Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2021-11-19	CVE-2021-44026	SQL Injection vulnerability in multiple products Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params. network low complexity roundcube fedoraproject debian CWE-89 critical	9.8
2021-11-13	CVE-2021-3918	json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') network low complexity json-schema-project debian critical	9.8
2021-11-11	CVE-2021-3907	Path Traversal vulnerability in multiple products OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. network low complexity cloudflare debian CWE-22 critical	9.8
2021-11-05	CVE-2021-35368	OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname. network low complexity owasp fedoraproject debian critical	9.8
2021-11-04	CVE-2021-43400	Use After Free vulnerability in multiple products An issue was discovered in gatt-database.c in BlueZ 5.61. network low complexity bluez debian CWE-416 critical	9.1
2021-10-08	CVE-2021-37973	Use After Free vulnerability in multiple products Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. network low complexity google fedoraproject debian CWE-416 critical	9.6
2021-10-07	CVE-2021-22930	Use After Free vulnerability in multiple products Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. network low complexity nodejs netapp siemens debian CWE-416 critical	9.8
2021-09-23	CVE-2021-22945	Double Free vulnerability in multiple products When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it again. network low complexity haxx fedoraproject netapp oracle apple siemens debian splunk CWE-415 critical	9.1
2021-09-16	CVE-2021-39275	Out-of-bounds Write vulnerability in multiple products ap_escape_quotes() may write beyond the end of a buffer when given malicious input. network low complexity apache fedoraproject debian netapp oracle siemens CWE-787 critical	9.8
2021-09-16	CVE-2021-40438	Server-Side Request Forgery (SSRF) vulnerability in multiple products A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. network high complexity apache fedoraproject debian netapp broadcom f5 oracle siemens tenable CWE-918 critical	9.0