High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-08	CVE-2021-44420	In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. network low complexity djangoproject redhat debian canonical fedoraproject	7.3
2021-11-22	CVE-2021-3935	Improper Certificate Validation vulnerability in multiple products When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. network high complexity pgbouncer redhat fedoraproject debian CWE-295	8.1
2021-10-19	CVE-2021-3746	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. network libtpms-project fedoraproject redhat CWE-119	7.1
2021-09-29	CVE-2021-3653	Missing Authorization vulnerability in multiple products A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. local low complexity linux redhat debian CWE-862	8.8
2021-09-22	CVE-2021-3583	Code Injection vulnerability in Redhat Ansible Automation Platform and Ansible Tower A flaw was found in Ansible, where a user's controller is vulnerable to template injection. local low complexity redhat CWE-94	7.1
2021-09-21	CVE-2021-31917	Improper Authentication vulnerability in multiple products A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). network low complexity infinispan redhat CWE-287	7.5
2021-09-07	CVE-2021-39251	NULL Pointer Dereference vulnerability in multiple products A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22. local low complexity tuxera debian redhat fedoraproject CWE-476	7.8
2021-09-07	CVE-2021-33285	Out-of-bounds Write vulnerability in multiple products In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. local low complexity tuxera redhat fedoraproject debian CWE-787	7.8
2021-08-27	CVE-2021-40153	Path Traversal vulnerability in multiple products squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. network low complexity squashfs-tools-project fedoraproject debian redhat CWE-22	8.1
2021-08-07	CVE-2021-38160	Classic Buffer Overflow vulnerability in multiple products In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. local low complexity linux netapp debian redhat CWE-120	7.8