2021-12-22 | CVE-2021-40393 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). | 9.8 |
2021-12-22 | CVE-2021-37706 | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. | 9.8 |
2021-12-20 | CVE-2021-44790 | A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). | 9.8 |
2021-12-20 | CVE-2021-44732 | Double Free vulnerability in multiple products Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. | 9.8 |
2021-12-17 | CVE-2021-23450 | All versions of package dojo are vulnerable to Prototype Pollution via the setObject function. | 9.8 |
2021-12-15 | CVE-2021-43113 | Command Injection vulnerability in multiple products iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java. | 9.8 |
2021-12-14 | CVE-2021-45046 | It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. | 9.0 |
2021-12-14 | CVE-2021-44538 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. | 9.8 |
2021-12-10 | CVE-2021-44228 | Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. | 10.0 |
2021-12-08 | CVE-2021-38503 | Incorrect Authorization vulnerability in multiple products The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. | 10.0 |