High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-03-12	CVE-2021-27290	ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. network low complexity ssri-project oracle siemens	7.5
2021-03-10	CVE-2020-13936	An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. network low complexity apache debian oracle	8.8
2021-03-07	CVE-2021-27365	Out-of-bounds Write vulnerability in multiple products An issue was discovered in the Linux kernel through 5.11.3. local low complexity linux debian oracle netapp CWE-787	7.8
2021-03-07	CVE-2021-27364	Out-of-bounds Read vulnerability in multiple products An issue was discovered in the Linux kernel through 5.11.3. local low complexity linux debian netapp oracle canonical CWE-125	7.1
2021-03-05	CVE-2021-28041	Double Free vulnerability in multiple products ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. network high complexity openbsd fedoraproject netapp oracle CWE-415	7.1
2021-03-03	CVE-2021-22884	Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. network high complexity nodejs fedoraproject netapp oracle siemens	7.5
2021-03-03	CVE-2021-22883	Missing Release of Resource after Effective Lifetime vulnerability in multiple products Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. network low complexity nodejs fedoraproject netapp oracle siemens CWE-772	7.5
2021-03-01	CVE-2021-25329	The fix for CVE-2020-9484 was incomplete. local high complexity apache debian oracle	7.0
2021-03-01	CVE-2021-25122	Information Exposure vulnerability in multiple products When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request. network low complexity apache debian oracle CWE-200	7.5
2021-02-24	CVE-2020-11987	Server-Side Request Forgery (SSRF) vulnerability in multiple products Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. network low complexity apache fedoraproject oracle debian CWE-918	8.2