High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-01-19	CVE-2020-14409	Integer Overflow or Wraparound vulnerability in multiple products SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. local low complexity libsdl fedoraproject debian starwindsoftware CWE-190	7.8
2021-01-19	CVE-2021-20190	A flaw was found in jackson-databind before 2.9.10.7. network high complexity fasterxml netapp apache debian oracle	8.1
2021-01-18	CVE-2020-36193	Link Following vulnerability in multiple products Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. network low complexity php fedoraproject debian drupal CWE-59	7.5
2021-01-14	CVE-2021-21261	Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. local low complexity flatpak debian	8.8
2021-01-14	CVE-2020-16119	Use After Free vulnerability in multiple products Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. local low complexity linux canonical debian CWE-416	7.8
2021-01-13	CVE-2020-28374	Path Traversal vulnerability in multiple products In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. network low complexity linux fedoraproject debian CWE-22	8.1
2021-01-12	CVE-2020-35459	OS Command Injection vulnerability in multiple products An issue was discovered in ClusterLabs crmsh through 4.2.1. local low complexity clusterlabs debian CWE-78	7.8
2021-01-12	CVE-2020-35653	Out-of-bounds Read vulnerability in multiple products In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. network low complexity python fedoraproject debian CWE-125	7.1
2021-01-08	CVE-2021-21116	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian CWE-787	8.8
2021-01-08	CVE-2021-21114	Use After Free vulnerability in multiple products Use after free in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian CWE-416	8.8