High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-14	CVE-2021-4044	Infinite Loop vulnerability in multiple products Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. network low complexity openssl netapp nodejs CWE-835	7.5
2021-12-13	CVE-2021-43818	Injection vulnerability in multiple products lxml is a library for processing XML and HTML in the Python language. network low complexity lxml fedoraproject debian netapp oracle CWE-74	7.1
2021-11-15	CVE-2021-43618	Integer Overflow or Wraparound vulnerability in multiple products GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms. network low complexity gmplib debian netapp CWE-190	7.5
2021-10-28	CVE-2021-43057	Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel before 5.14.8. local low complexity linux netapp CWE-416	7.8
2021-10-25	CVE-2021-21703	Out-of-bounds Write vulnerability in multiple products In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user. local high complexity php debian fedoraproject netapp oracle CWE-787	7.0
2021-10-20	CVE-2021-35610	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). network low complexity oracle netapp fedoraproject	7.1
2021-10-20	CVE-2021-35560	Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). network high complexity oracle netapp	7.5
2021-10-19	CVE-2021-37136	Resource Exhaustion vulnerability in multiple products The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). network low complexity netty quarkus oracle netapp debian CWE-400	7.5
2021-10-19	CVE-2021-37137	Resource Exhaustion vulnerability in multiple products The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. network low complexity netty oracle quarkus netapp debian CWE-400	7.5
2021-10-14	CVE-2021-42340	Missing Release of Resource after Effective Lifetime vulnerability in multiple products The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. network low complexity apache netapp debian oracle CWE-772	7.5