CVEs from 2021
Total
4,786
critical
critical 281
high
high 1,022
medium
medium 1,179
low
low 138
% Critical
5.9%
% with KEV
4.5%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- mbed_tls 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-32918 | high | — | 8.0 | — | An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.… | |||
| CVE-2021-2074 | high | — | 8.0 | — | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high p… | |||
| CVE-2021-39899 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39944 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-28544 | high | — | 8.0 | — | Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a… | |||
| CVE-2021-21198 | high | — | 8.0 | — | Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2021-21192 | high | — | 8.0 | — | Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-39879 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-21218 | high | — | 8.0 | — | Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |||
| CVE-2021-21208 | high | — | 8.0 | — | Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code. | |||
| CVE-2021-21212 | high | — | 8.0 | — | Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP. | |||
| CVE-2021-21183 | high | — | 8.0 | — | Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2021-21176 | high | — | 8.0 | — | Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||
| CVE-2021-21171 | high | — | 8.0 | — | Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||
| CVE-2021-32919 | high | — | 8.0 | — | An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not co… | |||
| CVE-2021-20247 | high | — | 8.0 | — | A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailb… | |||
| CVE-2021-22890 | high | — | 8.0 | — | curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.… | |||
| CVE-2021-22239 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-22215 | high | — | 8.0 | — | information disclosure in gitlab | |||
| CVE-2021-39896 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-21187 | high | — | 8.0 | — | Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||
| CVE-2021-38495 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have … | |||
| CVE-2021-29972 | high | — | 8.0 | — | A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilit… | |||
| CVE-2021-21158 | high | — | 8.0 | — | insufficient validation in chromium | |||
| CVE-2021-36952 | high | — | 8.0 | — | multiple issues in code | |||
| CVE-2021-29429 | high | — | 8.0 | — | In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable t… | |||
| CVE-2021-21226 | high | — | 8.0 | — | Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2021-21157 | high | — | 8.0 | — | Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21154 | high | — | 8.0 | — | Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML… | |||
| CVE-2021-3446 | high | — | 8.0 | — | A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain s… | |||
| CVE-2021-32921 | high | — | 8.0 | — | An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a… | |||
| CVE-2021-32920 | high | — | 8.0 | — | Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests. | |||
| CVE-2021-32655 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-42327 | high | — | 8.0 | — | dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to th… | |||
| CVE-2021-38018 | high | — | 8.0 | — | Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||
| CVE-2021-38017 | high | — | 8.0 | — | Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||
| CVE-2021-38014 | high | — | 8.0 | — | Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-38013 | high | — | 8.0 | — | Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sand… | |||
| CVE-2021-30596 | high | — | 8.0 | — | Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||
| CVE-2021-32749 | high | — | 8.0 | — | fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to poss… | |||
| CVE-2021-30588 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30579 | high | — | 8.0 | — | Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30578 | high | — | 8.0 | — | Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | |||
| CVE-2021-30576 | high | — | 8.0 | — | Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML … | |||
| CVE-2021-30573 | high | — | 8.0 | — | Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30534 | high | — | 8.0 | — | Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||
| CVE-2021-21222 | high | — | 8.0 | — | Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | |||
| CVE-2021-21214 | high | — | 8.0 | — | Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. | |||
| CVE-2021-21213 | high | — | 8.0 | — | Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21209 | high | — | 8.0 | — | Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2021-21196 | high | — | 8.0 | — | Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21190 | high | — | 8.0 | — | Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |||
| CVE-2021-21181 | high | — | 8.0 | — | Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||
| CVE-2021-21112 | high | — | 8.0 | — | Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-29982 | high | — | 8.0 | — | Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 an… | |||
| CVE-2021-29981 | high | — | 8.0 | — | An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulner… | |||
| CVE-2021-28375 | high | — | 8.0 | — | An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85… | |||
| CVE-2021-29265 | high | — | 8.0 | — | An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race… | |||
| CVE-2021-22945 | high | — | 8.0 | — | When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call t… | |||
| CVE-2021-22901 | high | — | 8.0 | — | curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use… | |||
| CVE-2021-21217 | high | — | 8.0 | — | Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |||
| CVE-2021-38005 | high | — | 8.0 | — | Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-38004 | high | — | 8.0 | — | Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2021-38002 | high | — | 8.0 | — | Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2021-38001 | high | — | 8.0 | — | Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-37999 | high | — | 8.0 | — | Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page. | |||
| CVE-2021-37998 | high | — | 8.0 | — | Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-37997 | high | — | 8.0 | — | Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-37994 | high | — | 8.0 | — | Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||
| CVE-2021-37996 | high | — | 8.0 | — | Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file. | |||
| CVE-2021-37993 | high | — | 8.0 | — | Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-37992 | high | — | 8.0 | — | Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30543 | high | — | 8.0 | — | Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML … | |||
| CVE-2021-30542 | high | — | 8.0 | — | Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML … | |||
| CVE-2021-30564 | high | — | 8.0 | — | Heap buffer overflow in WebXR in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30539 | high | — | 8.0 | — | Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||
| CVE-2021-30536 | high | — | 8.0 | — | Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. | |||
| CVE-2021-30623 | high | — | 8.0 | — | Chromium: CVE-2021-30623 Use after free in Bookmarks | |||
| CVE-2021-37972 | high | — | 8.0 | — | Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30535 | high | — | 8.0 | — | Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30531 | high | — | 8.0 | — | Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||
| CVE-2021-30518 | high | — | 8.0 | — | Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30528 | high | — | 8.0 | — | Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their… | |||
| CVE-2021-30524 | high | — | 8.0 | — | Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML p… | |||
| CVE-2021-30514 | high | — | 8.0 | — | Use after free in Autofill in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30512 | high | — | 8.0 | — | Use after free in Notifications in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pa… | |||
| CVE-2021-30520 | high | — | 8.0 | — | Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML… | |||
| CVE-2021-30511 | high | — | 8.0 | — | Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafte… | |||
| CVE-2021-30510 | high | — | 8.0 | — | Use after free in Aura in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30509 | high | — | 8.0 | — | Out of bounds write in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a craft… | |||
| CVE-2021-21164 | high | — | 8.0 | — | Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2021-21163 | high | — | 8.0 | — | Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server. | |||
| CVE-2021-21160 | high | — | 8.0 | — | Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21161 | high | — | 8.0 | — | Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21159 | high | — | 8.0 | — | Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21156 | high | — | 8.0 | — | Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script. | |||
| CVE-2021-21155 | high | — | 8.0 | — | Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a c… | |||
| CVE-2021-21152 | high | — | 8.0 | — | Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21162 | high | — | 8.0 | — | Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21150 | high | — | 8.0 | — | Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted… |