Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-05-06	CVE-2021-31829	Incorrect Authorization vulnerability in multiple products kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. local low complexity linux fedoraproject debian CWE-863	5.5
2021-05-06	CVE-2021-3507	A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). local low complexity qemu debian redhat	6.1
2021-05-05	CVE-2021-20254	A flaw was found in samba. network high complexity samba fedoraproject redhat debian	6.8
2021-04-30	CVE-2021-21229	Origin Validation Error vulnerability in multiple products Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. network low complexity google debian fedoraproject CWE-346	6.5
2021-04-30	CVE-2021-21228	Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. network low complexity google debian fedoraproject CWE-863	4.3
2021-04-29	CVE-2021-21417	Use After Free vulnerability in multiple products fluidsynth is a software synthesizer based on the SoundFont 2 specifications. local low complexity fluidsynth debian CWE-416	5.5
2021-04-29	CVE-2021-25214	Reachable Assertion vulnerability in multiple products In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed. network low complexity isc debian fedoraproject siemens netapp CWE-617	6.5
2021-04-28	CVE-2021-31866	Information Exposure Through Discrepancy vulnerability in multiple products Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController. network low complexity redmine debian CWE-203	5.3
2021-04-28	CVE-2021-31865	Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments. network low complexity redmine debian	5.3
2021-04-28	CVE-2021-31864	Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler. network low complexity redmine debian	5.3