Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-02 | CVE-2021-37985 | Use After Free vulnerability in multiple products Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-11-02 | CVE-2021-37986 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-11-02 | CVE-2021-37987 | Use After Free vulnerability in multiple products Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-11-02 | CVE-2021-37988 | Use After Free vulnerability in multiple products Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-11-02 | CVE-2021-37991 | Race Condition vulnerability in multiple products Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 7.5 |
| 2021-11-02 | CVE-2021-37992 | Out-of-bounds Read vulnerability in multiple products Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-11-02 | CVE-2021-37993 | Use After Free vulnerability in multiple products Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-11-02 | CVE-2021-42697 | Uncontrolled Recursion vulnerability in Akka Http Server Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments. | 7.5 |
| 2021-11-02 | CVE-2021-43266 | OS Command Injection vulnerability in Mahara In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. | 7.3 |
| 2021-11-02 | CVE-2021-37977 | Use After Free vulnerability in multiple products Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |