Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-02-26	CVE-2021-23968	Information Exposure Through an Error Message vulnerability in multiple products If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. network low complexity mozilla debian CWE-209	4.3
2021-02-23	CVE-2021-3407	A flaw was found in mupdf 1.18.0. local low complexity artifex fedoraproject debian	5.5
2021-02-23	CVE-2021-3405	A flaw was found in libebml before 1.4.2. network low complexity matroska fedoraproject debian	6.5
2021-02-17	CVE-2021-26933	An issue was discovered in Xen 4.9 through 4.14.x. local low complexity xen fedoraproject debian	5.5
2021-02-17	CVE-2021-26932	An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. local low complexity linux fedoraproject debian netapp	5.5
2021-02-17	CVE-2021-26931	Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. local low complexity linux fedoraproject debian CWE-770	5.5
2021-02-16	CVE-2021-23841	NULL Pointer Dereference vulnerability in multiple products The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. network high complexity openssl debian tenable apple netapp oracle siemens CWE-476	5.9
2021-02-15	CVE-2021-23336	HTTP Request Smuggling vulnerability in multiple products The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. network high complexity python fedoraproject debian netapp djangoproject oracle CWE-444	5.9
2021-02-15	CVE-2020-7071	Improper Input Validation vulnerability in multiple products In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. network low complexity php debian netapp CWE-20	5.3
2021-02-14	CVE-2021-26929	Cross-site Scripting vulnerability in multiple products An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). network low complexity horde debian CWE-79	6.1