CVEs from 2021
Total
4,788
critical
critical 281
high
high 1,022
medium
medium 1,179
low
low 138
% Critical
5.9%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- mbed_tls 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-39902 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39914 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39875 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39873 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39872 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39891 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39887 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-31618 | high | — | 8.0 | — | Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On viol… | |||
| CVE-2021-39886 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39879 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-37960 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2021-39890 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39878 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39874 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39866 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39883 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-26434 | high | — | 8.0 | — | multiple issues in code | |||
| CVE-2021-41387 | high | — | 8.0 | — | seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root. | |||
| CVE-2021-39175 | high | — | 8.0 | — | cross-site scripting in hedgedoc | |||
| CVE-2021-32777 | high | — | 8.0 | — | multiple issues in istio | |||
| CVE-2021-30631 | high | — | 8.0 | — | arbitrary code execution in chromium | |||
| CVE-2021-22216 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22213 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-32654 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-22220 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22221 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22218 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22214 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-32778 | high | — | 8.0 | — | multiple issues in istio | |||
| CVE-2021-22219 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22236 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22181 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-32653 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-22915 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-22237 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-28457 | high | — | 8.0 | — | arbitrary code execution in code | |||
| CVE-2021-28471 | high | — | 8.0 | — | arbitrary code execution in code | |||
| CVE-2021-28477 | high | — | 8.0 | — | arbitrary code execution in code | |||
| CVE-2021-3557 | high | — | 8.0 | — | information disclosure in argocd | |||
| CVE-2021-32688 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-28473 | high | — | 8.0 | — | arbitrary code execution in code | |||
| CVE-2021-28469 | high | — | 8.0 | — | arbitrary code execution in code | |||
| CVE-2021-22230 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-38371 | high | — | 8.0 | — | The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. | |||
| CVE-2021-27064 | high | — | 8.0 | — | privilege escalation in code | |||
| CVE-2021-21107 | high | — | 8.0 | — | Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a craft… | |||
| CVE-2021-21109 | high | — | 8.0 | — | Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2021-21111 | high | — | 8.0 | — | Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via … | |||
| CVE-2021-21113 | high | — | 8.0 | — | Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21115 | high | — | 8.0 | — | User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML … | |||
| CVE-2021-21160 | high | — | 8.0 | — | Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21163 | high | — | 8.0 | — | Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server. | |||
| CVE-2021-21164 | high | — | 8.0 | — | Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2021-21165 | high | — | 8.0 | — | Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21189 | high | — | 8.0 | — | Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||
| CVE-2021-21167 | high | — | 8.0 | — | Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21168 | high | — | 8.0 | — | Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||
| CVE-2021-21175 | high | — | 8.0 | — | Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2021-21179 | high | — | 8.0 | — | Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21169 | high | — | 8.0 | — | Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||
| CVE-2021-21170 | high | — | 8.0 | — | Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted … | |||
| CVE-2021-21172 | high | — | 8.0 | — | Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | |||
| CVE-2021-21186 | high | — | 8.0 | — | Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a craft… | |||
| CVE-2021-21188 | high | — | 8.0 | — | Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21201 | high | — | 8.0 | — | Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2021-21203 | high | — | 8.0 | — | Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21207 | high | — | 8.0 | — | Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chro… | |||
| CVE-2021-21210 | high | — | 8.0 | — | Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page. | |||
| CVE-2021-21223 | high | — | 8.0 | — | Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2021-30555 | high | — | 8.0 | — | Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML p… | |||
| CVE-2021-30557 | high | — | 8.0 | — | Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML… | |||
| CVE-2021-30559 | high | — | 8.0 | — | Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30565 | high | — | 8.0 | — | Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds m… | |||
| CVE-2021-30572 | high | — | 8.0 | — | Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30567 | high | — | 8.0 | — | Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to open DevTools to potentially exploit heap corruption via specific user gesture. | |||
| CVE-2021-30581 | high | — | 8.0 | — | Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML … | |||
| CVE-2021-30592 | high | — | 8.0 | — | Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a craf… | |||
| CVE-2021-30582 | high | — | 8.0 | — | Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2021-30585 | high | — | 8.0 | — | Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30584 | high | — | 8.0 | — | Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||
| CVE-2021-30600 | high | — | 8.0 | — | Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30589 | high | — | 8.0 | — | Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link. | |||
| CVE-2021-30591 | high | — | 8.0 | — | Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30593 | high | — | 8.0 | — | Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted… | |||
| CVE-2021-30615 | high | — | 8.0 | — | Chromium: CVE-2021-30615 Cross-origin data leak in Navigation | |||
| CVE-2021-37980 | high | — | 8.0 | — | Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. | |||
| CVE-2021-30597 | high | — | 8.0 | — | Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. | |||
| CVE-2021-30609 | high | — | 8.0 | — | Chromium: CVE-2021-30609 Use after free in Sign-In | |||
| CVE-2021-30598 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |||
| CVE-2021-30628 | high | — | 8.0 | — | Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. | |||
| CVE-2021-37957 | high | — | 8.0 | — | Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-37962 | high | — | 8.0 | — | Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HT… | |||
| CVE-2021-37966 | high | — | 8.0 | — | Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||
| CVE-2021-37984 | high | — | 8.0 | — | Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-37965 | high | — | 8.0 | — | Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2021-37971 | high | — | 8.0 | — | Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||
| CVE-2021-37977 | high | — | 8.0 | — | Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-37979 | high | — | 8.0 | — | heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a craf… | |||
| CVE-2021-37989 | high | — | 8.0 | — | Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page. | |||
| CVE-2021-37981 | high | — | 8.0 | — | Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. |