CVEs from 2021
Total
4,791
critical
critical 281
high
high 1,022
medium
medium 1,179
low
low 138
% Critical
5.9%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- mbed_tls 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-21214 | high | — | 8.0 | — | Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. | |||
| CVE-2021-21213 | high | — | 8.0 | — | Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-32678 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-38018 | high | — | 8.0 | — | Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||
| CVE-2021-21173 | high | — | 8.0 | — | Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2021-30591 | high | — | 8.0 | — | Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-41259 | high | — | 8.0 | — | multiple issues in nim | |||
| CVE-2021-30599 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |||
| CVE-2021-43891 | high | — | 8.0 | — | multiple issues in code | |||
| CVE-2021-30602 | high | — | 8.0 | — | Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30613 | high | — | 8.0 | — | Chromium: CVE-2021-30613 Use after free in Base internals | |||
| CVE-2021-38022 | high | — | 8.0 | — | Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2021-39905 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-30607 | high | — | 8.0 | — | Chromium: CVE-2021-30607 Use after free in Permissions | |||
| CVE-2021-30611 | high | — | 8.0 | — | Chromium: CVE-2021-30611 Use after free in WebRTC | |||
| CVE-2021-23997 | high | — | 8.0 | — | Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enough effort this could have been exploited to run arbitrary … | |||
| CVE-2021-30621 | high | — | 8.0 | — | Chromium: CVE-2021-30621 UI Spoofing in Autofill | |||
| CVE-2021-38020 | high | — | 8.0 | — | Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||
| CVE-2021-30507 | high | — | 8.0 | — | Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HT… | |||
| CVE-2021-22232 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39866 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-38010 | high | — | 8.0 | — | Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML p… | |||
| CVE-2021-30525 | high | — | 8.0 | — | Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML … | |||
| CVE-2021-29960 | high | — | 8.0 | — | Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined … | |||
| CVE-2021-39903 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-29961 | high | — | 8.0 | — | When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89. | |||
| CVE-2021-29974 | high | — | 8.0 | — | When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Stric… | |||
| CVE-2021-39869 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22208 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39871 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-2285 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… | |||
| CVE-2021-39945 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-0535 | high | — | 8.0 | — | multiple issues in wpa_supplicant | |||
| CVE-2021-3781 | high | — | 8.0 | — | A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document… | |||
| CVE-2021-39890 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-38017 | high | — | 8.0 | — | Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||
| CVE-2021-30567 | high | — | 8.0 | — | Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to open DevTools to potentially exploit heap corruption via specific user gesture. | |||
| CVE-2021-4059 | high | — | 8.0 | — | Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2021-21168 | high | — | 8.0 | — | Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||
| CVE-2021-39915 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-38006 | high | — | 8.0 | — | Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21159 | high | — | 8.0 | — | Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-37998 | high | — | 8.0 | — | Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-38004 | high | — | 8.0 | — | Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2021-38005 | high | — | 8.0 | — | Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30624 | high | — | 8.0 | — | Chromium: CVE-2021-30624 Use after free in Autofill | |||
| CVE-2021-38014 | high | — | 8.0 | — | Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-37993 | high | — | 8.0 | — | Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-38015 | high | — | 8.0 | — | Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted … | |||
| CVE-2021-37994 | high | — | 8.0 | — | Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||
| CVE-2021-22239 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-30581 | high | — | 8.0 | — | Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML … | |||
| CVE-2021-37985 | high | — | 8.0 | — | Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a user to allow for connection to debugger to potentially exploit heap corruption via a crafted… | |||
| CVE-2021-37990 | high | — | 8.0 | — | Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app. | |||
| CVE-2021-37991 | high | — | 8.0 | — | Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-37984 | high | — | 8.0 | — | Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-37986 | high | — | 8.0 | — | Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-39938 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-37979 | high | — | 8.0 | — | heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a craf… | |||
| CVE-2021-39888 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-30516 | high | — | 8.0 | — | Heap buffer overflow in History in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pa… | |||
| CVE-2021-22259 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-38009 | high | — | 8.0 | — | Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2021-39885 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-36952 | high | — | 8.0 | — | multiple issues in code | |||
| CVE-2021-39898 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-28660 | high | — | 8.0 | — | rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org rele… | |||
| CVE-2021-39867 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22206 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-38499 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |||
| CVE-2021-30575 | high | — | 8.0 | — | Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pa… | |||
| CVE-2021-21106 | high | — | 8.0 | — | Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2021-37963 | high | — | 8.0 | — | Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. | |||
| CVE-2021-37962 | high | — | 8.0 | — | Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HT… | |||
| CVE-2021-37968 | high | — | 8.0 | — | Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2021-39896 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-38013 | high | — | 8.0 | — | Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sand… | |||
| CVE-2021-1056 | high | — | 8.0 | — | multiple issues in nvidia-utils | |||
| CVE-2021-38012 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30481 | high | — | 8.0 | — | arbitrary code execution in steam | |||
| CVE-2021-30626 | high | — | 8.0 | — | Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-25742 | high | — | 8.0 | — | information disclosure in kubectl-ingress-nginx | |||
| CVE-2021-39894 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-30630 | high | — | 8.0 | — | Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. | |||
| CVE-2021-30616 | high | — | 8.0 | — | Chromium: CVE-2021-30616 Use after free in Media | |||
| CVE-2021-32656 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-22217 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-30574 | high | — | 8.0 | — | Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30539 | high | — | 8.0 | — | Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||
| CVE-2021-4054 | high | — | 8.0 | — | Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||
| CVE-2021-32781 | high | — | 8.0 | — | multiple issues in istio | |||
| CVE-2021-30534 | high | — | 8.0 | — | Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||
| CVE-2021-39899 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-30585 | high | — | 8.0 | — | Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30588 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30589 | high | — | 8.0 | — | Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link. | |||
| CVE-2021-39883 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-30597 | high | — | 8.0 | — | Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. | |||
| CVE-2021-30596 | high | — | 8.0 | — | Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||
| CVE-2021-39901 | high | — | 8.0 | — | multiple issues in gitlab |