Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2021
CVE-2021-37988
Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.011
Published
2021-11-02
CVE-2021-37989
Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.007
Published
2021-11-02
CVE-2021-37990
Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app.
CVSS Score
5.5
EPSS Score
0.003
Published
2021-11-02
CVE-2021-37991
Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
7.5
EPSS Score
0.012
Published
2021-11-02
CVE-2021-37992
Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.01
Published
2021-11-02
CVE-2021-37993
Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.014
Published
2021-11-02
CVE-2021-37994
Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-11-02
CVE-2021-37995
Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-11-02
CVE-2021-37996
Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file.
CVSS Score
5.5
EPSS Score
0.002
Published
2021-11-02
CVE-2021-42697
Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments.
CVSS Score
7.5
EPSS Score
0.755
Published
2021-11-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved