|2022-01-01||CVE-2021-41819||CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names.|| 5.0 |
|2022-01-01||CVE-2021-41817||Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string.|| 5.0 |
|2021-12-25||CVE-2021-4166|| Out-of-bounds Read vulnerability in multiple products |
vim is vulnerable to Out-of-bounds Read
| 5.8 |
|2021-12-23||CVE-2021-3621|| Command Injection vulnerability in multiple products |
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands.
| 9.3 |
|2021-12-23||CVE-2021-3622|| Resource Exhaustion vulnerability in multiple products |
A flaw was found in the hivex library.
| 4.3 |
|2021-12-23||CVE-2021-20318|| Deserialization of Untrusted Data vulnerability in Redhat Jboss Enterprise Application Platform 7.3.9/7.4.0 |
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978.
| 6.5 |
|2021-12-23||CVE-2021-3584|| OS Command Injection vulnerability in multiple products |
A server side remote code execution vulnerability was found in Foreman project.
| 9.0 |
|2021-12-23||CVE-2021-4024|| Origin Validation Error vulnerability in multiple products |
A flaw was found in podman.
| 6.4 |
|2021-12-23||CVE-2021-45463||GEGL before 0.4.34, as used (for example) in GIMP before 2.10.30, allows shell expansion when a pathname in a constructed command line is not escaped or filtered.|| 6.8 |
|2021-12-22||CVE-2021-44733|| Use After Free vulnerability in multiple products |
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.
| 4.4 |