Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2021-10-11 CVE-2021-41830 Improper Verification of Cryptographic Signature vulnerability in Apache Openoffice
It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source.
network
low complexity
apache CWE-347
7.5
7.5
2021-10-11 CVE-2021-41832 Improper Verification of Cryptographic Signature vulnerability in Apache Openoffice
It is possible for an attacker to manipulate documents to appear to be signed by a trusted source.
network
low complexity
apache CWE-347
7.5
7.5
2021-10-11 CVE-2021-41055 Unspecified vulnerability in Gajim
Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Last Message Correction (XEP-0308) message in multi-user chat, where the message ID equals the correction ID.
network
low complexity
gajim
7.5
7.5
2021-10-11 CVE-2021-42135 Improper Privilege Management vulnerability in Hashicorp Vault 1.8.0/1.8.3
HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine.
network
low complexity
hashicorp CWE-269
8.1
8.1
2021-10-10 CVE-2021-25966 Insufficient Session Expiration vulnerability in Orchardcore Orchard Core 1.0.0
In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change.
network
low complexity
orchardcore CWE-613
8.8
8.8
2021-10-08 CVE-2021-37956 Use After Free vulnerability in multiple products
Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8
8.8
2021-10-08 CVE-2021-37957 Use After Free vulnerability in multiple products
Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8
8.8
2021-10-08 CVE-2021-37959 Use After Free vulnerability in multiple products
Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8
8.8
2021-10-08 CVE-2021-37961 Use After Free vulnerability in multiple products
Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8
8.8
2021-10-08 CVE-2021-37962 Use After Free vulnerability in multiple products
Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8
8.8