CVEs from 2021
Total
4,792
critical
critical 280
high
high 1,018
medium
medium 1,176
low
low 138
% Critical
5.8%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- communications_unified_inventory_management 7
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-30581 | high | — | 8.0 | — | Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML … | |||
| CVE-2021-30614 | high | — | 8.0 | — | Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip | |||
| CVE-2021-39934 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-30524 | high | — | 8.0 | — | Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML p… | |||
| CVE-2021-30598 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |||
| CVE-2021-37992 | high | — | 8.0 | — | Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-4057 | high | — | 8.0 | — | Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-23979 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |||
| CVE-2021-25746 | high | — | 8.0 | — | information disclosure in kubectl-ingress-nginx | |||
| CVE-2021-21189 | high | — | 8.0 | — | Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||
| CVE-2021-22213 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-38001 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21179 | high | — | 8.0 | — | Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-39883 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-4062 | high | — | 8.0 | — | Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pag… | |||
| CVE-2021-2409 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high p… | |||
| CVE-2021-29265 | high | — | 8.0 | — | An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race… | |||
| CVE-2021-22259 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-38008 | high | — | 8.0 | — | Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-44879 | high | — | 8.0 | — | In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference. | |||
| CVE-2021-21183 | high | — | 8.0 | — | Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2021-39867 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39898 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-30535 | high | — | 8.0 | — | Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-39900 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-36377 | high | — | 8.0 | — | Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. | |||
| CVE-2021-2125 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |||
| CVE-2021-21167 | high | — | 8.0 | — | Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-39906 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-32921 | high | — | 8.0 | — | An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a… | |||
| CVE-2021-30537 | high | — | 8.0 | — | Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass cookie policy via a crafted HTML page. | |||
| CVE-2021-29462 | high | — | 8.0 | — | The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because… | |||
| CVE-2021-21227 | high | — | 8.0 | — | Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-22208 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-28475 | high | — | 8.0 | — | arbitrary code execution in code | |||
| CVE-2021-38510 | high | — | 8.0 | — | The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating s… | |||
| CVE-2021-2442 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high p… | |||
| CVE-2021-30541 | high | — | 8.0 | — | Use after free in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21184 | high | — | 8.0 | — | Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2021-22209 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-32920 | high | — | 8.0 | — | Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests. | |||
| CVE-2021-4058 | high | — | 8.0 | — | Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-39903 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39914 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-21116 | high | — | 8.0 | — | Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30555 | high | — | 8.0 | — | Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML p… | |||
| CVE-2021-39905 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-2120 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |||
| CVE-2021-38007 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-22231 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-2280 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… | |||
| CVE-2021-29959 | high | — | 8.0 | — | When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only… | |||
| CVE-2021-30528 | high | — | 8.0 | — | Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their… | |||
| CVE-2021-32680 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-30532 | high | — | 8.0 | — | Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||
| CVE-2021-21112 | high | — | 8.0 | — | Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30575 | high | — | 8.0 | — | Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pa… | |||
| CVE-2021-22215 | high | — | 8.0 | — | information disclosure in gitlab | |||
| CVE-2021-21108 | high | — | 8.0 | — | Use after free in media in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2021-1051 | high | — | 8.0 | — | multiple issues in nvidia-utils | |||
| CVE-2021-30569 | high | — | 8.0 | — | Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-31618 | high | — | 8.0 | — | Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On viol… | |||
| CVE-2021-2126 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |||
| CVE-2021-30530 | high | — | 8.0 | — | Out of bounds memory access in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | |||
| CVE-2021-21195 | high | — | 8.0 | — | Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-38371 | high | — | 8.0 | — | The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. | |||
| CVE-2021-22217 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22206 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-36952 | high | — | 8.0 | — | multiple issues in code | |||
| CVE-2021-30509 | high | — | 8.0 | — | Out of bounds write in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a craft… | |||
| CVE-2021-32751 | high | — | 8.0 | — | Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code e… | |||
| CVE-2021-21107 | high | — | 8.0 | — | Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a craft… | |||
| CVE-2021-2127 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |||
| CVE-2021-22241 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-43396 | high | — | 8.0 | — | In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an inter… | |||
| CVE-2021-30516 | high | — | 8.0 | — | Heap buffer overflow in History in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pa… | |||
| CVE-2021-29974 | high | — | 8.0 | — | When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Stric… | |||
| CVE-2021-21217 | high | — | 8.0 | — | Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |||
| CVE-2021-39902 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-21231 | high | — | 8.0 | — | Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30574 | high | — | 8.0 | — | Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-29952 | high | — | 8.0 | — | When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnera… | |||
| CVE-2021-30507 | high | — | 8.0 | — | Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HT… | |||
| CVE-2021-21106 | high | — | 8.0 | — | Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2021-29983 | high | — | 8.0 | — | Firefox for Android could get stuck in fullscreen mode and not exit it even after normal interactions that should cause it to exit. *Note: This issue only affected Firefox for Android. Other operatin… | |||
| CVE-2021-30521 | high | — | 8.0 | — | Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | |||
| CVE-2021-4064 | high | — | 8.0 | — | Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-4076 | high | — | 8.0 | — | A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys. | |||
| CVE-2021-21110 | high | — | 8.0 | — | Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2021-3655 | high | — | 8.0 | — | A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. | |||
| CVE-2021-39937 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-30519 | high | — | 8.0 | — | Use after free in Payments in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious payments app to potentially exploit heap corruption via a crafted HT… | |||
| CVE-2021-21158 | high | — | 8.0 | — | insufficient validation in chromium | |||
| CVE-2021-30565 | high | — | 8.0 | — | Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds m… | |||
| CVE-2021-37989 | high | — | 8.0 | — | Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page. | |||
| CVE-2021-29973 | high | — | 8.0 | — | Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user's password would be ente… | |||
| CVE-2021-30525 | high | — | 8.0 | — | Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML … | |||
| CVE-2021-32726 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-29962 | high | — | 8.0 | — | Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnera… | |||
| CVE-2021-30527 | high | — | 8.0 | — | Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. |