VIR Vulnerability Intelligence Relay

CVEs from 2021

5,048 normalized CVEs published or assigned in this year.

Total
5,048
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-29986 high 8.0 A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are … archsusedebianrockylinux
CVE-2021-29989 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… archsusedebianrockylinux
CVE-2021-38505 high 8.0 Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain… archsusedebian
CVE-2021-23997 high 8.0 Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enough effort this could have been exploited to run arbitrary … archsusedebian
CVE-2021-29947 high 8.0 Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… archsusedebian
CVE-2021-33582 high 8.0 Important: cyrus-imapd security update debiansuserockylinux
CVE-2021-23999 high 8.0 If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vul… archsusedebian
CVE-2021-29428 high 8.0 In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds c… archsusedebian
CVE-2021-38499 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2021-43396 high 8.0 In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an inter… archsusedebian
CVE-2021-36740 high 8.0 Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, a… suserockylinuxdebian
CVE-2021-23971 high 8.0 When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the… archsusedebian
CVE-2021-39944 high 8.0 multiple issues in gitlab arch
CVE-2021-39940 high 8.0 multiple issues in gitlab arch
CVE-2021-39937 high 8.0 multiple issues in gitlab arch
CVE-2021-39899 high 8.0 multiple issues in gitlab arch
CVE-2021-36952 high 8.0 multiple issues in code arch
CVE-2021-21158 high 8.0 insufficient validation in chromium arch
CVE-2021-22945 high 8.0 When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call t… archdebiansuse
CVE-2021-22890 high 8.0 curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.… archdebiansuse
CVE-2021-23970 high 8.0 Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86. archsusedebian
CVE-2021-23969 high 8.0 As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s no… archsusedebian
CVE-2021-32751 high 8.0 Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code e… archsusedebian
CVE-2021-29976 high 8.0 Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort s… archsusedebianrockylinux
CVE-2021-29981 high 8.0 An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulner… archsusedebian
CVE-2021-29985 high 8.0 A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR… archsusedebianrockylinux
CVE-2021-38497 high 8.0 Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerabil… archsusedebianrockylinux
CVE-2021-38498 high 8.0 During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Fire… archsusedebianrockylinux
CVE-2021-23979 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archsusedebian
CVE-2021-23986 high 8.0 A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read… archsusedebian
CVE-2021-24000 high 8.0 A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements… archsusedebian
CVE-2021-23987 high 8.0 Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enoug… archsusedebian
CVE-2021-29427 high 8.0 In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gra… archsusedebian
CVE-2021-29972 high 8.0 A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilit… archsusedebian
CVE-2021-25746 high 8.0 information disclosure in kubectl-ingress-nginx archsuse
CVE-2021-23975 high 8.0 The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof funct… archsusedebian
CVE-2021-29157 high 8.0 Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled locatio… archdebiansuse
CVE-2021-25217 high 8.0 Important: dhcp security update archsusedebianrockylinux
CVE-2021-27803 high 8.0 A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (poten… archsusedebian
CVE-2021-23960 high 8.0 Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, an… archsusedebian
CVE-2021-23998 high 8.0 Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Fir… archsusedebian
CVE-2021-29970 high 8.0 A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerabili… archsusedebianrockylinux
CVE-2021-29984 high 8.0 Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploi… archsusedebianrockylinux
CVE-2021-29988 high 8.0 Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Th… archsusedebianrockylinux
CVE-2021-38493 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… archsusedebianrockylinux
CVE-2021-38495 high 8.0 Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have … archsusedebian
CVE-2021-38510 high 8.0 The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating s… archsusedebian
CVE-2021-38385 high 8.0 Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-00… archdebian
CVE-2021-47384 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field If driver read tmp value sufficient for (tmp… redhatrockylinuxsusedebian
CVE-2021-47386 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field If driver read val value sufficient for (va… redhatrockylinuxsusedebian
