High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-24	CVE-2021-44531	Improper Certificate Validation vulnerability in multiple products Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. network high complexity nodejs oracle CWE-295	7.4
2021-08-31	CVE-2021-37701	Link Following vulnerability in multiple products The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. local low complexity npmjs debian oracle siemens CWE-59	8.6
2021-08-31	CVE-2021-37712	Link Following vulnerability in multiple products The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. local low complexity npmjs debian oracle siemens CWE-59	8.6
2021-08-31	CVE-2021-37713	Path Traversal vulnerability in multiple products The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. local low complexity npmjs oracle siemens CWE-22	8.6
2021-08-31	CVE-2021-39134	Improper Handling of Case Sensitivity vulnerability in multiple products `@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. local low complexity npmjs oracle siemens CWE-178	7.8
2021-08-31	CVE-2021-39135	UNIX Symbolic Link (Symlink) Following vulnerability in multiple products `@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. local low complexity npmjs oracle siemens CWE-61	7.8
2021-08-16	CVE-2021-22940	Use After Free vulnerability in multiple products Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. network low complexity nodejs oracle netapp siemens debian CWE-416	7.5
2021-08-03	CVE-2021-32803	Link Following vulnerability in multiple products The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. network low complexity tar-project oracle siemens CWE-59	8.1
2021-08-03	CVE-2021-32804	Path Traversal vulnerability in multiple products The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. network low complexity tar-project oracle siemens CWE-22	8.1
2021-07-21	CVE-2021-2388	Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). network high complexity oracle debian	7.5