High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-08-23	CVE-2021-39154	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. network high complexity xstream-project fedoraproject debian netapp oracle CWE-434	8.5
2021-08-23	CVE-2021-35940	Out-of-bounds Read vulnerability in multiple products An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). local low complexity apache oracle CWE-125	7.1
2021-08-18	CVE-2021-37714	Infinite Loop vulnerability in multiple products jsoup is a Java library for working with HTML. network low complexity jsoup quarkus oracle netapp CWE-835	7.5
2021-08-16	CVE-2021-22940	Use After Free vulnerability in multiple products Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. network low complexity nodejs oracle netapp siemens debian CWE-416	7.5
2021-08-16	CVE-2021-33193	A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. network low complexity apache fedoraproject tenable oracle	7.5
2021-08-12	CVE-2021-38604	NULL Pointer Dereference vulnerability in multiple products In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. network low complexity gnu fedoraproject oracle CWE-476	7.5
2021-08-07	CVE-2021-29923	Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. network low complexity golang oracle fedoraproject	7.5
2021-08-05	CVE-2021-22926	Improper Certificate Validation vulnerability in multiple products libcurl-using applications can ask for a specific client certificate to be used in a transfer. network low complexity haxx netapp oracle siemens splunk CWE-295	7.5
2021-08-03	CVE-2021-32803	Link Following vulnerability in multiple products The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. network low complexity tar-project oracle siemens CWE-59	8.1
2021-08-03	CVE-2021-32804	Path Traversal vulnerability in multiple products The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. network low complexity tar-project oracle siemens CWE-22	8.1