High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-03-03	CVE-2021-22884	Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. network high complexity nodejs fedoraproject netapp oracle siemens	7.5
2021-03-03	CVE-2021-22883	Missing Release of Resource after Effective Lifetime vulnerability in multiple products Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. network low complexity nodejs fedoraproject netapp oracle siemens CWE-772	7.5
2021-03-03	CVE-2021-20233	Out-of-bounds Write vulnerability in multiple products A flaw was found in grub2 in versions prior to 2.06. local low complexity gnu redhat fedoraproject netapp CWE-787	8.2
2021-03-03	CVE-2020-27779	A flaw was found in grub2 in versions prior to 2.06. local high complexity gnu redhat fedoraproject netapp	7.5
2021-03-03	CVE-2020-25647	Out-of-bounds Write vulnerability in multiple products A flaw was found in grub2 in versions prior to 2.06. low complexity gnu redhat fedoraproject netapp CWE-787	7.6
2021-03-03	CVE-2020-25632	Use After Free vulnerability in multiple products A flaw was found in grub2 in versions prior to 2.06. local low complexity gnu redhat fedoraproject netapp CWE-416	8.2
2021-03-03	CVE-2020-14372	A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. local high complexity gnu redhat fedoraproject netapp	7.5
2021-02-23	CVE-2021-20226	A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of validating the existence of an object prior to performing operations on the object by not incrementing the file reference counter while in use. local low complexity linux netapp	7.8
2021-02-19	CVE-2021-26296	Cross-Site Request Forgery (CSRF) vulnerability in multiple products In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. network high complexity apache netapp CWE-352	7.5
2021-02-17	CVE-2020-8625	Classic Buffer Overflow vulnerability in multiple products BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. network high complexity isc debian fedoraproject siemens netapp CWE-120	8.1