Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-08-31	CVE-2021-3634	Out-of-bounds Write vulnerability in multiple products A flaw has been found in libssh in versions prior to 0.9.6. network low complexity libssh redhat debian fedoraproject oracle netapp CWE-787	6.5
2021-08-23	CVE-2021-39140	XStream is a simple library to serialize objects to XML and back again. network high complexity xstream-project debian fedoraproject netapp oracle	6.3
2021-08-23	CVE-2021-37750	NULL Pointer Dereference vulnerability in multiple products The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. network low complexity mit fedoraproject debian starwindsoftware oracle CWE-476	6.5
2021-08-16	CVE-2021-22939	Improper Certificate Validation vulnerability in multiple products If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted. network low complexity nodejs oracle netapp siemens debian CWE-295	5.3
2021-08-13	CVE-2021-37695	ckeditor is an open source WYSIWYG HTML editor with rich content support. network low complexity ckeditor debian fedoraproject oracle	5.4
2021-08-12	CVE-2021-32808	ckeditor is an open source WYSIWYG HTML editor with rich content support. network low complexity ckeditor fedoraproject oracle	5.4
2021-08-12	CVE-2021-32809	Cross-site Scripting vulnerability in multiple products ckeditor is an open source WYSIWYG HTML editor with rich content support. network low complexity ckeditor fedoraproject oracle CWE-79	5.4
2021-08-08	CVE-2021-36221	Race Condition vulnerability in multiple products Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. network high complexity golang fedoraproject debian oracle siemens CWE-362	5.9
2021-08-05	CVE-2021-22922	Improper Handling of Exceptional Conditions vulnerability in multiple products When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. network low complexity haxx fedoraproject netapp oracle siemens splunk CWE-755	6.5
2021-08-05	CVE-2021-22923	Insufficiently Protected Credentials vulnerability in multiple products When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. network high complexity haxx fedoraproject netapp oracle siemens splunk CWE-522	5.3