High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-10-18	CVE-2021-41990	Integer Overflow or Wraparound vulnerability in multiple products The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. network low complexity strongswan debian fedoraproject siemens CWE-190	7.5
2021-10-18	CVE-2021-41991	Integer Overflow or Wraparound vulnerability in multiple products The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. network low complexity strongswan debian fedoraproject siemens CWE-190	7.5
2021-10-18	CVE-2021-38562	Information Exposure Through Discrepancy vulnerability in multiple products Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm. network low complexity bestpractical fedoraproject debian CWE-203	7.5
2021-10-15	CVE-2021-28021	Out-of-bounds Write vulnerability in multiple products Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. local low complexity stb-project fedoraproject debian CWE-787	7.8
2021-10-14	CVE-2021-42340	Missing Release of Resource after Effective Lifetime vulnerability in multiple products The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. network low complexity apache netapp debian oracle CWE-772	7.5
2021-10-11	CVE-2021-42260	Infinite Loop vulnerability in multiple products TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. network low complexity tinyxml-project debian CWE-835	7.5
2021-10-08	CVE-2021-37956	Use After Free vulnerability in multiple products Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian CWE-416	8.8
2021-10-08	CVE-2021-37957	Use After Free vulnerability in multiple products Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian CWE-416	8.8
2021-10-08	CVE-2021-37959	Use After Free vulnerability in multiple products Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian CWE-416	8.8
2021-10-08	CVE-2021-37961	Use After Free vulnerability in multiple products Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian CWE-416	8.8