Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-10	CVE-2019-17567	HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured. network low complexity apache fedoraproject oracle CWE-444	5.3
2021-06-10	CVE-2021-30641	Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' network low complexity apache debian fedoraproject oracle	5.3
2021-06-09	CVE-2021-0086	Information Exposure Through Discrepancy vulnerability in multiple products Observable response discrepancy in floating-point operations for some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. local low complexity intel fedoraproject CWE-203	6.5
2021-06-09	CVE-2021-0089	Information Exposure Through Discrepancy vulnerability in multiple products Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. local low complexity debian fedoraproject intel CWE-203	6.5
2021-06-09	CVE-2021-26314	Information Exposure Through Discrepancy vulnerability in multiple products Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage. local low complexity xen arm broadcom intel fedoraproject CWE-203	5.5
2021-06-09	CVE-2021-33829	Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled. network low complexity ckeditor fedoraproject drupal debian CWE-79	6.1
2021-06-08	CVE-2021-31957	ASP.NET Core Denial of Service Vulnerability network high complexity microsoft fedoraproject	5.9
2021-06-08	CVE-2021-31807	Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. network low complexity squid-cache fedoraproject netapp CWE-190	6.5
2021-06-08	CVE-2021-33203	Path Traversal vulnerability in multiple products Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. network low complexity djangoproject fedoraproject CWE-22	4.9
2021-06-08	CVE-2021-23215	Resource Exhaustion vulnerability in multiple products An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. local low complexity openexr fedoraproject debian CWE-400	5.5