High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-02-24	CVE-2020-11987	Server-Side Request Forgery (SSRF) vulnerability in multiple products Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. network low complexity apache fedoraproject oracle debian CWE-918	8.2
2021-02-23	CVE-2021-3410	Integer Overflow or Wraparound vulnerability in multiple products A flaw was found in libcaca v0.99.beta19. local low complexity libcaca-project debian fedoraproject CWE-190	7.8
2021-02-23	CVE-2021-20247	Path Traversal vulnerability in multiple products A flaw was found in mbsync before v1.3.5 and v1.4.1. network high complexity mbsync-project debian fedoraproject CWE-22	7.4
2021-02-22	CVE-2021-26119	Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode. network low complexity smarty debian	7.5
2021-02-18	CVE-2021-27379	An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. local low complexity xen debian	7.8
2021-02-17	CVE-2020-8625	Classic Buffer Overflow vulnerability in multiple products BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. network high complexity isc debian fedoraproject siemens netapp CWE-120	8.1
2021-02-17	CVE-2021-26720	Link Following vulnerability in multiple products avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. local low complexity avahi debian CWE-59	7.8
2021-02-17	CVE-2021-26930	An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. local low complexity linux fedoraproject debian	7.8
2021-02-16	CVE-2021-23840	Integer Overflow or Wraparound vulnerability in multiple products Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. network low complexity openssl debian tenable oracle mcafee fujitsu nodejs CWE-190	7.5
2021-02-16	CVE-2021-27229	Link Following vulnerability in multiple products Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text. network low complexity mumble debian CWE-59	8.8