Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-03-23	CVE-2021-3409	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. local low complexity qemu redhat fedoraproject debian CWE-119	5.7
2021-03-23	CVE-2021-3444	Incorrect Conversion between Numeric Types vulnerability in multiple products The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. local low complexity linux debian canonical CWE-681	4.6
2021-03-23	CVE-2021-20270	Infinite Loop vulnerability in multiple products An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. network low complexity pygments redhat fedoraproject debian CWE-835	5.0
2021-03-22	CVE-2021-28971	Improper Handling of Exceptional Conditions vulnerability in multiple products In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. local low complexity linux fedoraproject debian netapp CWE-755	5.5
2021-03-22	CVE-2021-28964	Race Condition vulnerability in multiple products A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. local high complexity linux fedoraproject debian netapp CWE-362	4.7
2021-03-22	CVE-2021-28963	Injection vulnerability in multiple products Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters. network low complexity shibboleth debian CWE-74	5.3
2021-03-21	CVE-2021-28957	Cross-site Scripting vulnerability in multiple products An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. network low complexity lxml debian fedoraproject netapp oracle CWE-79	6.1
2021-03-20	CVE-2020-27171	Off-by-one Error vulnerability in multiple products An issue was discovered in the Linux kernel before 5.11.8. local low complexity linux fedoraproject debian canonical CWE-193	6.0
2021-03-20	CVE-2020-27170	Information Exposure Through Discrepancy vulnerability in multiple products An issue was discovered in the Linux kernel before 5.11.8. local high complexity linux fedoraproject canonical debian CWE-203	4.7
2021-03-20	CVE-2021-28950	Excessive Iteration vulnerability in multiple products An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. local low complexity linux fedoraproject debian CWE-834	5.5