8.0 multiple issues in chromium archdebian
CVE-2021-30530 high 8.0 multiple issues in chromium archdebian
CVE-2021-30517 high 8.0 multiple issues in chromium archdebian
CVE-2021-30510 high 8.0 multiple issues in chromium archdebian
CVE-2021-30513 high 8.0 multiple issues in chromium archdebian
CVE-2021-30527 high 8.0 multiple issues in chromium archdebian
CVE-2021-30519 high 8.0 multiple issues in chromium archdebian
CVE-2021-30506 high 8.0 multiple issues in chromium archdebian
CVE-2021-30515 high 8.0 multiple issues in chromium archdebian
CVE-2021-30509 high 8.0 multiple issues in chromium archdebian
CVE-2021-30507 high 8.0 multiple issues in chromium archdebian
CVE-2021-30514 high 8.0 multiple issues in chromium archdebian
CVE-2021-30512 high 8.0 multiple issues in chromium archdebian
CVE-2021-30511 high 8.0 multiple issues in chromium archdebian
CVE-2021-21226 high 8.0 multiple issues in chromium archdebian
CVE-2021-21225 high 8.0 multiple issues in chromium archdebian
CVE-2021-21223 high 8.0 multiple issues in chromium archdebian
CVE-2021-21111 high 8.0 multiple issues in chromium archdebian
CVE-2021-21222 high 8.0 multiple issues in chromium archdebian
CVE-2021-21192 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-21116 high 8.0 multiple issues in chromium archdebian
CVE-2021-21191 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-21115 high 8.0 multiple issues in chromium archdebian
CVE-2021-21114 high 8.0 multiple issues in chromium archdebian
CVE-2021-21106 high 8.0 multiple issues in chromium archdebian
CVE-2021-21112 high 8.0 multiple issues in chromium archdebian
CVE-2021-21199 high 8.0 Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pa… archdebian
CVE-2021-21165 high 8.0 Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21156 high 8.0 Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script. archdebian
CVE-2021-21150 high 8.0 Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted… archdebian
CVE-2021-21208 high 8.0 Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code. archdebian
CVE-2021-21161 high 8.0 Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21159 high 8.0 Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21157 high 8.0 Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-28373 high 8.0 The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch f… archdebian
CVE-2021-21210 high 8.0 Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page. archdebian
CVE-2021-23964 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… archsusedebian
CVE-2021-23981 high 8.0 A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information lea… archsusedebian
CVE-2021-21149 high 8.0 Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. archdebian
CVE-2021-38002 high 8.0 multiple issues in chromium archdebian
CVE-2021-2284 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… archdebian
CVE-2021-24001 high 8.0 A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. … archdebian
CVE-2021-2443 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-38300 high 8.0 arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel co… archdebian
CVE-2021-37974 high 8.0 Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-29429 high 8.0 In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable t… archsusedebian
CVE-2021-29991 high 8.0 Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affect… archsusedebian
CVE-2021-29974 high 8.0 When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Stric… archsusedebian
CVE-2021-29975 high 8.0 Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly… archsusedebian
CVE-2021-21195 high 8.0 Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-29990 high 8.0 Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… archsusedebian
CVE-2021-38491 high 8.0 Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox < 92. archsusedebian
CVE-2021-3781 high 8.0 A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document… archsusedebian
CVE-2021-30540 high 8.0 Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page. archdebian