CVEs from 2021
Total
4,792
critical
critical 280
high
high 1,018
medium
medium 1,176
low
low 138
% Critical
5.8%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- communications_unified_inventory_management 7
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-30566 | high | — | 8.0 | — | Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit stack corruption via a crafted HTML… | |||
| CVE-2021-22218 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22221 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-30568 | high | — | 8.0 | — | Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-29982 | high | — | 8.0 | — | Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 an… | |||
| CVE-2021-29981 | high | — | 8.0 | — | An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulner… | |||
| CVE-2021-28375 | high | — | 8.0 | — | An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85… | |||
| CVE-2021-22166 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-37987 | high | — | 8.0 | — | Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21176 | high | — | 8.0 | — | Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||
| CVE-2021-21162 | high | — | 8.0 | — | Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-37959 | high | — | 8.0 | — | Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a craft… | |||
| CVE-2021-23970 | high | — | 8.0 | — | Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86. | |||
| CVE-2021-37981 | high | — | 8.0 | — | Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2021-37977 | high | — | 8.0 | — | Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-23971 | high | — | 8.0 | — | When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the… | |||
| CVE-2021-39912 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-38371 | high | — | 8.0 | — | The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. | |||
| CVE-2021-30631 | high | — | 8.0 | — | arbitrary code execution in chromium | |||
| CVE-2021-30531 | high | — | 8.0 | — | Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||
| CVE-2021-22890 | high | — | 8.0 | — | curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.… | |||
| CVE-2021-29952 | high | — | 8.0 | — | When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnera… | |||
| CVE-2021-42327 | high | — | 8.0 | — | dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to th… | |||
| CVE-2021-32777 | high | — | 8.0 | — | multiple issues in istio | |||
| CVE-2021-38021 | high | — | 8.0 | — | Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||
| CVE-2021-38012 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30514 | high | — | 8.0 | — | Use after free in Autofill in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-38020 | high | — | 8.0 | — | Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||
| CVE-2021-23956 | high | — | 8.0 | — | An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerabili… | |||
| CVE-2021-30622 | high | — | 8.0 | — | Chromium: CVE-2021-30622 Use after free in WebApp Installs | |||
| CVE-2021-39872 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-29962 | high | — | 8.0 | — | Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnera… | |||
| CVE-2021-29963 | high | — | 8.0 | — | Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnera… | |||
| CVE-2021-29961 | high | — | 8.0 | — | When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89. | |||
| CVE-2021-22214 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-29974 | high | — | 8.0 | — | When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Stric… | |||
| CVE-2021-21151 | high | — | 8.0 | — | Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2021-38505 | high | — | 8.0 | — | Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain… | |||
| CVE-2021-21233 | high | — | 8.0 | — | Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-39870 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-30518 | high | — | 8.0 | — | Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-1053 | high | — | 8.0 | — | multiple issues in nvidia-utils | |||
| CVE-2021-30578 | high | — | 8.0 | — | Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | |||
| CVE-2021-30629 | high | — | 8.0 | — | Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30607 | high | — | 8.0 | — | Chromium: CVE-2021-30607 Use after free in Permissions | |||
| CVE-2021-30506 | high | — | 8.0 | — | Incorrect security UI in Web App Installs in Google Chrome on Android prior to 90.0.4430.212 allowed an attacker who convinced a user to install a web application to inject scripts or HTML into a pri… | |||
| CVE-2021-30609 | high | — | 8.0 | — | Chromium: CVE-2021-30609 Use after free in Sign-In | |||
| CVE-2021-22237 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-30618 | high | — | 8.0 | — | Chromium: CVE-2021-30618 Inappropriate implementation in DevTools | |||
| CVE-2021-30628 | high | — | 8.0 | — | Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. | |||
| CVE-2021-28471 | high | — | 8.0 | — | arbitrary code execution in code | |||
| CVE-2021-28477 | high | — | 8.0 | — | arbitrary code execution in code | |||
| CVE-2021-22915 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-32688 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-30601 | high | — | 8.0 | — | Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted… | |||
| CVE-2021-39887 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-21161 | high | — | 8.0 | — | Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-39886 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-21163 | high | — | 8.0 | — | Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server. | |||
| CVE-2021-22216 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-37961 | high | — | 8.0 | — | Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-39881 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-21164 | high | — | 8.0 | — | Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2021-21202 | high | — | 8.0 | — | Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chr… | |||
| CVE-2021-39879 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-21152 | high | — | 8.0 | — | Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21150 | high | — | 8.0 | — | Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted… | |||
| CVE-2021-4054 | high | — | 8.0 | — | Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||
| CVE-2021-39901 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-21153 | high | — | 8.0 | — | Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||
| CVE-2021-21180 | high | — | 8.0 | — | Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21188 | high | — | 8.0 | — | Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21197 | high | — | 8.0 | — | Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21199 | high | — | 8.0 | — | Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pa… | |||
| CVE-2021-21215 | high | — | 8.0 | — | Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. | |||
| CVE-2021-30623 | high | — | 8.0 | — | Chromium: CVE-2021-30623 Use after free in Bookmarks | |||
| CVE-2021-39944 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22220 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-21171 | high | — | 8.0 | — | Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||
| CVE-2021-22945 | high | — | 8.0 | — | When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call t… | |||
| CVE-2021-39899 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39885 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-3781 | high | — | 8.0 | — | A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document… | |||
| CVE-2021-39867 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-36952 | high | — | 8.0 | — | multiple issues in code | |||
| CVE-2021-37956 | high | — | 8.0 | — | Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted… | |||
| CVE-2021-22259 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-30581 | high | — | 8.0 | — | Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML … | |||
| CVE-2021-21158 | high | — | 8.0 | — | insufficient validation in chromium | |||
| CVE-2021-30624 | high | — | 8.0 | — | Chromium: CVE-2021-30624 Use after free in Autofill | |||
| CVE-2021-21156 | high | — | 8.0 | — | Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script. | |||
| CVE-2021-39888 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-21183 | high | — | 8.0 | — | Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2021-30604 | high | — | 8.0 | — | Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-37971 | high | — | 8.0 | — | Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||
| CVE-2021-32679 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-30538 | high | — | 8.0 | — | Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||
| CVE-2021-30619 | high | — | 8.0 | — | Chromium: CVE-2021-30619 UI Spoofing in Autofill | |||
| CVE-2021-30529 | high | — | 8.0 | — | Use after free in Bookmarks in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML … | |||
| CVE-2021-21194 | high | — | 8.0 | — | Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |