Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2021-10-07	CVE-2021-22930	Use After Free vulnerability in multiple products Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. network low complexity nodejs netapp siemens debian CWE-416 critical	9.8
2021-09-23	CVE-2021-22945	Double Free vulnerability in multiple products When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it again. network low complexity haxx fedoraproject netapp oracle apple siemens debian splunk CWE-415 critical	9.1
2021-09-16	CVE-2021-40438	Server-Side Request Forgery (SSRF) vulnerability in multiple products A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. network high complexity apache fedoraproject debian netapp broadcom f5 oracle siemens tenable CWE-918 critical	9.0
2021-09-16	CVE-2021-39275	Out-of-bounds Write vulnerability in multiple products ap_escape_quotes() may write beyond the end of a buffer when given malicious input. network low complexity apache fedoraproject debian netapp oracle siemens CWE-787 critical	9.8
2021-08-24	CVE-2021-3711	Classic Buffer Overflow vulnerability in multiple products In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). network low complexity openssl debian netapp oracle tenable CWE-120 critical	9.8
2021-08-23	CVE-2021-3694	Cross-site Scripting vulnerability in multiple products LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. network low complexity ledgersmb debian CWE-79 critical	9.6
2021-08-23	CVE-2021-3693	Cross-site Scripting vulnerability in multiple products LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. network low complexity ledgersmb debian CWE-79 critical	9.6
2021-08-21	CVE-2021-38171	Unchecked Return Value vulnerability in multiple products adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted. network low complexity ffmpeg debian CWE-252 critical	9.8
2021-08-07	CVE-2021-38173	Command Injection vulnerability in multiple products Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys. network low complexity digint debian fedoraproject CWE-77 critical	9.8
2021-07-22	CVE-2021-35942	Integer Overflow or Wraparound vulnerability in multiple products The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. network low complexity gnu netapp debian CWE-190 critical	9.1