VIR Vulnerability Intelligence Relay

CVEs from 2021

5,047 normalized CVEs published or assigned in this year.

Total
5,047
critical
critical 273
high
high 972
medium
medium 1,144
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-30626 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-21218 high 8.0 Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. archdebian
CVE-2021-22219 high 8.0 multiple issues in gitlab arch
CVE-2021-21153 high 8.0 Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. archdebian
CVE-2021-28471 high 8.0 arbitrary code execution in code arch
CVE-2021-30596 high 8.0 multiple issues in chromium archdebian
CVE-2021-21182 high 8.0 Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafte… archdebian
CVE-2021-22206 high 8.0 multiple issues in gitlab arch
CVE-2021-21230 high 8.0 Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-30589 high 8.0 multiple issues in chromium archdebian
CVE-2021-38494 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2021-39917 high 8.0 multiple issues in gitlab arch
CVE-2021-32751 high 8.0 Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code e… archsusedebian
CVE-2021-39899 high 8.0 multiple issues in gitlab arch
CVE-2021-30575 high 8.0 multiple issues in chromium archdebian
CVE-2021-42322 high 8.0 multiple issues in code arch
CVE-2021-2309 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high… archdebian
CVE-2021-2475 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-37985 high 8.0 multiple issues in chromium archdebian
CVE-2021-30529 high 8.0 multiple issues in chromium archdebian
CVE-2021-22224 high 8.0 multiple issues in gitlab arch
CVE-2021-37986 high 8.0 multiple issues in chromium archdebian
CVE-2021-38500 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… archdebianrockylinux
CVE-2021-29980 high 8.0 Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunder… archsusedebianrockylinux
CVE-2021-37984 high 8.0 multiple issues in chromium archdebian
CVE-2021-21196 high 8.0 Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-21195 high 8.0 Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-37989 high 8.0 multiple issues in chromium archdebian
CVE-2021-39887 high 8.0 multiple issues in gitlab arch
CVE-2021-21180 high 8.0 Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-2454 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Difficult to exploit vulnerability allows low … archdebian
CVE-2021-30538 high 8.0 multiple issues in chromium archdebian
CVE-2021-37996 high 8.0 multiple issues in chromium archdebian
CVE-2021-21215 high 8.0 Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. archdebian
CVE-2021-21214 high 8.0 Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. archdebian
CVE-2021-30579 high 8.0 multiple issues in chromium archdebian
CVE-2021-21261 high 8.0 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to exec… archsusedebian
CVE-2021-21186 high 8.0 Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a craft… archdebian
CVE-2021-21176 high 8.0 Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. archdebian
CVE-2021-37994 high 8.0 multiple issues in chromium archdebian
CVE-2021-37988 high 8.0 multiple issues in chromium archdebian
CVE-2021-21155 high 8.0 Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a c… archdebian
CVE-2021-38001 high 8.0 multiple issues in chromium archdebian
CVE-2021-37993 high 8.0 multiple issues in chromium archdebian
CVE-2021-23969 high 8.0 As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s no… archsusedebian
CVE-2021-38575 high 8.0 Important: edk2 security update archdebiansuserockylinux
CVE-2021-23981 high 8.0 A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information lea… archsusedebian
CVE-2021-47497 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells If a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic … redhatrockylinuxsusedebian+1
CVE-2021-47386 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field If driver read val value sufficient for (va… redhatrockylinuxsusedebian
CVE-2021-47384 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field If driver read tmp value sufficient for (tmp… redhatrockylinuxsusedebian
CVE-2021-47101 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: asix: fix uninit-value in asix_mdio_read() asix_read_cmd() may read less than sizeof(smsr) bytes and in this case smsr will be un… redhatrockylinuxsusedebian
CVE-2021-47495 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: usbnet: sanity check for maxpacket maxpacket of 0 makes no sense and oopses as we need to divide by it. Give up. V2: fixed typo … redhatrockylinuxsusedebian+1
