High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-10-18	CVE-2021-41991	Integer Overflow or Wraparound vulnerability in multiple products The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. network low complexity strongswan debian fedoraproject siemens CWE-190	7.5
2021-10-18	CVE-2021-38562	Information Exposure Through Discrepancy vulnerability in multiple products Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm. network low complexity bestpractical fedoraproject debian CWE-203	7.5
2021-10-18	CVE-2021-41611	Improper Certificate Validation vulnerability in multiple products An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. network low complexity squid-cache fedoraproject CWE-295	7.5
2021-10-15	CVE-2021-28021	Out-of-bounds Write vulnerability in multiple products Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. local low complexity stb-project fedoraproject debian CWE-787	7.8
2021-10-11	CVE-2021-41799	Allocation of Resources Without Limits or Throttling vulnerability in multiple products MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). network low complexity mediawiki fedoraproject CWE-770	7.5
2021-10-08	CVE-2021-37956	Use After Free vulnerability in multiple products Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian CWE-416	8.8
2021-10-08	CVE-2021-37957	Use After Free vulnerability in multiple products Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian CWE-416	8.8
2021-10-08	CVE-2021-37959	Use After Free vulnerability in multiple products Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian CWE-416	8.8
2021-10-08	CVE-2021-37961	Use After Free vulnerability in multiple products Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian CWE-416	8.8
2021-10-08	CVE-2021-37962	Use After Free vulnerability in multiple products Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian CWE-416	8.8