Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-02	CVE-2022-21724	Improper Initialization vulnerability in multiple products pgjdbc is the offical PostgreSQL JDBC Driver. network low complexity postgresql fedoraproject quarkus debian CWE-665 critical	9.8
2022-01-31	CVE-2021-45079	NULL Pointer Dereference vulnerability in multiple products In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication. network low complexity strongswan debian fedoraproject canonical CWE-476 critical	9.1
2022-01-26	CVE-2022-23959	HTTP Request Smuggling vulnerability in multiple products In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections. network low complexity varnish-software varnish-cache-project fedoraproject debian CWE-444 critical	9.1
2022-01-17	CVE-2022-23303	Information Exposure Through Discrepancy vulnerability in multiple products The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. network low complexity w1-fi fedoraproject CWE-203 critical	9.8
2022-01-17	CVE-2022-23304	Information Exposure Through Discrepancy vulnerability in multiple products The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. network low complexity w1-fi fedoraproject CWE-203 critical	9.8
2022-01-05	CVE-2021-43816	containerd is an open source container runtime. network low complexity linuxfoundation fedoraproject critical	9.1
2021-12-23	CVE-2021-38013	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page. network low complexity google fedoraproject debian CWE-787 critical	9.6
2021-12-20	CVE-2021-44790	A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). network low complexity apache fedoraproject debian tenable netapp oracle apple critical	9.8
2021-12-14	CVE-2021-45046	Expression Language Injection vulnerability in multiple products It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. network high complexity apache intel cvat siemens debian sonicwall fedoraproject CWE-917 critical	9.0
2021-12-13	CVE-2021-44847	Incorrect Calculation vulnerability in multiple products A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet. network low complexity toktok fedoraproject CWE-682 critical	9.8