Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-10	CVE-2021-27347	Use After Free vulnerability in multiple products Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service (DoS) via a crafted compressed file. local low complexity long-range-zip-project debian CWE-416	5.5
2021-06-10	CVE-2021-30641	Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' network low complexity apache debian fedoraproject oracle	5.3
2021-06-09	CVE-2021-0089	Information Exposure Through Discrepancy vulnerability in multiple products Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. local low complexity debian fedoraproject intel CWE-203	6.5
2021-06-09	CVE-2021-0129	Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. low complexity bluez redhat debian	5.7
2021-06-09	CVE-2020-24511	Exposure of Resource to Wrong Sphere vulnerability in multiple products Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. local low complexity intel debian netapp CWE-668	6.5
2021-06-09	CVE-2020-24513	Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. local low complexity intel debian siemens	6.5
2021-06-09	CVE-2021-26313	Information Exposure Through Discrepancy vulnerability in multiple products Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage. local low complexity xen arm broadcom intel debian CWE-203	5.5
2021-06-09	CVE-2021-33829	Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled. network low complexity ckeditor fedoraproject drupal debian CWE-79	6.1
2021-06-09	CVE-2021-28169	For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. network low complexity eclipse debian oracle netapp	5.3
2021-06-08	CVE-2021-23215	An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. local low complexity openexr fedoraproject debian	5.5