VIR Vulnerability Intelligence Relay

CVEs from 2021

5,048 normalized CVEs published or assigned in this year.

Total
5,048
critical
critical 273
high
high 975
medium
medium 1,141
low
low 135
% Critical
5.4%
% with KEV
4.2%
% with exploit
4.2%

Top vendors

Top products

  • office 13
  • 365_apps 6
  • office_long_term_servicing_channel 6
  • library_automation_system 5
  • single_connect 4
  • http_server 3
  • solidfire 2
  • student_information_management_system 2

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-39894 high 8.0 multiple issues in gitlab arch
CVE-2021-23985 high 8.0 If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unno… archsusedebian
CVE-2021-21223 high 8.0 multiple issues in chromium archdebian
CVE-2021-25742 high 8.0 information disclosure in kubectl-ingress-nginx arch
CVE-2021-30481 high 8.0 arbitrary code execution in steam arch
CVE-2021-32781 high 8.0 multiple issues in istio arch
CVE-2021-32780 high 8.0 multiple issues in istio arch
CVE-2021-39900 high 8.0 multiple issues in gitlab arch
CVE-2021-22209 high 8.0 multiple issues in gitlab arch
CVE-2021-32734 high 8.0 multiple issues in nextcloud arch
CVE-2021-4076 high 8.0 A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys. archdebian
CVE-2021-3405 high 8.0 A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml. archdebian
CVE-2021-39870 high 8.0 multiple issues in gitlab arch
CVE-2021-21173 high 8.0 Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-39867 high 8.0 multiple issues in gitlab arch
CVE-2021-30581 high 8.0 multiple issues in chromium archdebian
CVE-2021-2284 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… archdebian
CVE-2021-30531 high 8.0 multiple issues in chromium archdebian
CVE-2021-33910 high 8.0 basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker)… archsuserockylinuxdebian
CVE-2021-23979 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archsusedebian
CVE-2021-23988 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archsusedebian
CVE-2021-39175 high 8.0 cross-site scripting in hedgedoc arch
CVE-2021-21149 high 8.0 Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. archdebian
CVE-2021-2126 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-39874 high 8.0 multiple issues in gitlab arch
CVE-2021-21175 high 8.0 Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. archdebian
CVE-2021-29964 high 8.0 A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operat… archdebian
CVE-2021-22168 high 8.0 multiple issues in gitlab arch
CVE-2021-23997 high 8.0 Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enough effort this could have been exploited to run arbitrary … archsusedebian
CVE-2021-37966 high 8.0 Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. archdebian
CVE-2021-23953 high 8.0 If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects … archsusedebian
CVE-2021-22216 high 8.0 multiple issues in gitlab arch
CVE-2021-32777 high 8.0 multiple issues in istio arch
CVE-2021-22214 high 8.0 multiple issues in gitlab arch
CVE-2021-21202 high 8.0 Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chr… archdebian
CVE-2021-21109 high 8.0 multiple issues in chromium archdebian
CVE-2021-4129 high 8.0 Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of t… debianrockylinux
CVE-2021-23981 high 8.0 A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information lea… archsusedebian
CVE-2021-21111 high 8.0 multiple issues in chromium archdebian
CVE-2021-21192 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-39936 high 8.0 multiple issues in gitlab arch
CVE-2021-3551 high 8.0 Important: pki-core:10.6 security update debianrockylinux
CVE-2021-21197 high 8.0 Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. archdebian
CVE-2021-38494 high 8.0 Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… archdebian
CVE-2021-42322 high 8.0 multiple issues in code arch
CVE-2021-30525 high 8.0 multiple issues in chromium archdebian
CVE-2021-23972 high 8.0 One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishingtarget.com@evil.com'. To mitigate this type of attack, Firefox will display a warning dialog; howe… archsusedebian
CVE-2021-39883 high 8.0 multiple issues in gitlab arch
CVE-2021-39866 high 8.0 multiple issues in gitlab arch
CVE-2021-37979 high 8.0 heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a craf… archdebian
CVE-2021-39932 high 8.0 multiple issues in gitlab arch
CVE-2021-4064 high 8.0 multiple issues in chromium archdebian
CVE-2021-21108 high 8.0 multiple issues in chromium archdebian
CVE-2021-25216 high 8.0 In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of t… debianarchsuse
CVE-2021-2129 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-23963 high 8.0 When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This… archdebian
CVE-2021-21110 high 8.0 multiple issues in chromium archdebian
CVE-2021-23956 high 8.0 An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerabili… archdebian
CVE-2021-2266 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-30534 high 8.0 multiple issues in chromium archdebian
CVE-2021-21154 high 8.0 Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML… archdebian
CVE-2021-22236 high 8.0 multiple issues in gitlab arch
CVE-2021-21191 high 8.0 arbitrary code execution in chromium archdebian
CVE-2021-25215 high 8.0 Important: bind security update debianarchsuserockylinux
CVE-2021-39869 high 8.0 multiple issues in gitlab arch
CVE-2021-30610 high 8.0 Chromium: CVE-2021-30610 Use after free in Extensions API archdebian
CVE-2021-37962 high 8.0 Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HT… archdebian
CVE-2021-0535 high 8.0 multiple issues in wpa_supplicant arch
CVE-2021-32778 high 8.0 multiple issues in istio arch
CVE-2021-22219 high 8.0 multiple issues in gitlab arch
CVE-2021-23995 high 8.0 When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulner… archsusedebian
CVE-2021-32656 high 8.0 multiple issues in nextcloud arch
CVE-2021-37967 high 8.0 Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted … archdebian
CVE-2021-22217 high 8.0 multiple issues in gitlab arch
CVE-2021-39892 high 8.0 multiple issues in gitlab arch
CVE-2021-39871 high 8.0 multiple issues in gitlab arch
CVE-2021-32654 high 8.0 multiple issues in nextcloud arch
CVE-2021-22221 high 8.0 multiple issues in gitlab arch
CVE-2021-22220 high 8.0 multiple issues in gitlab arch
CVE-2021-37983 high 8.0 multiple issues in chromium archdebian
CVE-2021-39945 high 8.0 multiple issues in gitlab arch
CVE-2021-39915 high 8.0 multiple issues in gitlab arch
CVE-2021-29956 high 8.0 OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those k… archsuserockylinuxdebian
CVE-2021-39889 high 8.0 multiple issues in gitlab arch
CVE-2021-3446 high 8.0 A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain s… archsusedebian
CVE-2021-39941 high 8.0 multiple issues in gitlab arch
CVE-2021-20305 high 8.0 A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply fun… archsuserockylinuxdebian
CVE-2021-22890 high 8.0 curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.… archdebiansuse
CVE-2021-21158 high 8.0 insufficient validation in chromium arch
CVE-2021-43535 high 8.0 A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firef… debianrockylinux
CVE-2021-29428 high 8.0 In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds c… archsusedebian
CVE-2021-21226 high 8.0 multiple issues in chromium archdebian
CVE-2021-39933 high 8.0 multiple issues in gitlab arch
CVE-2021-2119 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… archdebian
CVE-2021-30617 high 8.0 Chromium: CVE-2021-30617 Policy bypass in Blink archdebian
CVE-2021-23983 high 8.0 By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vul… archsusedebian
CVE-2021-22218 high 8.0 multiple issues in gitlab arch
CVE-2021-22210 high 8.0 multiple issues in gitlab arch
CVE-2021-21153 high 8.0 Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. archdebian
CVE-2021-2286 high 8.0 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… archdebian