CVE-2021-47101 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: asix: fix uninit-value in asix_mdio_read() asix_read_cmd() may read less than sizeof(smsr) bytes and in this case smsr will be un… redhatrockylinuxsusedebian
CVE-2021-47495 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: usbnet: sanity check for maxpacket maxpacket of 0 makes no sense and oopses as we need to divide by it. Give up. V2: fixed typo … redhatrockylinuxsusedebian
CVE-2021-47497 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells If a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic … redhatrockylinuxsusedebian+1
CVE-2021-47432 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Don't overflow in peek() When we started spreading new inode numbers throughout most of the 64 bit inod… redhatrockylinuxsusedebian
CVE-2021-47383 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: tty: Fix out-of-bound vmalloc access in imageblit This issue happens when a userspace program does an ioctl FBIOPUT_VSCREENINFO p… redhatrockylinuxsusedebian
CVE-2021-47385 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field If driver read val value sufficient for (va… redhatrockylinuxsusedebian
CVE-2021-47527 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: serial: core: fix transmit-buffer reset and memleak Commit 761ed4a94582 ("tty: serial_core: convert uart_close to use tty_port_cl… rockylinuxsusedebianalmalinux
CVE-2021-47097 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: Input: elantech - fix stack out of bound access in elantech_change_report_id() The array param[] in elantech_change_report_id() m… rockylinuxsusedebian
CVE-2021-46984 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: kyber: fix out of bounds access when preempted __blk_mq_sched_bio_merge() gets the ctx and hctx for the current CPU and passes th… rockylinuxsusedebian
CVE-2021-47289 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ACPI: fix NULL pointer dereference Commit 71f642833284 ("ACPI: utils: Fix reference counting in for_each_acpi_dev_match()") start… rockylinuxsusedebian
CVE-2021-47412 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: block: don't call rq_qos_ops->done_bio if the bio isn't tracked rq_qos framework is only applied on request based driver, so: 1)… rockylinuxsusedebian
CVE-2021-47609 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Fix string overflow in SCPI genpd driver Without the bound checks for scpi_pd->name, it could result in the b… rockylinuxsusedebianalmalinux
CVE-2021-47287 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: driver core: auxiliary bus: Fix memory leak when driver_register() fail If driver_register() returns with error we need to free t… rockylinuxsusedebian
CVE-2021-47321 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: watchdog: Fix possible use-after-free by calling del_timer_sync() This driver's remove path calls del_timer(). However, that func… rockylinuxsusedebian
CVE-2021-47338 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: fbmem: Do not delete the mode that is still in use The execution of fb_delete_videomode() is not based on the result of the previ… rockylinuxsusedebian
CVE-2021-47582 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: USB: core: Make do_proc_control() and do_proc_bulk() killable The USBDEVFS_CONTROL and USBDEVFS_BULK ioctls invoke usb_start_wait… rockylinuxsusedebianalmalinux
CVE-2021-47352 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: virtio-net: Add validation for used length This adds validation for used length (might come from an untrusted device) to avoid da… rockylinuxsusedebian
CVE-2021-47466 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: mm, slub: fix potential memoryleak in kmem_cache_open() In error path, the random_seq of slub cache might be leaked. Fix this by… rockylinuxsusedebian
CVE-2021-47606 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net: netlink: af_netlink: Prevent empty skb by adding a check on len. Adding a check on len parameter to avoid empty skb. This pr… redhatsusedebianrockylinux
CVE-2021-47284 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: netjet: Fix crash in nj_probe: 'nj_setup' in netjet.c might fail with -EIO and in this case 'card->irq' is initializ… rockylinuxsusedebian
CVE-2021-47304 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: tcp: fix tcp_init_transfer() to not reset icsk_ca_initialized This commit fixes a bug (found by syzkaller) that could cause spuri… rockylinuxsusedebian
CVE-2021-47257 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: fix null deref in parse dev addr Fix a logic error that could result in a null deref if the user sets the mode i… rockylinuxsusedebian
CVE-2021-47018 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: powerpc/64: Fix the definition of the fixmap area At the time being, the fixmap area is defined at the top of the address space o… rockylinuxsusedebian
CVE-2021-47461 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: userfaultfd: fix a race between writeprotect and exit_mmap() A race is possible when a process exits, its VMAs are removed by exi… rockylinuxsusedebian
CVE-2021-47491 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: mm: khugepaged: skip huge page collapse for special files The read-only THP for filesystems will collapse THP for files opened re… rockylinuxsusedebian
CVE-2021-47408 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: serialize hash resizes and cleanups Syzbot was able to trigger the following warning [1] No repro found by… rockylinuxsusedebian
CVE-2021-47624 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change The refcount leak issues take place in an error handling pat… rockylinuxsusedebian
CVE-2021-47468 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: Fix sleeping function called from invalid context The driver can call card->isac.release() function from an atomic c… rockylinuxsusedebian
CVE-2021-46939 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: tracing: Restructure trace_clock_global() to never block It was reported that a fix to the ring buffer recursion detection would … rockylinuxsusedebian
CVE-2021-47596 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg Currently, the hns3_remove function firstly uninstall client instance, … redhatsusedebianrockylinux
CVE-2021-47548 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() The if statement: if (port… redhatrockylinuxsusedebian
CVE-2021-47356 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible use-after-free in HFC_cleanup() This module's remove path calls del_timer(). However, that function does not … rockylinuxsusedebian
CVE-2021-47353 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: udf: Fix NULL pointer dereference in udf_symlink function In function udf_symlink, epos.bh is assigned with the value returned by… rockylinuxsusedebian
CVE-2021-47456 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: can: peak_pci: peak_pci_remove(): fix UAF When remove the module peek_pci, referencing 'chan' again after releasing 'dev' will ca… rockylinuxsusedebian
CVE-2021-47069 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry do_mq_timedreceive calls wq_sleep with a stack local add… rockylinuxsusedebian
CVE-2021-47236 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net: cdc_eem: fix tx fixup skb leak when usbnet transmit a skb, eem fixup it in eem_tx_fixup(), if skb_copy_expand() failed, it r… rockylinuxsusedebian
CVE-2021-47073 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios init_dell_smbios_wmi() only registers the dell_smbios_wmi_driver on … rockylinuxsusedebian
CVE-2021-46972 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ovl: fix leaked dentry Since commit 6815f479ca90 ("ovl: use only uppermetacopy state in ovl_lookup()"), overlayfs doesn't put tem… rockylinuxsusedebian
CVE-2021-46909 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ARM: footbridge: fix PCI interrupt mapping Since commit 30fdfb929e82 ("PCI: Add a call to pci_assign_irq() in pci_device_probe()"… rockylinuxsusedebian
CVE-2021-47310 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net: ti: fix UAF in tlan_remove_one priv is netdev private data and it cannot be used after free_netdev() call. Using priv after … rockylinuxsusedebian
CVE-2021-47311 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net: qcom/emac: fix UAF in emac_remove adpt is netdev private data and it cannot be used after free_netdev() call. Using adpt aft… rockylinuxsusedebian
CVE-2021-43815 high 8.0 2y ago Grafana directory traversal for .cvs files archsusegolang
CVE-2021-47579 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ovl: fix warning in ovl_create_real() Syzbot triggered the following warning in ovl_workdir_create() -> ovl_create_real(): if (… redhatrockylinuxsusedebian
CVE-2021-43975 high 8.0 3y ago In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-… archsusedebian
CVE-2021-47515 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: seg6: fix the iif in the IPv6 socket control block When an IPv4 packet is received, the ip_rcv_core(...) sets the receiving inter… redhatsusedebian
CVE-2021-33656 high 8.0 3y ago When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds. susedebian
CVE-2021-47441 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling stat… redhatrockylinuxsusedebian
CVE-2021-47671 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: es58x_rx_err_msg(): fix memory leak in error path In es58x_rx_err_msg(), if can->do_set_mode() fails, the functi… redhatsusedebian
CVE-2021-26341 high 8.0 3y ago Important: kernel-rt security and bug fix update redhatsuse
CVE-2021-47560 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum: Protect driver from buggy firmware When processing port up/down events generated by the device's firmware, the d… redhatrockylinuxsusedebian+1