CVEs from 2021
Total
4,791
critical
critical 281
high
high 1,022
medium
medium 1,179
low
low 138
% Critical
5.9%
% with KEV
4.4%
% with exploit
5.3%
Top vendors
Top products
- simatic_wincc_runtime_advanced 28
- office 13
- primavera_gateway 10
- weblogic_server 9
- primavera_unifier 8
- modicon_m340_bmxp342020 8
- log4j 8
- mbed_tls 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-29427 | high | — | 8.0 | — | In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gra… | |||
| CVE-2021-29972 | high | — | 8.0 | — | A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilit… | |||
| CVE-2021-29964 | high | — | 8.0 | — | A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operat… | |||
| CVE-2021-21211 | high | — | 8.0 | — | Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2021-42327 | high | — | 8.0 | — | dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to th… | |||
| CVE-2021-43540 | high | — | 8.0 | — | WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects … | |||
| CVE-2021-37978 | high | — | 8.0 | — | Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30621 | high | — | 8.0 | — | Chromium: CVE-2021-30621 UI Spoofing in Autofill | |||
| CVE-2021-30625 | high | — | 8.0 | — | Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a craf… | |||
| CVE-2021-21219 | high | — | 8.0 | — | Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |||
| CVE-2021-21221 | high | — | 8.0 | — | Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HT… | |||
| CVE-2021-39910 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-43908 | high | — | 8.0 | — | multiple issues in code | |||
| CVE-2021-0535 | high | — | 8.0 | — | multiple issues in wpa_supplicant | |||
| CVE-2021-39938 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39869 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-30481 | high | — | 8.0 | — | arbitrary code execution in steam | |||
| CVE-2021-39893 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-25742 | high | — | 8.0 | — | information disclosure in kubectl-ingress-nginx | |||
| CVE-2021-39894 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39892 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-39871 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-32781 | high | — | 8.0 | — | multiple issues in istio | |||
| CVE-2021-32780 | high | — | 8.0 | — | multiple issues in istio | |||
| CVE-2021-32656 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-32734 | high | — | 8.0 | — | multiple issues in nextcloud | |||
| CVE-2021-22217 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2021-4053 | high | — | 8.0 | — | Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-38016 | high | — | 8.0 | — | Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | |||
| CVE-2021-21175 | high | — | 8.0 | — | Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2021-38011 | high | — | 8.0 | — | Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-21177 | high | — | 8.0 | — | Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||
| CVE-2021-21180 | high | — | 8.0 | — | Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-38010 | high | — | 8.0 | — | Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML p… | |||
| CVE-2021-30620 | high | — | 8.0 | — | Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink | |||
| CVE-2021-30615 | high | — | 8.0 | — | Chromium: CVE-2021-30615 Cross-origin data leak in Navigation | |||
| CVE-2021-30617 | high | — | 8.0 | — | Chromium: CVE-2021-30617 Policy bypass in Blink | |||
| CVE-2021-38300 | high | — | 8.0 | — | arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel co… | |||
| CVE-2021-30600 | high | — | 8.0 | — | Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-3655 | high | — | 8.0 | — | A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. | |||
| CVE-2021-30590 | high | — | 8.0 | — | Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-4067 | high | — | 8.0 | — | Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30628 | high | — | 8.0 | — | Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. | |||
| CVE-2021-30629 | high | — | 8.0 | — | Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-37961 | high | — | 8.0 | — | Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-37956 | high | — | 8.0 | — | Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted… | |||
| CVE-2021-37959 | high | — | 8.0 | — | Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a craft… | |||
| CVE-2021-37987 | high | — | 8.0 | — | Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-28660 | high | — | 8.0 | — | rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org rele… | |||
| CVE-2021-37971 | high | — | 8.0 | — | Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||
| CVE-2021-23970 | high | — | 8.0 | — | Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86. | |||
| CVE-2021-37977 | high | — | 8.0 | — | Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-23971 | high | — | 8.0 | — | When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the… | |||
| CVE-2021-23972 | high | — | 8.0 | — | One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishingtarget.com@evil.com'. To mitigate this type of attack, Firefox will display a warning dialog; howe… | |||
| CVE-2021-37981 | high | — | 8.0 | — | Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||
| CVE-2021-23986 | high | — | 8.0 | — | A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read… | |||
| CVE-2021-23975 | high | — | 8.0 | — | The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof funct… | |||
| CVE-2021-37992 | high | — | 8.0 | — | Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-23979 | high | — | 8.0 | — | Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl… | |||
