Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2021-11-15	CVE-2021-42377	Release of Invalid Pointer or Reference vulnerability in multiple products An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. network low complexity busybox fedoraproject netapp CWE-763 critical	9.8
2021-11-13	CVE-2021-43616	Insufficient Verification of Data Authenticity vulnerability in multiple products The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. network low complexity npmjs netapp fedoraproject CWE-345 critical	9.8
2021-11-02	CVE-2021-43267	Improper Validation of Specified Quantity in Input vulnerability in multiple products An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. network low complexity linux fedoraproject netapp CWE-1284 critical	9.8
2021-10-07	CVE-2021-42013	It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. network low complexity apache fedoraproject oracle netapp critical	9.8
2021-10-07	CVE-2021-22930	Use After Free vulnerability in multiple products Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. network low complexity nodejs netapp siemens debian CWE-416 critical	9.8
2021-09-23	CVE-2021-22945	Double Free vulnerability in multiple products When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it again. network low complexity haxx fedoraproject netapp oracle apple siemens debian splunk CWE-415 critical	9.1
2021-09-16	CVE-2021-39275	Out-of-bounds Write vulnerability in multiple products ap_escape_quotes() may write beyond the end of a buffer when given malicious input. network low complexity apache fedoraproject debian netapp oracle siemens CWE-787 critical	9.8
2021-09-16	CVE-2021-40438	Server-Side Request Forgery (SSRF) vulnerability in multiple products A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. network high complexity apache fedoraproject debian netapp broadcom f5 oracle siemens tenable CWE-918 critical	9.0
2021-08-24	CVE-2021-3711	Classic Buffer Overflow vulnerability in multiple products In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). network low complexity openssl debian netapp oracle tenable CWE-120 critical	9.8
2021-08-16	CVE-2021-22931	Improper Input Validation vulnerability in multiple products Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library. network low complexity nodejs netapp oracle siemens CWE-20 critical	9.8