High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-02-23	CVE-2021-20226	A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of validating the existence of an object prior to performing operations on the object by not incrementing the file reference counter while in use. local low complexity linux netapp	7.8
2021-02-19	CVE-2021-26296	Cross-Site Request Forgery (CSRF) vulnerability in multiple products In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. network high complexity apache netapp CWE-352	7.5
2021-02-17	CVE-2020-8625	Classic Buffer Overflow vulnerability in multiple products BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. network high complexity isc debian fedoraproject siemens netapp CWE-120	8.1
2021-02-15	CVE-2021-27219	Incorrect Conversion between Numeric Types vulnerability in multiple products An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. network low complexity gnome fedoraproject debian netapp broadcom CWE-681	7.5
2021-02-15	CVE-2021-27218	Incorrect Conversion between Numeric Types vulnerability in multiple products An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. network low complexity gnome fedoraproject debian netapp broadcom CWE-681	7.5
2021-02-15	CVE-2021-23337	Code Injection vulnerability in multiple products Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. network low complexity lodash oracle netapp siemens CWE-94	7.2
2021-02-15	CVE-2021-21702	NULL Pointer Dereference vulnerability in multiple products In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash. network low complexity php debian netapp oracle CWE-476	7.5
2021-02-05	CVE-2021-26708	Improper Locking vulnerability in multiple products A local privilege escalation was discovered in the Linux kernel before 5.10.13. local high complexity linux netapp CWE-667	7.0
2021-01-27	CVE-2021-3326	Reachable Assertion vulnerability in multiple products The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. network low complexity gnu netapp oracle fujitsu debian CWE-617	7.5
2021-01-27	CVE-2021-26118	While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. network low complexity apache netapp	7.5