11.6.3

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-20	CVE-2021-44224	NULL Pointer Dereference vulnerability in multiple products A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). network low complexity apache fedoraproject debian tenable oracle apple CWE-476	8.2
2021-12-20	CVE-2021-44790	Out-of-bounds Write vulnerability in multiple products A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). network low complexity apache fedoraproject debian tenable netapp oracle apple CWE-787 critical	9.8
2021-12-19	CVE-2021-4136	Heap-based Buffer Overflow vulnerability in multiple products vim is vulnerable to Heap-based Buffer Overflow local low complexity vim fedoraproject apple CWE-122	7.8
2021-10-19	CVE-2021-30846	Out-of-bounds Write vulnerability in multiple products A memory corruption issue was addressed with improved memory handling. local low complexity apple debian fedoraproject CWE-787	7.8
2021-09-29	CVE-2021-22946	Cleartext Transmission of Sensitive Information vulnerability in multiple products A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). network low complexity haxx debian fedoraproject netapp oracle apple siemens splunk CWE-319	7.5
2021-09-29	CVE-2021-22947	Insufficient Verification of Data Authenticity vulnerability in multiple products When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. network high complexity haxx fedoraproject debian netapp oracle siemens apple splunk CWE-345	5.9
2021-08-24	CVE-2021-30897	Unspecified vulnerability in Apple products An issue existed in the specification for the resource timing API. network low complexity apple	6.5
2021-08-24	CVE-2021-30904	Improper Synchronization vulnerability in Apple Macos A sync issue was addressed with improved state validation. network low complexity apple CWE-662	5.3
2021-08-24	CVE-2021-30923	Race Condition vulnerability in Apple Macos A race condition was addressed with improved locking. local high complexity apple CWE-362	7.0
2021-08-24	CVE-2021-30924	Unspecified vulnerability in Apple products A denial of service issue was addressed with improved state handling. network low complexity apple	7.5