VIR Vulnerability Intelligence Relay

CVEs from 2021

4,791 normalized CVEs published or assigned in this year.

Total
4,791
critical
critical 281
high
high 1,022
medium
medium 1,179
low
low 138
% Critical
5.9%
% with KEV
4.4%
% with exploit
5.3%

Top vendors

Top products

  • simatic_wincc_runtime_advanced 28
  • office 13
  • primavera_gateway 10
  • weblogic_server 9
  • primavera_unifier 8
  • modicon_m340_bmxp342020 8
  • log4j 8
  • mbed_tls 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2021-39895 high 8.0 multiple issues in gitlab
CVE-2021-39907 high 8.0 multiple issues in gitlab
CVE-2021-39903 high 8.0 multiple issues in gitlab
CVE-2021-39902 high 8.0 multiple issues in gitlab
CVE-2021-39914 high 8.0 multiple issues in gitlab
CVE-2021-39875 high 8.0 multiple issues in gitlab
CVE-2021-39873 high 8.0 multiple issues in gitlab
CVE-2021-39872 high 8.0 multiple issues in gitlab
CVE-2021-39891 high 8.0 multiple issues in gitlab
CVE-2021-39887 high 8.0 multiple issues in gitlab
CVE-2021-39886 high 8.0 multiple issues in gitlab
CVE-2021-39879 high 8.0 multiple issues in gitlab
CVE-2021-37960 high 8.0 multiple issues in chromium
CVE-2021-39890 high 8.0 multiple issues in gitlab
CVE-2021-39878 high 8.0 multiple issues in gitlab
CVE-2021-39874 high 8.0 multiple issues in gitlab
CVE-2021-39866 high 8.0 multiple issues in gitlab
CVE-2021-39883 high 8.0 multiple issues in gitlab
CVE-2021-26434 high 8.0 multiple issues in code
CVE-2021-41387 high 8.0 seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root.
CVE-2021-39175 high 8.0 cross-site scripting in hedgedoc
CVE-2021-32777 high 8.0 multiple issues in istio
CVE-2021-30631 high 8.0 arbitrary code execution in chromium
CVE-2021-22216 high 8.0 multiple issues in gitlab
CVE-2021-22213 high 8.0 multiple issues in gitlab
CVE-2021-32654 high 8.0 multiple issues in nextcloud
CVE-2021-22220 high 8.0 multiple issues in gitlab
CVE-2021-22221 high 8.0 multiple issues in gitlab
CVE-2021-22218 high 8.0 multiple issues in gitlab
CVE-2021-22214 high 8.0 multiple issues in gitlab
CVE-2021-32778 high 8.0 multiple issues in istio
CVE-2021-22219 high 8.0 multiple issues in gitlab
CVE-2021-22236 high 8.0 multiple issues in gitlab
CVE-2021-22181 high 8.0 multiple issues in gitlab
CVE-2021-32653 high 8.0 multiple issues in nextcloud
CVE-2021-22915 high 8.0 multiple issues in nextcloud
CVE-2021-22237 high 8.0 multiple issues in gitlab
CVE-2021-28457 high 8.0 arbitrary code execution in code
CVE-2021-28471 high 8.0 arbitrary code execution in code
CVE-2021-28477 high 8.0 arbitrary code execution in code
CVE-2021-3557 high 8.0 information disclosure in argocd
CVE-2021-32688 high 8.0 multiple issues in nextcloud
CVE-2021-28473 high 8.0 arbitrary code execution in code
CVE-2021-28469 high 8.0 arbitrary code execution in code
CVE-2021-22230 high 8.0 multiple issues in gitlab
CVE-2021-22223 high 8.0 multiple issues in gitlab
CVE-2021-22225 high 8.0 multiple issues in gitlab
CVE-2021-22229 high 8.0 multiple issues in gitlab
CVE-2021-32741 high 8.0 multiple issues in nextcloud
CVE-2021-32733 high 8.0 multiple issues in nextcloud
CVE-2021-32705 high 8.0 multiple issues in nextcloud
CVE-2021-32703 high 8.0 multiple issues in nextcloud
CVE-2021-22231 high 8.0 multiple issues in gitlab
CVE-2021-22226 high 8.0 multiple issues in gitlab
CVE-2021-32680 high 8.0 multiple issues in nextcloud
CVE-2021-32725 high 8.0 multiple issues in nextcloud
CVE-2021-32726 high 8.0 multiple issues in nextcloud
CVE-2021-32678 high 8.0 multiple issues in nextcloud
CVE-2021-22232 high 8.0 multiple issues in gitlab
CVE-2021-22227 high 8.0 multiple issues in gitlab
CVE-2021-22224 high 8.0 multiple issues in gitlab
CVE-2021-22228 high 8.0 multiple issues in gitlab
CVE-2021-29503 high 8.0 cross-site scripting in hedgedoc
CVE-2021-22211 high 8.0 multiple issues in gitlab
CVE-2021-22208 high 8.0 multiple issues in gitlab
CVE-2021-38371 high 8.0 The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.
CVE-2021-27064 high 8.0 privilege escalation in code
CVE-2021-21217 high 8.0 Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
CVE-2021-21106 high 8.0 Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21111 high 8.0 Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via …
CVE-2021-21112 high 8.0 Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21159 high 8.0 Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21168 high 8.0 Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2021-21173 high 8.0 Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2021-21172 high 8.0 Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
CVE-2021-21182 high 8.0 Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafte…
CVE-2021-21181 high 8.0 Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2021-21190 high 8.0 Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
CVE-2021-21196 high 8.0 Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21203 high 8.0 Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21209 high 8.0 Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2021-21213 high 8.0 Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21214 high 8.0 Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.
CVE-2021-21222 high 8.0 Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
CVE-2021-21225 high 8.0 Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21233 high 8.0 Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30567 high 8.0 Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to open DevTools to potentially exploit heap corruption via specific user gesture.
CVE-2021-30556 high 8.0 Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30557 high 8.0 Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML…
CVE-2021-30561 high 8.0 Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30562 high 8.0 Use after free in WebSerial in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30564 high 8.0 Heap buffer overflow in WebXR in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30565 high 8.0 Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds m…
CVE-2021-30566 high 8.0 Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit stack corruption via a crafted HTML…
CVE-2021-30568 high 8.0 Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30569 high 8.0 Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30572 high 8.0 Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30573 high 8.0 Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30576 high 8.0 Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML …
CVE-2021-30598 high 8.0 Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.