Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-04-28	CVE-2021-31863	Improper Input Validation vulnerability in multiple products Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process. network low complexity redmine debian CWE-20	5.0
2021-04-27	CVE-2019-25031	Injection vulnerability in multiple products Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. network high complexity nlnetlabs debian CWE-74	5.9
2021-04-26	CVE-2021-21218	Use of Uninitialized Resource vulnerability in multiple products Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. local low complexity google debian fedoraproject CWE-908	5.5
2021-04-26	CVE-2021-21211	Origin Validation Error vulnerability in multiple products Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network low complexity google debian fedoraproject CWE-346	6.5
2021-04-26	CVE-2021-21209	Origin Validation Error vulnerability in multiple products Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network low complexity google debian fedoraproject CWE-346	6.5
2021-04-26	CVE-2021-21219	Unchecked Return Value vulnerability in multiple products Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. local low complexity google debian fedoraproject CWE-252	5.5
2021-04-26	CVE-2021-21217	Unchecked Return Value vulnerability in multiple products Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. local low complexity google debian fedoraproject CWE-252	5.5
2021-04-26	CVE-2021-21212	Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP. network low complexity google debian fedoraproject	6.5
2021-04-26	CVE-2021-21210	Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page. network low complexity google debian fedoraproject	6.5
2021-04-26	CVE-2021-21216	Authentication Bypass by Spoofing vulnerability in multiple products Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. network low complexity google debian fedoraproject CWE-290	6.5