High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-30	CVE-2021-4182	Infinite Loop vulnerability in multiple products Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file network low complexity wireshark fedoraproject oracle CWE-835	7.5
2021-12-30	CVE-2021-4184	Infinite Loop vulnerability in multiple products Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file network low complexity wireshark fedoraproject debian oracle CWE-835	7.5
2021-12-30	CVE-2021-4185	Infinite Loop vulnerability in multiple products Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file network low complexity wireshark fedoraproject debian oracle CWE-835	7.5
2021-12-25	CVE-2021-45485	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. network low complexity linux netapp oracle CWE-327	7.5
2021-12-20	CVE-2021-44224	NULL Pointer Dereference vulnerability in multiple products A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). network low complexity apache fedoraproject debian tenable oracle apple CWE-476	8.2
2021-12-14	CVE-2021-4104	Deserialization of Untrusted Data vulnerability in multiple products JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. network high complexity apache fedoraproject redhat oracle CWE-502	7.5
2021-12-13	CVE-2021-43818	lxml is a library for processing XML and HTML in the Python language. network low complexity lxml fedoraproject debian netapp oracle	7.1
2021-12-07	CVE-2021-42717	Uncontrolled Recursion vulnerability in multiple products ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. network low complexity trustwave f5 debian oracle CWE-674	7.5
2021-11-08	CVE-2021-41772	Improper Input Validation vulnerability in multiple products Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. network low complexity golang fedoraproject oracle CWE-20	7.5
2021-11-04	CVE-2021-43396	In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. network low complexity gnu oracle	7.5