| 2022-03-25 | CVE-2021-3933 | An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. | 5.5 |
| 2022-03-25 | CVE-2021-3941 | In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. | 6.5 |
| 2022-03-25 | CVE-2022-0983 | SQL Injection vulnerability in multiple products
An SQL injection risk was identified in Badges code relating to configuring criteria. | 8.8 |
| 2022-03-25 | CVE-2022-24778 | Incorrect Authorization vulnerability in multiple products
The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images. | 7.5 |
| 2022-03-25 | CVE-2022-27227 | In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers. | 7.5 |
| 2022-03-25 | CVE-2018-25032 | Out-of-bounds Write vulnerability in multiple products
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. | 7.5 |
| 2022-03-24 | CVE-2022-24769 | Moby is an open-source project created by Docker to enable and accelerate software containerization. | 5.9 |
| 2022-03-23 | CVE-2022-0396 | Improper Resource Shutdown or Release vulnerability in multiple products
BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. | 5.3 |
| 2022-03-18 | CVE-2022-0547 | Improper Authentication vulnerability in multiple products
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials. | 9.8 |
| 2022-03-18 | CVE-2022-27191 | The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. | 7.5 |