Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-02 | CVE-2021-37978 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-11-02 | CVE-2021-37979 | Out-of-bounds Write vulnerability in multiple products heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-11-02 | CVE-2021-37980 | Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. | 7.4 |
| 2021-11-02 | CVE-2021-36174 | Allocation of Resources Without Limits or Throttling vulnerability in Fortinet Fortiportal A memory allocation with excessive size value vulnerability in the license verification function of FortiPortal before 6.0.6 may allow an attacker to perform a denial of service attack via specially crafted license blobs. | 7.5 |
| 2021-11-02 | CVE-2021-36183 | Unspecified vulnerability in Fortinet Forticlient An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates. | 7.8 |
| 2021-11-02 | CVE-2021-36185 | OS Command Injection vulnerability in Fortinet Fortiwlm A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 8.8 |
| 2021-11-02 | CVE-2021-36187 | Resource Exhaustion vulnerability in Fortinet Fortiweb A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to cause a denial of service for webserver daemon via crafted HTTP requests | 7.5 |
| 2021-11-02 | CVE-2021-41022 | Improper Privilege Management vulnerability in Fortinet Fortisiem A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts | 7.8 |
| 2021-11-02 | CVE-2020-18438 | Path Traversal vulnerability in PHPok 5.1 Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to admin.php. | 7.5 |
| 2021-11-02 | CVE-2020-20657 | Classic Buffer Overflow vulnerability in Libiec Iccp MOD Project Libiec Iccp MOD 1.5 Buffer overflow vulnerability in fcovatti libiec_iccp_mod v1.5, allows attackers to cause a denial of service via an unexpected packet while trying to connect. | 7.5 |