Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-08-05	CVE-2021-22923	Insufficiently Protected Credentials vulnerability in multiple products When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. network high complexity haxx fedoraproject netapp oracle siemens splunk CWE-522	5.3
2021-08-05	CVE-2021-22925	Use of Uninitialized Resource vulnerability in multiple products curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. network low complexity haxx fedoraproject netapp apple oracle siemens splunk CWE-908	5.3
2021-07-26	CVE-2021-22144	Uncontrolled Recursion vulnerability in multiple products In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. network low complexity elastic oracle CWE-674	6.5
2021-07-21	CVE-2021-37159	Use After Free vulnerability in multiple products hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free. high complexity linux debian oracle CWE-416	6.4
2021-07-21	CVE-2021-22145	Information Exposure Through an Error Message vulnerability in multiple products A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. network low complexity elastic oracle CWE-209	6.5
2021-07-19	CVE-2021-35043	Cross-site Scripting vulnerability in multiple products OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). network low complexity antisamy-project oracle netapp CWE-79	6.1
2021-07-19	CVE-2021-32012	Resource Exhaustion vulnerability in multiple products SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 1 of 2). local low complexity sheetjs-project oracle CWE-400	5.5
2021-07-19	CVE-2021-32013	Resource Exhaustion vulnerability in multiple products SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 2 of 2). local low complexity sheetjs-project oracle CWE-400	5.5
2021-07-19	CVE-2021-32014	Resource Exhaustion vulnerability in multiple products SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (CPU consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js. local low complexity sheetjs oracle CWE-400	5.5
2021-07-15	CVE-2021-34429	For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. network low complexity eclipse netapp oracle	5.3