High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-04-07	CVE-2021-30184	Classic Buffer Overflow vulnerability in multiple products GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. local low complexity gnu fedoraproject CWE-120	7.8
2021-04-06	CVE-2021-29424	Incorrect Type Conversion or Cast vulnerability in multiple products The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. network low complexity net fedoraproject CWE-704	7.5
2021-04-05	CVE-2021-20305	Out-of-bounds Write vulnerability in multiple products A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. network high complexity nettle-project redhat fedoraproject netapp debian CWE-787	8.1
2021-04-02	CVE-2021-1844	Out-of-bounds Write vulnerability in multiple products A memory corruption issue was addressed with improved validation. network low complexity apple debian fedoraproject CWE-787	8.8
2021-04-02	CVE-2021-1789	Type Confusion vulnerability in multiple products A type confusion issue was addressed with improved state handling. network low complexity apple fedoraproject webkitgtk CWE-843	8.8
2021-04-02	CVE-2021-1788	Use After Free vulnerability in multiple products A use after free issue was addressed with improved memory management. network low complexity apple debian fedoraproject CWE-416	8.8
2021-04-01	CVE-2021-29421	XXE vulnerability in multiple products models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries. network low complexity pikepdf-project fedoraproject CWE-611	7.5
2021-03-29	CVE-2021-23358	Code Injection vulnerability in multiple products The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized. network low complexity underscorejs debian tenable fedoraproject CWE-94	7.2
2021-03-26	CVE-2021-21332	Cross-site Scripting vulnerability in multiple products Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). network low complexity matrix fedoraproject CWE-79	8.2
2021-03-26	CVE-2021-20271	Insufficient Verification of Data Authenticity vulnerability in multiple products A flaw was found in RPM's signature check functionality when reading a package file. local high complexity rpm redhat fedoraproject starwindsoftware CWE-345	7.0