| CVE-2021-29952 | high | — | 8.0 | — | When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnera… | |||
| CVE-2021-4058 | high | — | 8.0 | — | Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-4054 | high | — | 8.0 | — | Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||
| CVE-2021-29959 | high | — | 8.0 | — | When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only… | |||
| CVE-2021-29960 | high | — | 8.0 | — | Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined … | |||
| CVE-2021-4064 | high | — | 8.0 | — | Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-29962 | high | — | 8.0 | — | Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnera… | |||
| CVE-2021-29961 | high | — | 8.0 | — | When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89. | |||
| CVE-2021-29963 | high | — | 8.0 | — | Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnera… | |||
| CVE-2021-29974 | high | — | 8.0 | — | When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Stric… | |||
| CVE-2021-29965 | high | — | 8.0 | — | A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that… | |||
| CVE-2021-30522 | high | — | 8.0 | — | Use after free in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-29973 | high | — | 8.0 | — | Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user's password would be ente… | |||
| CVE-2021-30524 | high | — | 8.0 | — | Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML p… | |||
| CVE-2021-30619 | high | — | 8.0 | — | Chromium: CVE-2021-30619 UI Spoofing in Autofill | |||
| CVE-2021-29975 | high | — | 8.0 | — | Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly… | |||
| CVE-2021-30535 | high | — | 8.0 | — | Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-29947 | high | — | 8.0 | — | Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes… | |||
| CVE-2021-30507 | high | — | 8.0 | — | Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HT… | |||
| CVE-2021-29429 | high | — | 8.0 | — | In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable t… | |||
| CVE-2021-41259 | high | — | 8.0 | — | multiple issues in nim | |||
| CVE-2021-30624 | high | — | 8.0 | — | Chromium: CVE-2021-30624 Use after free in Autofill | |||
| CVE-2021-30574 | high | — | 8.0 | — | Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2021-30575 | high | — | 8.0 | — | Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pa… | |||
| CVE-2021-30581 | high | — | 8.0 | — | Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML … | |||
| CVE-2021-47497 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells If a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic … | |||
| CVE-2021-47386 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field If driver read val value sufficient for (va… | |||
| CVE-2021-47432 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Don't overflow in peek() When we started spreading new inode numbers throughout most of the 64 bit inod… | |||
| CVE-2021-47495 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: usbnet: sanity check for maxpacket maxpacket of 0 makes no sense and oopses as we need to divide by it. Give up. V2: fixed typo … | |||
| CVE-2021-47384 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field If driver read tmp value sufficient for (tmp… | |||
| CVE-2021-47101 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: asix: fix uninit-value in asix_mdio_read() asix_read_cmd() may read less than sizeof(smsr) bytes and in this case smsr will be un… | |||
| CVE-2021-47097 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: Input: elantech - fix stack out of bound access in elantech_change_report_id() The array param[] in elantech_change_report_id() m… | |||
| CVE-2021-47582 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: USB: core: Make do_proc_control() and do_proc_bulk() killable The USBDEVFS_CONTROL and USBDEVFS_BULK ioctls invoke usb_start_wait… | |||
| CVE-2021-47289 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ACPI: fix NULL pointer dereference Commit 71f642833284 ("ACPI: utils: Fix reference counting in for_each_acpi_dev_match()") start… | |||
| CVE-2021-47466 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mm, slub: fix potential memoryleak in kmem_cache_open() In error path, the random_seq of slub cache might be leaked. Fix this by… | |||
| CVE-2021-47527 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: serial: core: fix transmit-buffer reset and memleak Commit 761ed4a94582 ("tty: serial_core: convert uart_close to use tty_port_cl… | |||
| CVE-2021-47338 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: fbmem: Do not delete the mode that is still in use The execution of fb_delete_videomode() is not based on the result of the previ… | |||
| CVE-2021-47321 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: watchdog: Fix possible use-after-free by calling del_timer_sync() This driver's remove path calls del_timer(). However, that func… | |||
| CVE-2021-47287 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: driver core: auxiliary bus: Fix memory leak when driver_register() fail If driver_register() returns with error we need to free t… | |||
| CVE-2021-47609 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Fix string overflow in SCPI genpd driver Without the bound checks for scpi_pd->name, it could result in the b… | |||
| CVE-2021-47352 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: virtio-net: Add validation for used length This adds validation for used length (might come from an untrusted device) to avoid da… |