Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-03-23	CVE-2021-3409	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. local low complexity qemu redhat fedoraproject debian CWE-119	5.7
2021-03-22	CVE-2021-28971	Improper Handling of Exceptional Conditions vulnerability in multiple products In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. local low complexity linux fedoraproject debian netapp CWE-755	5.5
2021-03-22	CVE-2021-28964	Race Condition vulnerability in multiple products A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. local high complexity linux fedoraproject debian netapp CWE-362	4.7
2021-03-22	CVE-2021-28963	Injection vulnerability in multiple products Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters. network low complexity shibboleth debian CWE-74	5.3
2021-03-21	CVE-2021-28957	Cross-site Scripting vulnerability in multiple products An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. network low complexity lxml debian fedoraproject netapp oracle CWE-79	6.1
2021-03-20	CVE-2020-27171	Off-by-one Error vulnerability in multiple products An issue was discovered in the Linux kernel before 5.11.8. local low complexity linux fedoraproject debian canonical CWE-193	6.0
2021-03-20	CVE-2020-27170	Information Exposure Through Discrepancy vulnerability in multiple products An issue was discovered in the Linux kernel before 5.11.8. local high complexity linux fedoraproject canonical debian CWE-203	4.7
2021-03-20	CVE-2021-28950	Excessive Iteration vulnerability in multiple products An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. local low complexity linux fedoraproject debian CWE-834	5.5
2021-03-18	CVE-2021-3416	A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. local low complexity qemu fedoraproject redhat debian	6.0
2021-03-12	CVE-2021-21366	xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. network low complexity xmldom-project debian	4.3