Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-05-10	CVE-2020-13529	Authentication Bypass by Spoofing vulnerability in multiple products An exploitable denial-of-service vulnerability exists in Systemd 245. high complexity systemd-project fedoraproject netapp CWE-290	6.1
2021-05-10	CVE-2021-32056	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall. network low complexity cyrus fedoraproject CWE-732	4.3
2021-05-07	CVE-2021-21419	Eventlet is a concurrent networking library for Python. network low complexity eventlet fedoraproject	5.3
2021-05-06	CVE-2021-31829	Incorrect Authorization vulnerability in multiple products kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. local low complexity linux fedoraproject debian CWE-863	5.5
2021-05-06	CVE-2021-32052	Cross-site Scripting vulnerability in multiple products In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). network low complexity djangoproject fedoraproject CWE-79	6.1
2021-05-06	CVE-2021-32062	Path Traversal vulnerability in multiple products MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI). network low complexity osgeo fedoraproject CWE-22	5.3
2021-05-05	CVE-2021-20254	A flaw was found in samba. network high complexity samba fedoraproject redhat debian	6.8
2021-04-30	CVE-2021-21229	Origin Validation Error vulnerability in multiple products Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. network low complexity google debian fedoraproject CWE-346	6.5
2021-04-30	CVE-2021-21228	Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. network low complexity google debian fedoraproject CWE-863	4.3
2021-04-30	CVE-2021-29463	Out-of-bounds Read vulnerability in multiple products Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. local low complexity exiv2 fedoraproject CWE-125	5.5