CVE-2021-47432 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Don't overflow in peek() When we started spreading new inode numbers throughout most of the 64 bit inod… redhatrockylinuxsusedebian
CVE-2021-47609 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Fix string overflow in SCPI genpd driver Without the bound checks for scpi_pd->name, it could result in the b… rockylinuxsusedebianalmalinux
CVE-2021-47582 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: USB: core: Make do_proc_control() and do_proc_bulk() killable The USBDEVFS_CONTROL and USBDEVFS_BULK ioctls invoke usb_start_wait… rockylinuxsusedebianalmalinux
CVE-2021-47321 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: watchdog: Fix possible use-after-free by calling del_timer_sync() This driver's remove path calls del_timer(). However, that func… rockylinuxsusedebian
CVE-2021-47097 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: Input: elantech - fix stack out of bound access in elantech_change_report_id() The array param[] in elantech_change_report_id() m… rockylinuxsusedebian
CVE-2021-47352 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: virtio-net: Add validation for used length This adds validation for used length (might come from an untrusted device) to avoid da… rockylinuxsusedebian
CVE-2021-47338 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: fbmem: Do not delete the mode that is still in use The execution of fb_delete_videomode() is not based on the result of the previ… rockylinuxsusedebian
CVE-2021-47527 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: serial: core: fix transmit-buffer reset and memleak Commit 761ed4a94582 ("tty: serial_core: convert uart_close to use tty_port_cl… rockylinuxsusedebianalmalinux
CVE-2021-47412 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: block: don't call rq_qos_ops->done_bio if the bio isn't tracked rq_qos framework is only applied on request based driver, so: 1)… rockylinuxsusedebian
CVE-2021-46984 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: kyber: fix out of bounds access when preempted __blk_mq_sched_bio_merge() gets the ctx and hctx for the current CPU and passes th… rockylinuxsusedebian
CVE-2021-47466 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: mm, slub: fix potential memoryleak in kmem_cache_open() In error path, the random_seq of slub cache might be leaked. Fix this by… rockylinuxsusedebian
CVE-2021-47289 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ACPI: fix NULL pointer dereference Commit 71f642833284 ("ACPI: utils: Fix reference counting in for_each_acpi_dev_match()") start… rockylinuxsusedebian
CVE-2021-47287 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: driver core: auxiliary bus: Fix memory leak when driver_register() fail If driver_register() returns with error we need to free t… rockylinuxsusedebian
CVE-2021-47606 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net: netlink: af_netlink: Prevent empty skb by adding a check on len. Adding a check on len parameter to avoid empty skb. This pr… redhatsusedebianrockylinux+1
CVE-2021-47408 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: serialize hash resizes and cleanups Syzbot was able to trigger the following warning [1] No repro found by… rockylinuxsusedebianalmalinux
CVE-2021-47284 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: netjet: Fix crash in nj_probe: 'nj_setup' in netjet.c might fail with -EIO and in this case 'card->irq' is initializ… rockylinuxsusedebianalmalinux
CVE-2021-47304 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: tcp: fix tcp_init_transfer() to not reset icsk_ca_initialized This commit fixes a bug (found by syzkaller) that could cause spuri… rockylinuxsusedebianalmalinux
CVE-2021-47461 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: userfaultfd: fix a race between writeprotect and exit_mmap() A race is possible when a process exits, its VMAs are removed by exi… rockylinuxsusedebianalmalinux
CVE-2021-47491 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: mm: khugepaged: skip huge page collapse for special files The read-only THP for filesystems will collapse THP for files opened re… rockylinuxsusedebianalmalinux
CVE-2021-47018 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: powerpc/64: Fix the definition of the fixmap area At the time being, the fixmap area is defined at the top of the address space o… rockylinuxsusedebian
CVE-2021-46939 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: tracing: Restructure trace_clock_global() to never block It was reported that a fix to the ring buffer recursion detection would … rockylinuxsusedebianalmalinux
