High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-23	CVE-2021-3621	OS Command Injection vulnerability in multiple products A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. network low complexity fedoraproject redhat CWE-78	8.8
2021-12-23	CVE-2021-45463	load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. local low complexity gegl gimp redhat fedoraproject	7.8
2021-12-22	CVE-2021-44733	Race Condition vulnerability in multiple products A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. local high complexity linux redhat fedoraproject debian netapp CWE-362	7.0
2021-12-15	CVE-2021-45078	Out-of-bounds Write vulnerability in multiple products stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. local low complexity gnu fedoraproject redhat debian netapp CWE-787	7.8
2021-12-14	CVE-2021-4104	Deserialization of Untrusted Data vulnerability in multiple products JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. network high complexity apache fedoraproject redhat oracle CWE-502	7.5
2021-11-22	CVE-2021-3935	Improper Certificate Validation vulnerability in multiple products When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. network high complexity pgbouncer redhat fedoraproject debian CWE-295	8.1
2021-09-29	CVE-2021-3653	A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. local low complexity linux redhat debian	8.8
2021-09-07	CVE-2021-39251	NULL Pointer Dereference vulnerability in multiple products A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22. local low complexity tuxera debian redhat fedoraproject CWE-476	7.8
2021-09-07	CVE-2021-33285	Out-of-bounds Write vulnerability in multiple products In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. local low complexity tuxera redhat fedoraproject debian CWE-787	7.8
2021-08-27	CVE-2021-40153	Path Traversal vulnerability in multiple products squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. network low complexity squashfs-tools-project fedoraproject debian redhat CWE-22	8.1