2022-07-01 | CVE-2022-2274 | Out-of-bounds Write vulnerability in multiple products The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. | 9.8 |
2022-06-02 | CVE-2022-27778 | Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. | 8.1 |
2022-05-06 | CVE-2022-24823 | Netty is an open-source, asynchronous event-driven network application framework. | 5.5 |
2022-05-03 | CVE-2022-1292 | OS Command Injection vulnerability in multiple products The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. | 9.8 |
2022-04-13 | CVE-2015-20107 | Command Injection vulnerability in multiple products In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. | 7.6 |
2022-03-16 | CVE-2022-23234 | Cleartext Storage of Sensitive Information vulnerability in Netapp Snapcenter SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext HANA credentials. | 5.5 |
2022-02-24 | CVE-2022-21824 | Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". | 8.2 |
2022-01-26 | CVE-2021-22570 | NULL Pointer Dereference vulnerability in multiple products Nullptr dereference when a null char is present in a proto symbol. | 5.5 |
2021-12-14 | CVE-2021-4044 | Infinite Loop vulnerability in multiple products Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. | 7.5 |
2021-12-10 | CVE-2021-44228 | Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. | 10.0 |