High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-05-26	CVE-2022-22576	Missing Authentication for Critical Function vulnerability in multiple products An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. network low complexity haxx debian netapp brocade splunk CWE-306	8.1
2022-05-03	CVE-2022-1473	Incomplete Cleanup vulnerability in multiple products The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. network low complexity openssl netapp CWE-459	7.5
2022-03-15	CVE-2022-0778	Infinite Loop vulnerability in multiple products The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. network low complexity openssl debian netapp fedoraproject tenable mariadb nodejs CWE-835	7.5
2022-02-26	CVE-2022-23308	Use After Free vulnerability in multiple products valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. network low complexity xmlsoft fedoraproject debian apple netapp oracle CWE-416	7.5
2022-01-06	CVE-2021-46143	Integer Overflow or Wraparound vulnerability in multiple products In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. local low complexity libexpat-project netapp tenable siemens CWE-190	7.8
2021-10-25	CVE-2021-21703	Out-of-bounds Write vulnerability in multiple products In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user. local high complexity php debian fedoraproject netapp oracle CWE-787	7.0
2021-09-29	CVE-2021-22946	Cleartext Transmission of Sensitive Information vulnerability in multiple products A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). network low complexity haxx debian fedoraproject netapp oracle apple siemens splunk CWE-319	7.5
2021-09-26	CVE-2021-41617	sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. local high complexity openbsd fedoraproject netapp oracle starwindsoftware	7.0
2021-09-16	CVE-2021-34798	NULL Pointer Dereference vulnerability in multiple products Malformed requests may cause the server to dereference a NULL pointer. network low complexity apache fedoraproject debian netapp tenable oracle broadcom siemens CWE-476	7.5
2021-09-16	CVE-2021-36160	Out-of-bounds Read vulnerability in multiple products A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). network low complexity apache fedoraproject debian netapp oracle broadcom CWE-125	7.5