Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-02-27	CVE-2021-25284	Insufficiently Protected Credentials vulnerability in multiple products An issue was discovered in through SaltStack Salt before 3002.5. local low complexity saltstack fedoraproject debian CWE-522	4.4
2021-02-27	CVE-2020-28972	Improper Certificate Validation vulnerability in multiple products In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate. network high complexity saltstack fedoraproject debian CWE-295	5.9
2021-02-26	CVE-2020-27618	Infinite Loop vulnerability in multiple products The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. local low complexity gnu netapp oracle debian CWE-835	5.5
2021-02-26	CVE-2020-27223	Resource Exhaustion vulnerability in multiple products In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. network low complexity eclipse apache netapp debian oracle CWE-400	5.3
2021-02-26	CVE-2021-23978	Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. network mozilla debian	6.8
2021-02-26	CVE-2021-23961	Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. network mozilla debian	4.3
2021-02-26	CVE-2021-21330	Open Redirect vulnerability in multiple products aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. network low complexity aiohttp debian fedoraproject CWE-601	6.1
2021-02-26	CVE-2021-23973	Information Exposure Through an Error Message vulnerability in multiple products When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. network mozilla debian CWE-209	4.3
2021-02-26	CVE-2021-23969	As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. network mozilla debian	4.3
2021-02-26	CVE-2021-23968	Information Exposure Through an Error Message vulnerability in multiple products If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. network mozilla debian CWE-209	4.3