| 2021-10-19 | CVE-2021-37137 | Resource Exhaustion vulnerability in multiple products
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. | 7.5 |
| 2021-10-18 | CVE-2021-42575 | The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. | 9.8 |
| 2021-10-14 | CVE-2021-42340 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. | 7.5 |
| 2021-10-07 | CVE-2021-42013 | It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. | 9.8 |
| 2021-10-06 | CVE-2021-20264 | Incorrect Permission Assignment for Critical Resource vulnerability in Oracle Openjdk 1.8.0/11
An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. | 7.8 |
| 2021-10-05 | CVE-2021-41524 | NULL Pointer Dereference vulnerability in multiple products
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. | 7.5 |
| 2021-10-05 | CVE-2021-41773 | Path Traversal vulnerability in multiple products
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. | 7.5 |
| 2021-10-04 | CVE-2021-32626 | Redis is an open source, in-memory database that persists on disk. | 8.8 |
| 2021-10-04 | CVE-2021-32627 | Redis is an open source, in-memory database that persists on disk. | 7.5 |
| 2021-10-04 | CVE-2021-32628 | Redis is an open source, in-memory database that persists on disk. | 7.5 |