Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-02 | CVE-2021-42697 | Uncontrolled Recursion vulnerability in Akka Http Server Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments. | 7.5 |
| 2021-11-02 | CVE-2021-43266 | OS Command Injection vulnerability in Mahara In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. | 7.3 |
| 2021-11-02 | CVE-2021-37977 | Use After Free vulnerability in multiple products Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-11-02 | CVE-2021-37978 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-11-02 | CVE-2021-37979 | Out-of-bounds Write vulnerability in multiple products heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-11-02 | CVE-2021-37980 | Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. | 7.4 |
| 2021-11-02 | CVE-2021-36174 | Allocation of Resources Without Limits or Throttling vulnerability in Fortinet Fortiportal A memory allocation with excessive size value vulnerability in the license verification function of FortiPortal before 6.0.6 may allow an attacker to perform a denial of service attack via specially crafted license blobs. | 7.5 |
| 2021-11-02 | CVE-2021-36183 | Unspecified vulnerability in Fortinet Forticlient An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates. | 7.8 |
| 2021-11-02 | CVE-2021-36185 | OS Command Injection vulnerability in Fortinet Fortiwlm A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 8.8 |
| 2021-11-02 | CVE-2021-36187 | Resource Exhaustion vulnerability in Fortinet Fortiweb A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to cause a denial of service for webserver daemon via crafted HTTP requests | 7.5 |