Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2021-09-16	CVE-2021-40438	Server-Side Request Forgery (SSRF) vulnerability in multiple products A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. network high complexity apache fedoraproject debian netapp broadcom f5 oracle siemens tenable CWE-918 critical	9.0
2021-08-24	CVE-2021-3711	Classic Buffer Overflow vulnerability in multiple products In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). network low complexity openssl debian netapp oracle tenable CWE-120 critical	9.8
2021-08-16	CVE-2021-22931	Improper Input Validation vulnerability in multiple products Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library. network low complexity nodejs netapp oracle siemens CWE-20 critical	9.8
2021-07-21	CVE-2021-2391	Unspecified vulnerability in Oracle BI Publisher Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Scheduler). network low complexity oracle critical	9.0
2021-07-21	CVE-2021-2392	Unspecified vulnerability in Oracle BI Publisher Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). network low complexity oracle critical	9.0
2021-07-21	CVE-2021-2394	Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). network low complexity oracle critical	10.0
2021-07-21	CVE-2021-2396	Unspecified vulnerability in Oracle BI Publisher Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). network low complexity oracle critical	9.0
2021-06-10	CVE-2021-26691	Out-of-bounds Write vulnerability in multiple products In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow network low complexity apache debian fedoraproject oracle netapp CWE-787 critical	9.8
2021-06-02	CVE-2021-3520	Integer Overflow or Wraparound vulnerability in multiple products There's a flaw in lz4. network low complexity lz4-project netapp oracle splunk CWE-190 critical	9.8
2021-05-06	CVE-2021-29921	In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. network low complexity python oracle critical	9.8