| 2021-12-14 | CVE-2021-4104 | Deserialization of Untrusted Data vulnerability in multiple products
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. | 7.5 |
| 2021-12-08 | CVE-2021-4048 | An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. | 9.1 |
| 2021-12-08 | CVE-2021-44420 | In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. | 7.3 |
| 2021-11-29 | CVE-2021-3802 | A vulnerability found in udisks2. | 4.2 |
| 2021-11-23 | CVE-2021-3672 | Cross-site Scripting vulnerability in multiple products
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. | 5.6 |
| 2021-11-22 | CVE-2021-3935 | Improper Certificate Validation vulnerability in multiple products
When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. | 8.1 |
| 2021-11-04 | CVE-2021-43389 | Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the Linux kernel before 5.14.15. | 5.5 |
| 2021-10-19 | CVE-2021-3746 | A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. | 6.5 |
| 2021-10-08 | CVE-2021-32029 | Out-of-bounds Read vulnerability in multiple products
A flaw was found in postgresql. | 6.5 |
| 2021-10-04 | CVE-2021-32672 | Out-of-bounds Read vulnerability in multiple products
Redis is an open source, in-memory database that persists on disk. | 4.3 |