Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-22	CVE-2021-40393	Out-of-bounds Write vulnerability in multiple products An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). network low complexity gerbv-project debian CWE-787 critical	9.8
2021-12-22	CVE-2021-40394	Out-of-bounds Write vulnerability in multiple products An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). network low complexity gerbv-project debian CWE-787 critical	9.8
2021-12-22	CVE-2021-37706	Integer Underflow (Wrap or Wraparound) vulnerability in multiple products PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. network low complexity teluu asterisk sangoma debian CWE-191 critical	9.8
2021-12-20	CVE-2021-44790	Out-of-bounds Write vulnerability in multiple products A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). network low complexity apache fedoraproject debian tenable netapp oracle apple CWE-787 critical	9.8
2021-12-20	CVE-2021-44732	Double Free vulnerability in multiple products Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. network low complexity arm debian CWE-415 critical	9.8
2021-12-17	CVE-2021-23450	All versions of package dojo are vulnerable to Prototype Pollution via the setObject function. network low complexity linuxfoundation oracle debian critical	9.8
2021-12-15	CVE-2021-43113	Command Injection vulnerability in multiple products iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java. network low complexity itextpdf debian CWE-77 critical	9.8
2021-12-14	CVE-2021-45046	Expression Language Injection vulnerability in multiple products It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. network high complexity apache intel cvat siemens debian sonicwall fedoraproject CWE-917 critical	9.0
2021-12-14	CVE-2021-44538	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. network low complexity matrix schildi cinny-project debian CWE-119 critical	9.8
2021-12-10	CVE-2021-44228	Deserialization of Untrusted Data vulnerability in multiple products Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. network low complexity apache siemens intel debian fedoraproject sonicwall netapp cisco snowsoftware bentley percussion apple CWE-502 critical	10.0