Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-02-05	CVE-2020-36241	Link Following vulnerability in multiple products autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. local low complexity gnome fedoraproject CWE-59	5.5
2021-02-02	CVE-2021-3281	Path Traversal vulnerability in multiple products In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments. network low complexity djangoproject fedoraproject netapp CWE-22	5.3
2021-02-01	CVE-2020-28493	Resource Exhaustion vulnerability in multiple products This affects the package jinja2 from 0.0.0 and before 2.11.3. network low complexity palletsprojects fedoraproject CWE-400	5.3
2021-01-27	CVE-2021-3272	Out-of-bounds Read vulnerability in multiple products jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components. local low complexity jasper-project fedoraproject CWE-125	5.5
2021-01-26	CVE-2021-3308	An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. local low complexity xen fedoraproject	5.5
2021-01-26	CVE-2021-3114	Incorrect Calculation vulnerability in multiple products In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field. network low complexity golang fedoraproject debian netapp CWE-682	6.5
2021-01-20	CVE-2020-25687	Heap-based Buffer Overflow vulnerability in multiple products A flaw was found in dnsmasq before version 2.83. network high complexity thekelleys fedoraproject debian CWE-122	5.9
2021-01-20	CVE-2020-25683	Heap-based Buffer Overflow vulnerability in multiple products A flaw was found in dnsmasq before version 2.83. network high complexity thekelleys fedoraproject debian CWE-122	5.9
2021-01-20	CVE-2021-2022	Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). network high complexity oracle netapp fedoraproject mariadb	4.4
2021-01-20	CVE-2021-2021	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). network low complexity oracle netapp fedoraproject	4.9