Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2021-09-16	CVE-2021-40438	Server-Side Request Forgery (SSRF) vulnerability in multiple products A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. network high complexity apache fedoraproject debian netapp broadcom f5 oracle siemens tenable CWE-918 critical	9.0
2021-09-16	CVE-2021-39275	Out-of-bounds Write vulnerability in multiple products ap_escape_quotes() may write beyond the end of a buffer when given malicious input. network low complexity apache fedoraproject debian netapp oracle siemens CWE-787 critical	9.8
2021-08-24	CVE-2021-3711	Classic Buffer Overflow vulnerability in multiple products In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). network low complexity openssl debian netapp oracle tenable CWE-120 critical	9.8
2021-08-23	CVE-2021-3694	Cross-site Scripting vulnerability in multiple products LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. network low complexity ledgersmb debian CWE-79 critical	9.6
2021-08-23	CVE-2021-3693	Cross-site Scripting vulnerability in multiple products LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. network low complexity ledgersmb debian CWE-79 critical	9.6
2021-08-21	CVE-2021-38171	Unchecked Return Value vulnerability in multiple products adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted. network low complexity ffmpeg debian CWE-252 critical	9.8
2021-08-07	CVE-2021-38173	Command Injection vulnerability in multiple products Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys. network low complexity digint debian fedoraproject CWE-77 critical	9.8
2021-07-22	CVE-2021-35942	Integer Overflow or Wraparound vulnerability in multiple products The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. network low complexity gnu netapp debian CWE-190 critical	9.1
2021-07-13	CVE-2021-34552	Classic Buffer Overflow vulnerability in multiple products Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. network low complexity python debian fedoraproject CWE-120 critical	9.8
2021-06-30	CVE-2021-35474	Out-of-bounds Write vulnerability in multiple products Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. network low complexity apache debian CWE-787 critical	9.8