High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-30	CVE-2021-4184	Infinite Loop vulnerability in multiple products Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file network low complexity wireshark fedoraproject debian oracle CWE-835	7.5
2021-12-30	CVE-2021-4185	Infinite Loop vulnerability in multiple products Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file network low complexity wireshark fedoraproject debian oracle CWE-835	7.5
2021-12-13	CVE-2021-43818	Injection vulnerability in multiple products lxml is a library for processing XML and HTML in the Python language. network low complexity lxml fedoraproject debian netapp oracle CWE-74	7.1
2021-12-07	CVE-2021-42717	Uncontrolled Recursion vulnerability in multiple products ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. network low complexity trustwave f5 debian oracle CWE-674	7.5
2021-09-26	CVE-2021-41617	sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. local high complexity openbsd fedoraproject netapp oracle starwindsoftware	7.0
2021-09-16	CVE-2021-34798	NULL Pointer Dereference vulnerability in multiple products Malformed requests may cause the server to dereference a NULL pointer. network low complexity apache fedoraproject debian netapp tenable oracle broadcom siemens CWE-476	7.5
2021-09-16	CVE-2021-36160	Out-of-bounds Read vulnerability in multiple products A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). network low complexity apache fedoraproject debian netapp oracle broadcom CWE-125	7.5
2021-08-24	CVE-2021-3712	Out-of-bounds Read vulnerability in multiple products ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. network high complexity openssl debian netapp mcafee tenable oracle siemens CWE-125	7.4
2021-08-24	CVE-2021-36690	A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. network low complexity sqlite oracle apple	7.5
2021-08-16	CVE-2021-33193	A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. network low complexity apache fedoraproject tenable oracle	7.5