CVEs from 2021
Total
4,788
critical
critical 281
high
high 1,022
medium
medium 1,179
low
low 138
% Critical
5.9%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- mbed_tls 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-4056 | high | — | 8.0 | — | Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-39875 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39873 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39872 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39891 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-38022 | high | — | 8.0 | — | Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2021-39887 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-31618 | high | — | 8.0 | — | Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On viol… | |||
| CVE-2021-39886 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-37970 | high | — | 8.0 | — | Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-39879 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-37968 | high | — | 8.0 | — | Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2021-30569 | high | — | 8.0 | — | Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30568 | high | — | 8.0 | — | Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30566 | high | — | 8.0 | — | Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit stack corruption via a crafted HTML… | |||
| CVE-2021-30562 | high | — | 8.0 | — | Use after free in WebSerial in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-37960 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2021-30561 | high | — | 8.0 | — | Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30556 | high | — | 8.0 | — | Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-39890 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-30532 | high | — | 8.0 | — | Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||
| CVE-2021-39878 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39874 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-30527 | high | — | 8.0 | — | Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30525 | high | — | 8.0 | — | Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML … | |||
| CVE-2021-30521 | high | — | 8.0 | — | Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | |||
| CVE-2021-30519 | high | — | 8.0 | — | Use after free in Payments in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious payments app to potentially exploit heap corruption via a crafted HT… | |||
| CVE-2021-39866 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39883 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-26434 | high | — | 8.0 | — | multiple issues in code | |||
| CVE-2021-30517 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-41387 | high | — | 8.0 | — | seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root. | |||
| CVE-2021-39175 | high | — | 8.0 | — | cross-site scripting in hedgedoc | |||
| CVE-2021-32777 | high | — | 8.0 | — | multiple issues in istio | |||
| CVE-2021-30631 | high | — | 8.0 | — | arbitrary code execution in chromium | |||
| CVE-2021-22216 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22213 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-30516 | high | — | 8.0 | — | Heap buffer overflow in History in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pa… | |||
| CVE-2021-32654 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-22220 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22221 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22218 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22214 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-32778 | high | — | 8.0 | — | multiple issues in istio | |||
| CVE-2021-22219 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22236 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22181 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-32653 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-22915 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-22237 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-28457 | high | — | 8.0 | — | arbitrary code execution in code | |||
| CVE-2021-28471 | high | — | 8.0 | — | arbitrary code execution in code | |||
| CVE-2021-28477 | high | — | 8.0 | — | arbitrary code execution in code | |||
| CVE-2021-3557 | high | — | 8.0 | — | information disclosure in argocd | |||
| CVE-2021-32688 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-28473 | high | — | 8.0 | — | arbitrary code execution in code | |||
| CVE-2021-28469 | high | — | 8.0 | — | arbitrary code execution in code | |||
| CVE-2021-22230 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22223 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22225 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22229 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-32741 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-32733 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-32705 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-32703 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-22231 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22226 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-32680 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-32725 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-32726 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-32678 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-22232 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22227 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22224 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22228 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-30513 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-29503 | high | — | 8.0 | — | cross-site scripting in hedgedoc | |||
| CVE-2021-30511 | high | — | 8.0 | — | Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafte… | |||
| CVE-2021-30507 | high | — | 8.0 | — | Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HT… | |||
| CVE-2021-30510 | high | — | 8.0 | — | Use after free in Aura in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30509 | high | — | 8.0 | — | Out of bounds write in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a craft… | |||
| CVE-2021-37963 | high | — | 8.0 | — | Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. | |||
| CVE-2021-22945 | high | — | 8.0 | — | When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call t… | |||
| CVE-2021-30578 | high | — | 8.0 | — | Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | |||
| CVE-2021-30627 | high | — | 8.0 | — | Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30606 | high | — | 8.0 | — | Chromium: CVE-2021-30606 Use after free in Blink | |||
| CVE-2021-29975 | high | — | 8.0 | — | Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly… | |||
| CVE-2021-30616 | high | — | 8.0 | — | Chromium: CVE-2021-30616 Use after free in Media | |||
| CVE-2021-30594 | high | — | 8.0 | — | Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. | |||
| CVE-2021-30596 | high | — | 8.0 | — | Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||
| CVE-2021-38385 | high | — | 8.0 | — | Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-00… | |||
| CVE-2021-38017 | high | — | 8.0 | — | Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||
| CVE-2021-38018 | high | — | 8.0 | — | Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||
| CVE-2021-30588 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21116 | high | — | 8.0 | — | Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30579 | high | — | 8.0 | — | Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-29987 | high | — | 8.0 | — | After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location,… | |||
| CVE-2021-30576 | high | — | 8.0 | — | Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML … | |||
| CVE-2021-30573 | high | — | 8.0 | — | Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30626 | high | — | 8.0 | — | Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |