| 2021-11-13 | CVE-2021-43616 | Insufficient Verification of Data Authenticity vulnerability in multiple products
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. | 9.8 |
| 2021-11-02 | CVE-2021-43267 | Improper Validation of Specified Quantity in Input vulnerability in multiple products
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. | 9.8 |
| 2021-11-02 | CVE-2017-5123 | Improper Input Validation vulnerability in multiple products
Insufficient data validation in waitid allowed an user to escape sandboxes on Linux. | 8.8 |
| 2021-11-01 | CVE-2021-27005 | Unspecified vulnerability in Netapp Ontap System Manager 9.7/9.8/9.9.12
Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3 are susceptible to a vulnerability which could allow a remote attacker to cause a crash of the httpd server. | 7.5 |
| 2021-11-01 | CVE-2021-27004 | Unspecified vulnerability in Netapp Ontap System Manager 9.7/9.8/9.9.12
System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow a local attacker to discover plaintext iSCSI CHAP credentials. | 5.5 |
| 2021-10-29 | CVE-2021-25742 | A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster. | 7.1 |
| 2021-10-28 | CVE-2021-22096 | In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. | 4.3 |
| 2021-10-28 | CVE-2021-43057 | Use After Free vulnerability in multiple products
An issue was discovered in the Linux kernel before 5.14.8. | 7.8 |
| 2021-10-27 | CVE-2021-25219 | In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. | 5.3 |
| 2021-10-26 | CVE-2021-41182 | jQuery-UI is the official jQuery user interface library. | 6.1 |