CVE-2021-47468 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: Fix sleeping function called from invalid context The driver can call card->isac.release() function from an atomic c… rockylinuxsusedebianalmalinux
CVE-2021-47257 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: fix null deref in parse dev addr Fix a logic error that could result in a null deref if the user sets the mode i… rockylinuxsusedebianalmalinux
CVE-2021-47624 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change The refcount leak issues take place in an error handling pat… rockylinuxsusedebianalmalinux
CVE-2021-47548 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() The if statement: if (port… redhatrockylinuxsusedebian+1
CVE-2021-47596 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg Currently, the hns3_remove function firstly uninstall client instance, … redhatsusedebianrockylinux+1
CVE-2021-47356 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible use-after-free in HFC_cleanup() This module's remove path calls del_timer(). However, that function does not … rockylinuxsusedebianalmalinux
CVE-2021-47353 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: udf: Fix NULL pointer dereference in udf_symlink function In function udf_symlink, epos.bh is assigned with the value returned by… rockylinuxsusedebianalmalinux
CVE-2021-47456 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: can: peak_pci: peak_pci_remove(): fix UAF When remove the module peek_pci, referencing 'chan' again after releasing 'dev' will ca… rockylinuxsusedebianalmalinux
CVE-2021-46972 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ovl: fix leaked dentry Since commit 6815f479ca90 ("ovl: use only uppermetacopy state in ovl_lookup()"), overlayfs doesn't put tem… rockylinuxsusedebianalmalinux
CVE-2021-47310 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net: ti: fix UAF in tlan_remove_one priv is netdev private data and it cannot be used after free_netdev() call. Using priv after … rockylinuxsusedebianalmalinux
CVE-2021-47069 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry do_mq_timedreceive calls wq_sleep with a stack local add… rockylinuxsusedebianalmalinux
CVE-2021-47311 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net: qcom/emac: fix UAF in emac_remove adpt is netdev private data and it cannot be used after free_netdev() call. Using adpt aft… rockylinuxsusedebianalmalinux
CVE-2021-47073 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios init_dell_smbios_wmi() only registers the dell_smbios_wmi_driver on … rockylinuxsusedebianalmalinux
CVE-2021-46909 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ARM: footbridge: fix PCI interrupt mapping Since commit 30fdfb929e82 ("PCI: Add a call to pci_assign_irq() in pci_device_probe()"… rockylinuxsusedebianalmalinux
CVE-2021-47236 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net: cdc_eem: fix tx fixup skb leak when usbnet transmit a skb, eem fixup it in eem_tx_fixup(), if skb_copy_expand() failed, it r… rockylinuxsusedebianalmalinux
CVE-2021-43815 high 8.0 2y ago Grafana directory traversal for .cvs files archsusegolang
CVE-2021-47579 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ovl: fix warning in ovl_create_real() Syzbot triggered the following warning in ovl_workdir_create() -> ovl_create_real(): if (… redhatrockylinuxsusedebian+1
CVE-2021-43975 high 8.0 3y ago In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-… archsusedebian
CVE-2021-47515 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: seg6: fix the iif in the IPv6 socket control block When an IPv4 packet is received, the ip_rcv_core(...) sets the receiving inter… redhatsusedebian
CVE-2021-33656 high 8.0 3y ago When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds. susedebianalmalinux
CVE-2021-33631 high 8.0 3y ago Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, … redhatrockylinuxsusedebian
CVE-2021-38578 high 8.0 3y ago Important: edk2 security, bug fix, and enhancement update redhatdebiansuse
CVE-2021-47393 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs Fan speed minimum can be enforced from sy… redhatrockylinuxsusedebian
CVE-2021-33655 high 8.0 3y ago Important: kernel-rt security and bug fix update archredhatsusedebian+1
CVE-2021-47441 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling stat… redhatrockylinuxsusedebian
CVE-2021-47592 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix tc flower deletion for VLAN priority Rx steering To replicate the issue:- 1) Add 1 flower filter for VLAN Prior… redhatsusedebian
CVE-2021-47671 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: es58x_rx_err_msg(): fix memory leak in error path In es58x_rx_err_msg(), if can->do_set_mode() fails, the functi… redhatsusedebian