CVEs from 2021
Total
4,788
critical
critical 281
high
high 1,022
medium
medium 1,179
low
low 138
% Critical
5.9%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- mbed_tls 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-29157 | high | — | 8.0 | — | Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled locatio… | |||
| CVE-2021-26910 | high | — | 8.0 | — | Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation. | |||
| CVE-2021-38013 | high | — | 8.0 | — | Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sand… | |||
| CVE-2021-29977 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |||
| CVE-2021-3446 | high | — | 8.0 | — | A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain s… | |||
| CVE-2021-21154 | high | — | 8.0 | — | Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML… | |||
| CVE-2021-21157 | high | — | 8.0 | — | Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21195 | high | — | 8.0 | — | Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21198 | high | — | 8.0 | — | Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2021-2125 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |||
| CVE-2021-2129 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |||
| CVE-2021-2120 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |||
| CVE-2021-2123 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |||
| CVE-2021-2124 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |||
| CVE-2021-2128 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows low pr… | |||
| CVE-2021-2127 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |||
| CVE-2021-23962 | high | — | 8.0 | — | Incorrect use of the '<RowCountChanged>' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox < 85. | |||
| CVE-2021-2130 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |||
| CVE-2021-2145 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high… | |||
| CVE-2021-2131 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |||
| CVE-2021-23955 | high | — | 8.0 | — | The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85. | |||
| CVE-2021-23958 | high | — | 8.0 | — | The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85. | |||
| CVE-2021-2281 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… | |||
| CVE-2021-2279 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows unau… | |||
| CVE-2021-2282 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… | |||
| CVE-2021-2284 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… | |||
| CVE-2021-2286 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… | |||
| CVE-2021-2309 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high… | |||
| CVE-2021-2287 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… | |||
| CVE-2021-23996 | high | — | 8.0 | — | By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's viewport, resulting in a spoofing attack that could have been used for phishing or other att… | |||
| CVE-2021-2310 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high… | |||
| CVE-2021-2321 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high p… | |||
| CVE-2021-2409 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high p… | |||
| CVE-2021-24001 | high | — | 8.0 | — | A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. … | |||
| CVE-2021-2443 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high p… | |||
| CVE-2021-2454 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Difficult to exploit vulnerability allows low … | |||
| CVE-2021-2475 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows high p… | |||
| CVE-2021-35538 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows low pr… | |||
| CVE-2021-35542 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows high p… | |||
| CVE-2021-30540 | high | — | 8.0 | — | Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||
| CVE-2021-30610 | high | — | 8.0 | — | Chromium: CVE-2021-30610 Use after free in Extensions API | |||
| CVE-2021-30611 | high | — | 8.0 | — | Chromium: CVE-2021-30611 Use after free in WebRTC | |||
| CVE-2021-21219 | high | — | 8.0 | — | Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |||
| CVE-2021-32781 | high | — | 8.0 | — | multiple issues in istio | |||
| CVE-2021-32780 | high | — | 8.0 | — | multiple issues in istio | |||
| CVE-2021-32656 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-32734 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-22217 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22206 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-37967 | high | — | 8.0 | — | Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted … | |||
| CVE-2021-2250 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high p… | |||
| CVE-2021-2283 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauth… | |||
| CVE-2021-29947 | high | — | 8.0 | — | Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… | |||
| CVE-2021-29428 | high | — | 8.0 | — | In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds c… | |||
| CVE-2021-21109 | high | — | 8.0 | — | Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2021-21107 | high | — | 8.0 | — | Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a craft… | |||
| CVE-2021-27064 | high | — | 8.0 | — | privilege escalation in code | |||
| CVE-2021-38371 | high | — | 8.0 | — | The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. | |||
| CVE-2021-22230 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-28469 | high | — | 8.0 | — | arbitrary code execution in code | |||
| CVE-2021-28473 | high | — | 8.0 | — | arbitrary code execution in code | |||
| CVE-2021-32688 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-3557 | high | — | 8.0 | — | information disclosure in argocd | |||
| CVE-2021-28477 | high | — | 8.0 | — | arbitrary code execution in code | |||
| CVE-2021-28471 | high | — | 8.0 | — | arbitrary code execution in code | |||
| CVE-2021-28457 | high | — | 8.0 | — | arbitrary code execution in code | |||
| CVE-2021-30618 | high | — | 8.0 | — | Chromium: CVE-2021-30618 Inappropriate implementation in DevTools | |||
| CVE-2021-22237 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22915 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-32653 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-22181 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22236 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22219 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-32778 | high | — | 8.0 | — | multiple issues in istio | |||
| CVE-2021-22214 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22218 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22221 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22220 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-32654 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-22213 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22216 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-30631 | high | — | 8.0 | — | arbitrary code execution in chromium | |||
| CVE-2021-32777 | high | — | 8.0 | — | multiple issues in istio | |||
| CVE-2021-39175 | high | — | 8.0 | — | cross-site scripting in hedgedoc | |||
| CVE-2021-41387 | high | — | 8.0 | — | seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root. | |||
| CVE-2021-26434 | high | — | 8.0 | — | multiple issues in code | |||
| CVE-2021-39883 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-21226 | high | — | 8.0 | — | Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2021-39866 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39874 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39878 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39890 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-37960 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2021-39879 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39886 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-31618 | high | — | 8.0 | — | Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On viol… | |||
| CVE-2021-39887 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39891 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39872 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39873 | high | — | 8.0 | — | multiple issues in gitlab |