Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-15	CVE-2021-43113	Command Injection vulnerability in multiple products iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java. network low complexity itextpdf debian CWE-77 critical	9.8
2021-12-14	CVE-2021-45046	Expression Language Injection vulnerability in multiple products It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. network high complexity apache intel siemens debian sonicwall fedoraproject CWE-917 critical	9.0
2021-12-14	CVE-2021-44538	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. network low complexity matrix schildi cinny-project debian CWE-119 critical	9.8
2021-12-10	CVE-2021-44228	Deserialization of Untrusted Data vulnerability in multiple products Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. network low complexity apache siemens intel debian fedoraproject sonicwall netapp cisco snowsoftware bentley percussion CWE-502 critical	10.0
2021-12-08	CVE-2021-38503	Incorrect Authorization vulnerability in multiple products The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. network low complexity mozilla debian CWE-863 critical	10.0
2021-11-23	CVE-2021-38002	Use After Free vulnerability in multiple products Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. network low complexity google fedoraproject debian CWE-416 critical	9.6
2021-11-22	CVE-2021-44143	Out-of-bounds Write vulnerability in multiple products A flaw was found in mbsync in isync 1.4.0 through 1.4.3. network low complexity isync-project debian fedoraproject CWE-787 critical	9.8
2021-11-19	CVE-2021-40391	Improper Handling of Exceptional Conditions vulnerability in multiple products An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). network low complexity gerbv-project debian fedoraproject CWE-755 critical	9.8
2021-11-19	CVE-2021-44026	SQL Injection vulnerability in multiple products Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params. network low complexity roundcube fedoraproject debian CWE-89 critical	9.8
2021-11-13	CVE-2021-3918	json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') network low complexity json-schema-project debian critical	9.8