Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-20	CVE-2021-44790	Out-of-bounds Write vulnerability in multiple products A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). network low complexity apache fedoraproject debian tenable netapp oracle apple CWE-787 critical	9.8
2021-10-05	CVE-2021-41116	Command Injection vulnerability in multiple products Composer is an open source dependency manager for the PHP language. network low complexity getcomposer tenable CWE-77 critical	9.8
2021-09-16	CVE-2021-40438	Server-Side Request Forgery (SSRF) vulnerability in multiple products A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. network high complexity apache fedoraproject debian netapp broadcom f5 oracle siemens tenable CWE-918 critical	9.0
2021-08-24	CVE-2021-3711	Classic Buffer Overflow vulnerability in multiple products In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). network low complexity openssl debian netapp oracle tenable CWE-120 critical	9.8
2020-04-09	CVE-2020-11656	Use After Free vulnerability in multiple products In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. network low complexity sqlite netapp oracle siemens tenable CWE-416 critical	9.8
2020-02-27	CVE-2020-7061	Out-of-bounds Read vulnerability in multiple products In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. network low complexity php tenable CWE-125 critical	9.1
2020-02-10	CVE-2020-7059	Out-of-bounds Read vulnerability in multiple products When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. network low complexity php tenable oracle opensuse debian CWE-125 critical	9.1
2020-02-10	CVE-2020-7060	Out-of-bounds Read vulnerability in multiple products When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. network low complexity php tenable oracle opensuse debian CWE-125 critical	9.1
2019-12-20	CVE-2019-19919	Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. network low complexity handlebars-js-project tenable critical	9.8
2019-12-09	CVE-2019-19646	Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. network low complexity sqlite siemens tenable oracle netapp CWE-754 critical	9.8