Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-07-13	CVE-2021-31810	An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. network low complexity ruby-lang debian oracle	5.8
2021-07-12	CVE-2021-30640	Improper Encoding or Escaping of Output vulnerability in multiple products A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. network high complexity apache oracle debian CWE-116	6.5
2021-07-12	CVE-2021-33037	HTTP Request Smuggling vulnerability in multiple products Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. network low complexity apache debian oracle mcafee CWE-444	5.3
2021-07-06	CVE-2021-3598	There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. local low complexity openexr redhat debian	5.5
2021-06-30	CVE-2021-3630	Out-of-bounds Write vulnerability in multiple products An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. local low complexity djvulibre-project debian fedoraproject CWE-787	5.5
2021-06-28	CVE-2021-33515	Command Injection vulnerability in multiple products The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. network high complexity dovecot fedoraproject debian CWE-77	4.8
2021-06-23	CVE-2021-33624	Type Confusion vulnerability in multiple products In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db. local high complexity linux debian CWE-843	4.7
2021-06-22	CVE-2021-0561	Out-of-bounds Write vulnerability in multiple products In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. local low complexity google fedoraproject debian CWE-787	5.5
2021-06-14	CVE-2021-34693	Missing Initialization of Resource vulnerability in multiple products net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. local low complexity linux debian CWE-909	5.5
2021-06-11	CVE-2021-22895	Improper Certificate Validation vulnerability in multiple products Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow. network high complexity nextcloud debian CWE-295	5.9