High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-02-09	CVE-2021-21145	Use After Free vulnerability in multiple products Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject CWE-416	8.8
2021-02-09	CVE-2021-21144	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. network low complexity google fedoraproject CWE-787	8.8
2021-02-09	CVE-2021-21143	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. network low complexity google fedoraproject CWE-787	8.8
2021-02-08	CVE-2020-36152	Classic Buffer Overflow vulnerability in multiple products Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA. network low complexity symonics fedoraproject CWE-120	8.8
2021-02-02	CVE-2021-21289	OS Command Injection vulnerability in multiple products Mechanize is an open-source ruby library that makes automated web interaction easy. network high complexity mechanize-project fedoraproject debian CWE-78	8.3
2021-01-29	CVE-2021-3347	Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel through 5.10.11. local low complexity linux debian fedoraproject CWE-416	7.8
2021-01-26	CVE-2021-3156	Off-by-one Error vulnerability in multiple products Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. local low complexity sudo-project fedoraproject debian netapp mcafee synology beyondtrust oracle CWE-193	7.8
2021-01-26	CVE-2021-3115	Uncontrolled Search Path Element vulnerability in multiple products Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download). network high complexity golang fedoraproject netapp CWE-427	7.5
2021-01-20	CVE-2020-25682	A flaw was found in dnsmasq before 2.83. network high complexity thekelleys fedoraproject debian	8.1
2021-01-20	CVE-2020-25681	A flaw was found in dnsmasq before version 2.83. network high complexity thekelleys fedoraproject debian	8.1