VIR Vulnerability Intelligence Relay

CVEs from 2021

4,791 normalized CVEs published or assigned in this year.

Total
4,791
critical
critical 281
high
high 1,022
medium
medium 1,179
low
low 138
% Critical
5.9%
% with KEV
4.4%
% with exploit
5.3%

Top vendors

Top products

  • simatic_wincc_runtime_advanced 28
  • office 13
  • primavera_gateway 10
  • weblogic_server 9
  • primavera_unifier 8
  • modicon_m340_bmxp342020 8
  • log4j 8
  • mbed_tls 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2021-21180 high 8.0 Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21188 high 8.0 Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21197 high 8.0 Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21199 high 8.0 Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pa…
CVE-2021-21215 high 8.0 Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.
CVE-2021-21201 high 8.0 Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21191 high 8.0 Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21189 high 8.0 Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2021-22241 high 8.0 multiple issues in gitlab
CVE-2021-29983 high 8.0 Firefox for Android could get stuck in fullscreen mode and not exit it even after normal interactions that should cause it to exit. *Note: This issue only affected Firefox for Android. Other operatin…
CVE-2021-39919 high 8.0 multiple issues in gitlab
CVE-2021-21185 high 8.0 Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a cr…
CVE-2021-21194 high 8.0 Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-4076 high 8.0 A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys.
CVE-2021-39914 high 8.0 multiple issues in gitlab
CVE-2021-39902 high 8.0 multiple issues in gitlab
CVE-2021-39903 high 8.0 multiple issues in gitlab
CVE-2021-39895 high 8.0 multiple issues in gitlab
CVE-2021-39932 high 8.0 multiple issues in gitlab
CVE-2021-39931 high 8.0 multiple issues in gitlab
CVE-2021-39896 high 8.0 multiple issues in gitlab
CVE-2021-22945 high 8.0 When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call t…
CVE-2021-22901 high 8.0 curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use…
CVE-2021-39917 high 8.0 multiple issues in gitlab
CVE-2021-39900 high 8.0 multiple issues in gitlab
CVE-2021-27064 high 8.0 privilege escalation in code
CVE-2021-38371 high 8.0 The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.
CVE-2021-42322 high 8.0 multiple issues in code
CVE-2021-22208 high 8.0 multiple issues in gitlab
CVE-2021-39941 high 8.0 multiple issues in gitlab
CVE-2021-39867 high 8.0 multiple issues in gitlab
CVE-2021-22211 high 8.0 multiple issues in gitlab
CVE-2021-29503 high 8.0 cross-site scripting in hedgedoc
CVE-2021-39915 high 8.0 multiple issues in gitlab
CVE-2021-39885 high 8.0 multiple issues in gitlab
CVE-2021-39945 high 8.0 multiple issues in gitlab
CVE-2021-22259 high 8.0 multiple issues in gitlab
CVE-2021-39888 high 8.0 multiple issues in gitlab
CVE-2021-39906 high 8.0 multiple issues in gitlab
CVE-2021-39897 high 8.0 multiple issues in gitlab
CVE-2021-22228 high 8.0 multiple issues in gitlab
CVE-2021-22224 high 8.0 multiple issues in gitlab
CVE-2021-22227 high 8.0 multiple issues in gitlab
CVE-2021-22232 high 8.0 multiple issues in gitlab
CVE-2021-32678 high 8.0 multiple issues in nextcloud
CVE-2021-32726 high 8.0 multiple issues in nextcloud
CVE-2021-22215 high 8.0 information disclosure in gitlab
CVE-2021-32725 high 8.0 multiple issues in nextcloud
CVE-2021-32680 high 8.0 multiple issues in nextcloud
CVE-2021-22226 high 8.0 multiple issues in gitlab
CVE-2021-22231 high 8.0 multiple issues in gitlab
CVE-2021-22239 high 8.0 multiple issues in gitlab
CVE-2021-32703 high 8.0 multiple issues in nextcloud
CVE-2021-39909 high 8.0 multiple issues in gitlab
CVE-2021-32705 high 8.0 multiple issues in nextcloud
CVE-2021-32733 high 8.0 multiple issues in nextcloud
CVE-2021-32741 high 8.0 multiple issues in nextcloud
CVE-2021-22229 high 8.0 multiple issues in gitlab
CVE-2021-22225 high 8.0 multiple issues in gitlab
CVE-2021-22223 high 8.0 multiple issues in gitlab
CVE-2021-22230 high 8.0 multiple issues in gitlab
CVE-2021-28469 high 8.0 arbitrary code execution in code
CVE-2021-28473 high 8.0 arbitrary code execution in code
CVE-2021-32688 high 8.0 multiple issues in nextcloud
CVE-2021-3557 high 8.0 information disclosure in argocd
CVE-2021-28477 high 8.0 arbitrary code execution in code
CVE-2021-28471 high 8.0 arbitrary code execution in code
CVE-2021-28457 high 8.0 arbitrary code execution in code
CVE-2021-22237 high 8.0 multiple issues in gitlab
CVE-2021-22915 high 8.0 multiple issues in nextcloud
CVE-2021-32653 high 8.0 multiple issues in nextcloud
CVE-2021-22181 high 8.0 multiple issues in gitlab
CVE-2021-39898 high 8.0 multiple issues in gitlab
CVE-2021-22236 high 8.0 multiple issues in gitlab
CVE-2021-22219 high 8.0 multiple issues in gitlab
CVE-2021-32778 high 8.0 multiple issues in istio
CVE-2021-22214 high 8.0 multiple issues in gitlab
CVE-2021-22218 high 8.0 multiple issues in gitlab
CVE-2021-22221 high 8.0 multiple issues in gitlab
CVE-2021-22220 high 8.0 multiple issues in gitlab
CVE-2021-32654 high 8.0 multiple issues in nextcloud
CVE-2021-39905 high 8.0 multiple issues in gitlab
CVE-2021-22213 high 8.0 multiple issues in gitlab
CVE-2021-22216 high 8.0 multiple issues in gitlab
CVE-2021-30631 high 8.0 arbitrary code execution in chromium
CVE-2021-32777 high 8.0 multiple issues in istio
CVE-2021-39175 high 8.0 cross-site scripting in hedgedoc
CVE-2021-41387 high 8.0 seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root.
CVE-2021-26434 high 8.0 multiple issues in code
CVE-2021-39883 high 8.0 multiple issues in gitlab
CVE-2021-39866 high 8.0 multiple issues in gitlab
CVE-2021-39874 high 8.0 multiple issues in gitlab
CVE-2021-39878 high 8.0 multiple issues in gitlab
CVE-2021-39890 high 8.0 multiple issues in gitlab
CVE-2021-37960 high 8.0 multiple issues in chromium
CVE-2021-39879 high 8.0 multiple issues in gitlab
CVE-2021-39886 high 8.0 multiple issues in gitlab
CVE-2021-39887 high 8.0 multiple issues in gitlab
CVE-2021-39891 high 8.0 multiple issues in gitlab
CVE-2021-39872 high 8.0 multiple issues in gitlab