Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-05-11	CVE-2020-26139	Improper Authentication vulnerability in multiple products An issue was discovered in the kernel in NetBSD 7.1. high complexity netbsd debian arista cisco intel CWE-287	5.3
2021-05-11	CVE-2020-26147	An issue was discovered in the Linux kernel 5.8.9. high complexity linux debian arista siemens	5.4
2021-05-06	CVE-2021-31916	An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. local low complexity linux redhat debian	6.7
2021-05-06	CVE-2021-31829	Incorrect Authorization vulnerability in multiple products kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. local low complexity linux fedoraproject debian CWE-863	5.5
2021-05-06	CVE-2021-3507	A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). local low complexity qemu debian redhat	6.1
2021-05-05	CVE-2021-20254	A flaw was found in samba. network high complexity samba fedoraproject redhat debian	6.8
2021-04-30	CVE-2021-21229	Origin Validation Error vulnerability in multiple products Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. network low complexity google debian fedoraproject CWE-346	6.5
2021-04-30	CVE-2021-21228	Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. network low complexity google debian fedoraproject CWE-863	4.3
2021-04-29	CVE-2021-21417	Use After Free vulnerability in multiple products fluidsynth is a software synthesizer based on the SoundFont 2 specifications. local low complexity fluidsynth debian CWE-416	5.5
2021-04-29	CVE-2021-25214	Reachable Assertion vulnerability in multiple products In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed. network low complexity isc debian fedoraproject siemens netapp CWE-617	6.5