CVEs from 2021
Total
4,791
critical
critical 281
high
high 1,022
medium
medium 1,179
low
low 138
% Critical
5.9%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- mbed_tls 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-21185 | high | — | 8.0 | — | Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a cr… | |||
| CVE-2021-21189 | high | — | 8.0 | — | Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||
| CVE-2021-21205 | high | — | 8.0 | — | Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||
| CVE-2021-30538 | high | — | 8.0 | — | Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||
| CVE-2021-32751 | high | — | 8.0 | — | Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code e… | |||
| CVE-2021-25216 | high | — | 8.0 | — | In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of t… | |||
| CVE-2021-30618 | high | — | 8.0 | — | Chromium: CVE-2021-30618 Inappropriate implementation in DevTools | |||
| CVE-2021-21151 | high | — | 8.0 | — | Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2021-21183 | high | — | 8.0 | — | Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2021-21194 | high | — | 8.0 | — | Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21165 | high | — | 8.0 | — | Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-37983 | high | — | 8.0 | — | Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21107 | high | — | 8.0 | — | Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a craft… | |||
| CVE-2021-39896 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-21158 | high | — | 8.0 | — | insufficient validation in chromium | |||
| CVE-2021-39901 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22259 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-23974 | high | — | 8.0 | — | The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86. | |||
| CVE-2021-36952 | high | — | 8.0 | — | multiple issues in code | |||
| CVE-2021-4053 | high | — | 8.0 | — | Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-39900 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-21187 | high | — | 8.0 | — | Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||
| CVE-2021-22890 | high | — | 8.0 | — | curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.… | |||
| CVE-2021-21176 | high | — | 8.0 | — | Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||
| CVE-2021-21171 | high | — | 8.0 | — | Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||
| CVE-2021-21232 | high | — | 8.0 | — | Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-29462 | high | — | 8.0 | — | The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because… | |||
| CVE-2021-39885 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-38016 | high | — | 8.0 | — | Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | |||
| CVE-2021-39899 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-21216 | high | — | 8.0 | — | Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. | |||
| CVE-2021-22171 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39937 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-23988 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |||
| CVE-2021-4052 | high | — | 8.0 | — | Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome… | |||
| CVE-2021-21114 | high | — | 8.0 | — | Use after free in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30574 | high | — | 8.0 | — | Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-33833 | high | — | 8.0 | — | ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA). | |||
| CVE-2021-39944 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22209 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-2291 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows low … | |||
| CVE-2021-35545 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows high p… | |||
| CVE-2021-30624 | high | — | 8.0 | — | Chromium: CVE-2021-30624 Use after free in Autofill | |||
| CVE-2021-35540 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows low pr… | |||
| CVE-2021-2285 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… | |||
| CVE-2021-22168 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-21149 | high | — | 8.0 | — | Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | |||
| CVE-2021-30512 | high | — | 8.0 | — | Use after free in Notifications in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pa… | |||
| CVE-2021-2266 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high p… | |||
| CVE-2021-21204 | high | — | 8.0 | — | Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-25746 | high | — | 8.0 | — | information disclosure in kubectl-ingress-nginx | |||
| CVE-2021-39867 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22241 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-29983 | high | — | 8.0 | — | Firefox for Android could get stuck in fullscreen mode and not exit it even after normal interactions that should cause it to exit. *Note: This issue only affected Firefox for Android. Other operatin… | |||
| CVE-2021-39919 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-32655 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-29972 | high | — | 8.0 | — | A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilit… | |||
| CVE-2021-38002 | high | — | 8.0 | — | Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2021-4076 | high | — | 8.0 | — | A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys. | |||
| CVE-2021-2121 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |||
| CVE-2021-2283 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… | |||
| CVE-2021-39888 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-32679 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-2250 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high p… | |||
| CVE-2021-2126 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |||
| CVE-2021-32657 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-21215 | high | — | 8.0 | — | Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. | |||
| CVE-2021-22215 | high | — | 8.0 | — | information disclosure in gitlab | |||
| CVE-2021-1051 | high | — | 8.0 | — | multiple issues in nvidia-utils | |||
| CVE-2021-21191 | high | — | 8.0 | — | Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21201 | high | — | 8.0 | — | Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2021-29971 | high | — | 8.0 | — | If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects … | |||
| CVE-2021-32918 | high | — | 8.0 | — | An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.… | |||
| CVE-2021-30619 | high | — | 8.0 | — | Chromium: CVE-2021-30619 UI Spoofing in Autofill | |||
| CVE-2021-28475 | high | — | 8.0 | — | arbitrary code execution in code | |||
| CVE-2021-32919 | high | — | 8.0 | — | An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not co… | |||
| CVE-2021-37967 | high | — | 8.0 | — | Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted … | |||
| CVE-2021-21197 | high | — | 8.0 | — | Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-23985 | high | — | 8.0 | — | If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unno… | |||
| CVE-2021-38385 | high | — | 8.0 | — | Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-00… | |||
| CVE-2021-30590 | high | — | 8.0 | — | Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-22239 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-1054 | high | — | 8.0 | — | multiple issues in nvidia-utils | |||
| CVE-2021-22206 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22217 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-32734 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-29427 | high | — | 8.0 | — | In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gra… | |||
| CVE-2021-21175 | high | — | 8.0 | — | Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2021-32656 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-32780 | high | — | 8.0 | — | multiple issues in istio | |||
| CVE-2021-30575 | high | — | 8.0 | — | Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pa… | |||
| CVE-2021-32781 | high | — | 8.0 | — | multiple issues in istio | |||
| CVE-2021-39871 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-36377 | high | — | 8.0 | — | Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. | |||
| CVE-2021-39911 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-21115 | high | — | 8.0 | — | User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML … | |||
| CVE-2021-21210 | high | — | 8.0 | — | Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page. | |||
| CVE-2021-30526 | high | — | 8.0 | — | Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted… | |||
| CVE-2021-39892 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39894 | high | — | 8.0 | — | multiple issues in gitlab |