High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-02-15	CVE-2021-21702	NULL Pointer Dereference vulnerability in multiple products In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash. network low complexity php debian netapp oracle CWE-476	7.5
2021-02-12	CVE-2020-13949	Resource Exhaustion vulnerability in multiple products In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. network low complexity apache oracle CWE-400	7.5
2021-02-03	CVE-2020-28895	Integer Overflow or Wraparound vulnerability in multiple products In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). network low complexity windriver oracle CWE-190	7.3
2021-01-29	CVE-2021-3345	Out-of-bounds Write vulnerability in multiple products _gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. local low complexity gnupg oracle CWE-787	7.8
2021-01-27	CVE-2021-3326	Reachable Assertion vulnerability in multiple products The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. network low complexity gnu netapp oracle fujitsu debian CWE-617	7.5
2021-01-27	CVE-2021-26117	Improper Authentication vulnerability in multiple products The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. network low complexity apache netapp debian oracle CWE-287	7.5
2021-01-26	CVE-2021-3156	Off-by-one Error vulnerability in multiple products Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. local low complexity sudo-project fedoraproject debian netapp mcafee synology beyondtrust oracle CWE-193	7.8
2021-01-26	CVE-2020-9492	Incorrect Authorization vulnerability in multiple products In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification. network low complexity apache oracle CWE-863	8.8
2021-01-20	CVE-2021-2129	Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). local low complexity oracle	7.9
2021-01-20	CVE-2021-2118	Unspecified vulnerability in Oracle Marketing Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). network low complexity oracle	8.2