CVEs from 2021
Total
4,792
critical
critical 280
high
high 1,018
medium
medium 1,176
low
low 138
% Critical
5.8%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- communications_unified_inventory_management 7
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-30514 | high | — | 8.0 | — | Use after free in Autofill in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30515 | high | — | 8.0 | — | Use after free in File API in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30520 | high | — | 8.0 | — | Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML… | |||
| CVE-2021-30523 | high | — | 8.0 | — | Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet. | |||
| CVE-2021-26925 | high | — | 8.0 | — | Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering. | |||
| CVE-2021-30543 | high | — | 8.0 | — | Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML … | |||
| CVE-2021-39881 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39868 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39877 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39870 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-4062 | high | — | 8.0 | — | Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pag… | |||
| CVE-2021-39889 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-21160 | high | — | 8.0 | — | Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21161 | high | — | 8.0 | — | Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21163 | high | — | 8.0 | — | Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server. | |||
| CVE-2021-21167 | high | — | 8.0 | — | Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-37957 | high | — | 8.0 | — | Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21178 | high | — | 8.0 | — | Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML pag… | |||
| CVE-2021-21179 | high | — | 8.0 | — | Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21186 | high | — | 8.0 | — | Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a craft… | |||
| CVE-2021-21192 | high | — | 8.0 | — | Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-4056 | high | — | 8.0 | — | Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-38022 | high | — | 8.0 | — | Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2021-21202 | high | — | 8.0 | — | Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chr… | |||
| CVE-2021-4057 | high | — | 8.0 | — | Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-1055 | high | — | 8.0 | — | multiple issues in nvidia-utils | |||
| CVE-2021-39884 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-21227 | high | — | 8.0 | — | Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21228 | high | — | 8.0 | — | Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a … | |||
| CVE-2021-32765 | high | — | 8.0 | — | Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` proto… | |||
| CVE-2021-21230 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-39912 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39913 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39934 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39936 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39933 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39932 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39931 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39917 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-42322 | high | — | 8.0 | — | multiple issues in code | |||
| CVE-2021-38018 | high | — | 8.0 | — | Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||
| CVE-2021-39941 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39915 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39945 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39906 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39897 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39909 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39898 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39905 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39895 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39907 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39903 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39902 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39914 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39875 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39873 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39872 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39891 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39887 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39886 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39879 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-37960 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2021-39890 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39878 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39874 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39866 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39883 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-26434 | high | — | 8.0 | — | multiple issues in code | |||
| CVE-2021-41387 | high | — | 8.0 | — | seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root. | |||
| CVE-2021-39175 | high | — | 8.0 | — | cross-site scripting in hedgedoc | |||
| CVE-2021-32777 | high | — | 8.0 | — | multiple issues in istio | |||
| CVE-2021-30631 | high | — | 8.0 | — | arbitrary code execution in chromium | |||
| CVE-2021-22216 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22213 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-38017 | high | — | 8.0 | — | Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||
| CVE-2021-32654 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-22220 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22221 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22218 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22214 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-32778 | high | — | 8.0 | — | multiple issues in istio | |||
| CVE-2021-22219 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22236 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22181 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-32653 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-22915 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-22237 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-28457 | high | — | 8.0 | — | arbitrary code execution in code | |||
| CVE-2021-28471 | high | — | 8.0 | — | arbitrary code execution in code | |||
| CVE-2021-28477 | high | — | 8.0 | — | arbitrary code execution in code | |||
| CVE-2021-3557 | high | — | 8.0 | — | information disclosure in argocd | |||
| CVE-2021-32688 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-28473 | high | — | 8.0 | — | arbitrary code execution in code | |||
| CVE-2021-28469 | high | — | 8.0 | — | arbitrary code execution in code | |||
| CVE-2021-22230 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22223 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22225 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22229 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-32741 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-32733 | high | — | 8.0 | — | multiple issues in nextcloud |