How severe is CVE-2021-30245?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2021-30245?

This is classified as CWE-610, which is a common weakness in software security.

CVE-2021-30245

HIGH Year: 2021

CVSS v3 Score

8.8

High

CVSS v2 Score

6.8

Medium

Weakness Type

CWE-610

View all →

Vulnerability Description

The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code execution. It is always best practice to be careful opening documents from unknown and unverified sources. The mitigation in Apache OpenOffice 4.1.10 (unreleased) assures that a security warning is displayed giving the user the option of continuing to open the hyperlink.

CVE-2021-27648

HIGH

CVSS:8.8(High)

Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote authenticated users to obtain privilege via ...

CWE-6102021

CVE-2021-43844

HIGH

CVSS:8.8(High)

MSEdgeRedirect is a tool to redirect news, search, widgets, weather, and more to a user's default browser. MSEdgeRedirect versions before 0.5.0.1 are vulnerable to Remote Code Execution via specifical...

CWE-6102021

CVE-2022-24854

HIGH

CVSS:8.8(High)

Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called `ATTACH DATABASE`, which allows connecting multiple SQLite databases via the initial c...

CWE-6102022

CVE-2024-45826

HIGH

CVSS:8.8(High)

CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can...

CWE-6102024

CVE-2022-27593

CRITICAL

CVSS:9.1(Critical)

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have al...

CWE-6102022

CVE-2024-32980

CRITICAL

CVSS:9.1(Critical)

Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use `self` requests without a sp...

CWE-6102024

CVE-2021-30245

Vulnerability Description

Related Vulnerabilities

CVE-2021-27648

CVE-2021-43844

CVE-2022-24854

CVE-2024-45826

CVE-2022-27593

CVE-2024-32980