High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-03	CVE-2020-28469	Resource Exhaustion vulnerability in multiple products This affects the package glob-parent before 5.1.2. network low complexity gulpjs oracle CWE-400	7.5
2021-06-01	CVE-2021-31684	Out-of-bounds Write vulnerability in multiple products A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request. network low complexity json-smart-project oracle CWE-787	7.5
2021-06-01	CVE-2021-3516	Use After Free vulnerability in multiple products There's a flaw in libxml2's xmllint in versions before 2.9.11. local low complexity xmlsoft debian fedoraproject redhat netapp oracle CWE-416	7.8
2021-06-01	CVE-2021-23017	Off-by-one Error vulnerability in multiple products A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. network high complexity f5 openresty fedoraproject netapp oracle CWE-193	7.7
2021-05-28	CVE-2021-29505	Deserialization of Untrusted Data vulnerability in multiple products XStream is software for serializing Java objects to XML and back again. network low complexity xstream-project debian fedoraproject netapp oracle CWE-502	8.8
2021-05-27	CVE-2021-22118	Exposure of Resource to Wrong Sphere vulnerability in multiple products In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. local low complexity vmware oracle netapp CWE-668	7.8
2021-05-20	CVE-2021-20718	Resource Exhaustion vulnerability in multiple products mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors. network low complexity openidc fedoraproject oracle CWE-400	7.5
2021-05-19	CVE-2021-3517	Out-of-bounds Write vulnerability in multiple products There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. network low complexity xmlsoft redhat fedoraproject debian netapp oracle CWE-787	8.6
2021-05-18	CVE-2021-3518	Use After Free vulnerability in multiple products There's a flaw in libxml2 in versions before 2.9.11. network low complexity xmlsoft debian redhat fedoraproject netapp oracle CWE-416	8.8
2021-04-29	CVE-2021-25215	Reachable Assertion vulnerability in multiple products In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. network low complexity debian isc fedoraproject netapp oracle siemens CWE-617	7.5